What do you guys use to expose private IP addresses to the web? I was using the npm proxy manager with Cloudflare CDN. However, it stopped working after I changed my router (I keep getting error 521). Looking for an alternative to Cloudflare cdn so I can access my media server/self-hosted services away from LAN.
(Tailscale doesn’t work for me at all)
This is what I want to achieve: https://youtu.be/c6Y6M8CdcQ0?feature=shared
I literally followed this tutorial to make it work the first time.
Wireguard.
Unless you actually have a need for the public to access the services then you shouldn’t be exposing them. If it’s just you and a few household members that need access then you should be using ddns and wireguard, or similar.
My phone auto connects with wireguard as soon as I leave my home ssid, so I never lose access to my services.
My phone auto connects with wireguard as soon as I leave my home ssid, so I never lose access to my services.
How do you do that? Tasker?
I’m on iOS and do the same thing.
The WireGuard app has a setting to “connect on demand”. It’s in the individual connections/configurations.
You can then set either included or excluded SSIDs. There’s also an option to always connect when you’re on mobile/cellular data.
I imagine the Android app is similar.
Can I ask why tailscale doesn’t work?
I have a headscale instance running in oracle’s free tier and can get to everything else through that.
I have tried to connect to Tailscale multiple times; it goes smoothly through all steps, but the IP addresses it gives you don’t work for me: This site can’t be reached
I was mainly interested in headscale but that didn’t work either; I even tried their docker.yml
For services that I want exposed, I use traefik reverse proxy (jellyfin etc).
For things that warrant an extra layer of security I use wireguard and then also traefik reverse proxy with HTTPS but it’s only accessible locally (vault warden).
Thanks everyone for your help.
I have fixed it by not using the npm proxy manager and only Cloudflare tunnels.
This video helped me
The only issue this method has is the upload limit of 100mb
I’m using services such as:
- Immich
- Nextcloud
- Jellyfin
- Valutwarden
Are you testing that the ports are open with your phone on a cellular network and not WiFi within the same network? Your router may be doing a loop back NAT which “forwards” the ports internally but isn’t necessarily forwarding the ports externally.
Did you change ISPs at all? I think I read that the router was new—is it a router/modem combo? If the ISP has changed it’s possible the new one doesn’t allow traffic on those ports, which is the case for my ISP. No amount of forwarding rules will change that.
If you have a separate modem/gateway and router it’s possible there are firewall rules on the device closer to the WAN in which case you may need to ask your ISP if they can put the modem in “pass through mode” in order to allow the traffic. That’s probably not the technical term for it—I think behind the scenes they either just disable the firewall or put the router address into DMZ, but that description has worked with me in the past with L1 support for them to know what I’m trying to accomplish.
tunnelbroker.net since I don’t have static IPv6 currently. Otherwise, that.
I see you’ve found a solution.
For others who come across this, Tailscale with the Funnel option enabled is another approach.
Funnel enables non-Tailscale clients access to specified clients resources. So people don’t need the Tailscale client installed to access say, a web server in your Tailscale network.
Create an aws account (new if already have) to use it’s 12 months free tier, setup OpenVPN Access Server (tbh easy process), go to admin panel and enable dmz. Connect to the server from your local machine with an openvpn client. It can be used to open as many ports as you want.
