I have Plex, Radarr, Sonarr, Overseerr etc running in Docker containers, but have never found a good guide on how to access these (safely) from outside. I resort to connecting to a server running VNC. I’ve tried nginx but didn’t understand it, also tried Cloudflare (ditto). Is there a good, easy to understand guide on how to do this?
The safest (but not as convenient) way is to run a VPN, so that the services are only exposed to the VPN interface and not the whole world.
In pfsense I specify which services my OpenVPN connections can access (just an internal facing NGINX for the most part) and then I can just go to jellyfin.homelab, etc when connected.
Not as smooth as just having NGINX outward facing, but gives me piece of mind knowing my network is locked down
You’ve been given a the usual variety of suggestions, but I suggest also gaining an understanding of networking principles, including RFC 1918 addressing and NAT.
Look at Tailscale docker mod. Adds tailscale inside each arr container and treats them each like a tailscale machine, so on app level you can choose if you expose only in your tailnet or expose to internet.
First time I’m hearing of this. Thanks for the heads up.
https://tailscale.dev/blog/docker-mod-tailscale
Up until now I’ve been using Traefik and a pihole with Local DNS records so I can remotely access my services when connected to Tailscale. It’d be nice to be able to point to http://jellyfin rather than http://jellyfin.server.home, for example
Use cloudflare tunnels. I can access all my localhosts from outside with just one main domain (they are each attached to subdomain of the main domain).
I would look into Tailscale. This would probably be the easiest to setup.
This!
Look at Tailscale docker mod. Adds tailscale inside each arr container and treats them each like a tailscale machine, so on app level you can choose if you expose only in your tailnet or expose to internet.
Thanks for all the suggestions - I think Tailscale is the way to go, it didn’t take me long to set up and there is a client for all my devices.
If you are already messaging around with Dockers, check out NGINX Proxy Manager. It simples the NGINX stuff and gives you a nice interface. So if your make that docker with 8080 and 8443 exposed, in your router port forward 80 to 8080 and 443 to 8443. Then when you go to ramble.chat or plex.ramble.chat it will point to the proper service.
point plex.ramble.chat (cname) to ramble.chat in your registrar. Point ramble.chat (A record) to your public ip (dyndns if you don’t have a static)
In NGINX you make a host, plex.ramble.chat and point that to where it lives in your network 10.0.10.5 port 32400 for example.
On the ssl tab, request new cert for plex.ramble.chat with let’s encrypt.
Check all the boxes. Now when you go to https://Plex.ramble.chat it will take you to your Plex instance! I would do the same with overseer but not the *arrs. I do req.ramble.chat
Personally I use wireguard. A bit more involved to set up but slimmer IMO. When I put the app on my Android I barely noticed a battery hit with my always on VPN but I can hit my network anywhere from my phone.
Hope this helps!
Look at Tailscale docker mod. Adds tailscale inside each arr container and treats them each like a tailscale machine, so on app level you can choose if you expose only in your tailnet or expose to internet.
