I spent all day today trying to get the routing to work correctly between Tailscale, Nginx and Adguard.

Basically I wanted to be able to be able to use **http://immich.network ** to route to 192.168.1.2:9000

I wanted to share the steps I took so people don’t have to go through what I did.

First a few things Local Server IP: 192.168.1.2

  1. I installed Ngnix and Adguard, in a Docker Containers, and gave Adguard IPs 3000, 3001 instead of 80 and 443 because Ngnix took it.
  2. I went to my router and made it use the DNS: 192.168.1.2
  3. I configured Proxy Host in Ngnix … immich.network => 192.168.1.2:9000
  4. I configured DNS rewrite in Adguard … *.network => 192.168.1.2

At this point I was able to use http://immich.network finally. I installed Tailscale to be able to access when I’m outside but http://immich.network didn’t work.

These helped me https://tailscale.com/kb/1019/subnets + https://tailscale.com/kb/1054/dns?q=global+nameserver

  1. I created a subnet… tailscale up --advertise-routes=192.168.1.0/24
  2. I approved it on Tailscale login

At this point I was able to access home server using its local IP 192.168.1.2 but I couldn’t get http://immich.network to work.

  1. I created a nameserver dns with split DNS but I used my local ip… 192.168.1.2 => network

Finally everything is working… I have a feeling that I’m doing it wrong but I’m too tired and it’s finally working.

  • N0x0n@lemmy.mlEnglish
    0·
    3 months ago

    Congrats !!!

    Only one day? Lucky you ! It took me a whole week to get it to work with self-signed ssl certificate behind Traefik + docker + Adguardhome.

    Adguard home rewrites and the correct certificate configuration solved most of my isues (android can be picky with self-signed root certificates). But I learned ALOT through the whole week, so I didn’t waste my time :).

    I hope you too learned alot :) but if I may, I would switch from AdguardHome to Pi-hole.

    I know… AdguardHomes functionalities and UI are awesome and overpass Pi-Holes’ but since I saw they add some strange trackers and very sketchy DNS request in their AdguardVPN android application, I don’t trust them anymore !

    • lemmyreader@lemmy.mlEnglish
      0·
      3 months ago

      I hope you too learned alot :) but if I may, I would switch from AdguardHome to Pi-hole.

      +1

      • pi-hole rocks! :)
      • N0x0n@lemmy.mlEnglish
        0·
        3 months ago

        It does !! I really like it and was easy peasy to make the switch. But I have to admit, AdguardHome’s UI and DNS logs are way more detailed and I’m missing a few features I used with AGH. But nothing to critical that makes pi-hole unusable in my workflow !

        But yeah, they do not have the same budget… That’s a good tradeoff i’m willing to take for my privacy :).

        And one day, when I get a job I will surely donate to them.

    • Mir@programming.devOPEnglish
      0·
      3 months ago

      I just finished the SSL today, but have you gotten Syncthing GUI to work though? I can’t seem to get it to work with the domain for some reason.

      • N0x0n@lemmy.mlEnglish
        0·
        3 months ago

        Hummm, I have a syncthing instance in a docker compose, so yeah I can access it through my ssl domain (https://syncthing.home.lab) but traefik takes care of everything.

        Now if it’s on your local machine you’re trying to use your SSL certificate I don’t know, I always access it through the local ip (127.0.0.1:8384).

        If I had to guess or give it a try, I would point the IP to my dns through my host file on my machine. But that’s just a wild guess :/

        I think syncthing has a good documentation about it :)