Selfhosted

41376 readers

844 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

[email protected]

Secure Way to Expose Docker Containers to the Internet? (lemmy.one)

submitted 6 days ago by [email protected] to c/[email protected]

43 comments fedilink hide all child comments

I've been researching different ways to expose Docker containers to the internet. I have three services I want to expose: Jellyfin, Omnivore (Read-it-later app), and Overseerr.

I've come across lots of suggestions, like using Nginx with Cloudflared, but some people mention that streaming media goes against Cloudflared tunnel TOS, and instead recommend Tailscale, or Traefik, or setting up a WireGuard VPN, or using Nginx with a WireGuard VPN.

The amount of conflicting advice has left me confused. So, what would be the best approach to securely expose these containers?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 9 points 6 days ago (1 children)

My preference is just Cloudflare with or without nginx. Not sure if you're using a hypervisor or not but it makes things exceedingly easy and I feel plenty safe enough inside of a Cloudflare tunnel. I stream a lot of data from Jellyfin. All day long, several streams to several people for over a year now with no problems. Last I knew, Cloudflare removed the language about video streaming from their TOS. Not sure if that's changed but functionality on my end hasn't.

I am using Unraid but I've installed the Cloudflare tunnel in docker containers and TrueNAS without many issues. Takes a bit of copying/pasting to get set up but it's not terrible and everything is very responsive to make sure you're doing things correctly.

[–] [email protected] 1 points 5 days ago

+1 for cloudflare. But I don’t use their tunnel products, I just expose my ports to only their known IPs. With cloudflare you have a nice “free” waf in front with tls that points to a secure(nginx proxy) or unsecured docker container. Audiobookshelf is a great example. Is best to use their dns product too, for easy management of your public facing sites.