No more Cloudflare Tunnels for me...
Рет қаралды 38,699
Күн бұрынTry American Cloud ($10 w/ my link) - app.americancloud.com/registe...
Tailscale - link.rdwl.me/tlscl
Nginx Proxy Manager - link.rdwl.me/ngnxpm
-------------------------------------------------------------------------------------------
🛒 Amazon Shop - www.amazon.com/shop/raidowl
👕 Merch - www.raidowlstore.com
🔥 Check out today's best deals from Newegg: howl.me/clshD8fv8xj
-------------------------------------------------------------------------------------------
Join the Discord: / discord
Become a Channel Member!
/ @raidowl
Support the channel on:
Patreon - / raidowl
Discord - bit.ly/3J53xYs
Paypal - bit.ly/3Fcrs5V
My Hardware:
Intel 13900k - amzn.to/3Z6CGSY
Samsung 980 2TB - amzn.to/3myEa85
Logitech G513 - amzn.to/3sPS6yv
Logitech G703 - shop-links.co/cgVV8GQizYq
WD Ultrastar 12TB - amzn.to/3EvOPXc
My Studio Equipment:
Sony FX3 - shop-links.co/cgVV8HHF3mX / amzn.to/3qq4Jxl
Sony 24mm 1.4 GM -
Tascam DR-40x Audio Recorder - shop-links.co/cgVV8G3Xt0e
Rode NTG4+ Mic - amzn.to/3JuElLs
Atmos NinjaV - amzn.to/3Hi0ue1
Godox SL150 Light - amzn.to/3Es0Qg3
links.hostowl.net/
0:00 Intro
0:43 Why we need a network tunnel
1:44 Setting up our remote device
7:32 Setting up our local device
10:31 Conclusion
@pieterrossouw8596 4 ай бұрын
Tailscale is such a killer solution. We have the enterprise license for work and it eliminated so many time consuming tasks. At home it's running on my Apple TV acting as a subnet router - probably the most set-and-forget and low power solution out there.
@dominick253 4 ай бұрын
I just have a pigeon carry a usb stick to the server. A bit of a hassle to setup but at least I don't have to deal with cg nat!
@RaidOwl 4 ай бұрын
This is the optimal way
@benji_games_ 4 ай бұрын
Jeff Geerling would agree
@kwith 4 ай бұрын
Oh your latency must suck! Also, error correction would be a royal pain in the ass too huh?
@Henry-sv3wv 3 ай бұрын
@@kwithAnd there are Hawks out there that try to DoS you!
@hellareyouwell 2 ай бұрын
Yes that is what ghostdog does 🎉
@eliasalcazar6554 21 күн бұрын
THANK YOU for this. I setup Cloud Flare tunnels before realizing their limits on media types. Very easy to follow, and plus you gave me an excuse to spin up a Linode VPS and play around with it!
@NightHawkATL 4 ай бұрын
Great video! This is something that I want to look into for work so it is good timing.
@RichardSpragueSpike 4 ай бұрын
For my jellyfin server I set up a ssh tunnel to an Oracle Cloud instance via a cobbled-together autossh docker service. I'm pretty proud of it, and I learned how to make docker containers in the process. This setup looks a lot cleaner though.
@NetBandit70 4 ай бұрын
Shhh. Don't talk about OCI always free tier. He has $43/mo VPS sponsors.
@darthkielbasa 4 ай бұрын
@@NetBandit70only our savior owl reads the comments.
@marlo-ji 4 ай бұрын
@@NetBandit70OCI is $hit. My instances were destroyed 3 times without any reason.
@ravi2048 4 ай бұрын
I use RatHole on one of my OCI instance
@RaidOwl 4 ай бұрын
Lol idgaf what you use but they give me credits so I use them
@darthkielbasa 4 ай бұрын
Been using tailscale within my lab for a bit over a year. Solid bit of kit.
@RaidOwl 4 ай бұрын
Big tru
@shephusted2714 4 ай бұрын
this was a good evolution - rproxy over wireguard to nginx from apache works well - fairly basic after you wrap your brain around it
@myhomemogapi4128 Ай бұрын
thank you. this is so helpful, so great
@dunkinDoge 28 күн бұрын
Just a dumb question since I really can't seem to understand anything when talking about networks / protocols etc what if I already have a static ip? i want to use Cloudflare as a DNS to use a domain name, but then point to my home network that has a static IP, but want to be sure i have encription should i spun up Tailscale as well from one container to others or what? i tried many times reading and trying to understand but i keep faiing to get any grasp
@user-qu6yk5he9o 2 ай бұрын
Thank you so much for this
@TommasoMinuto 3 ай бұрын
hey , I religiously followed this setup but when I try to reach the service on my server behind cg nat I get a 502 bad gateway. any idea what I could have possibly messed up?
Ай бұрын
What are you saying at the end to be careful about regarding network of the cloud provider? Which kind of fees? Thanks!
@Morpheus2515 14 күн бұрын
Great video :) . But can you please explain to me whats the difference with Cloudflared and Tailscale is? Cloudflared you can just install in docker and then you can publish all your internal service from one place via Cloudfare. Wont Cloudflared work behind CGNAT? I know that you have file upload limits with 100MB pr. file if you use cloudflare proxy to your WAN IP. As I understand correctly you still use Cloudflare as DNS and from there to the vps. Still you will have the file upload limits right since you have your DNS via Cloudflare? Keep posting your great videos :)
@J0ermungand 4 ай бұрын
I've gotten around a shared external IPv4 by using the IPv6 that was unique and then do a NAT from the ipv4 of my external server to the ipv6 of my home system.
@cryodrakon 4 ай бұрын
Depending on the use case, both Cloudflare tunnel and tailscale are viable options. Cloudflare is nice for simple sites like overseer or home assistant, but I would definitely use tailscale for services like jellyfin and Plex!
@michaelbouckley4455 4 ай бұрын
Yes Tailscale funnel works behind CGNAT; but for free, the ports are limited: 443 & 10000
@ohehmgeh Ай бұрын
is it still working for you with tailscale version 1.66.0? Since updating i cant reach my pages anymore but pinging my servers is working normally. **okay i see they added "--stateful-filtering=false" and using this on my VPS fixed my problem
@ohehmgeh 4 ай бұрын
Get Out of my head! I had the same plan to build this on my Weekend 😂
@darthkielbasa 4 ай бұрын
Every time I hear the tic tac commercial I think about my wife thinking about me
@alel1531 3 ай бұрын
HI. I thought this was also to overcome the upload limit, but instead the request body size limit applies to requests that go through the Cloudflare proxy/CDN, regardless of whether the client is connected to Zero Trust. So in Upload even by applying this beautiful configuration of yours, unfortunately it remains at 100MB.
@mspencerl87 4 ай бұрын
This is exactly what I've been doing for 3 years but using zero tier works great I have Zerotier installed on my router and it acts as a bridge so I don't have to install the client on any of my home devices. Only my router.
@JamesT65 4 ай бұрын
Same here nothing compares
@IvanNedostal 4 ай бұрын
for years i was abusing torrent trackers as a "stun server" for home vpn until zerotier.
@DavidErato 4 ай бұрын
If you put it at a friend’s house, would your media have to pass through their home to serve, and thus be limited by their upstream bandwidth? I have decent upstream but have cgnat. My parents do not, but have a public ip.
@RaidOwl 4 ай бұрын
Yeah you’ll be limited by their bandwidth
@4megii 4 ай бұрын
If I am correct, this can be done without cloudflare? As long as your domain name provider has their own DNS? Or is cloudflare an integral part of this?
@RaidOwl 4 ай бұрын
You can do it without Cloudflare dns. I just like their free proxy.
@ytdlgandalf 4 ай бұрын
Lol those vps prices are insane nowadays. You can get dedicated servers with raid 1 for that money wtf.
@Zedris 4 ай бұрын
Im a bit confused was the issue with cloudflare tunnels the limitations on video streaming or privacy because right now with this arent you just trusting a different company like american cloud access to your tailscale vpn that comes directly in to your home? You are basically just trusting american cloud instead of cloudflare and by that logic alot more as cloudflare can see only whats being shared on that tunnel?
@RaidOwl 4 ай бұрын
You’re gonna have to trust somebody at some point if you’re publicly exposing stuff
@ear10 4 ай бұрын
I like the zero trust access controls, they are super convenient. Alternatively just use Tailscale alone with advertised routes and as an exit node if you don’t have public facing services and you don’t need Cloudflare at all
@mohamedatef8424 4 ай бұрын
Nice, Video if i using firewall can i route traffic from it?
@RaidOwl 4 ай бұрын
Depends on what you wanna do 🤷🏻♂️
@lifefromscratch2818 4 ай бұрын
Very applicable for me.
@Glatze603 4 ай бұрын
Using netbird instead of tailscale because it is completely open source and it can completely be self hosted. I'm still thinking about how I can make it so that the Nginx Proxy Manager web interface (port 81) can only be accessed via the private tunnel and not via the Internet. Shouldn't really be a problem. This would mean that it would no longer be a tragedy that Nginx does not support MFA.
@3xpired3lements 4 ай бұрын
Pro tip: Just don't use nginx proxymanager if you care about security. They don't have security policies and there have been really bad cases in the past where critical vulnerabilities have just been ignored. It's basically a one man org, which isn't necessarily bad, but there is also no one reviewing the PRs and the maintainer commits directly. Don't get fooled by the huge amount of stars, they don't mean anything.
@Jimmy_Jones 4 ай бұрын
Yeah. Exposing NPM makes me dubious of the setup
@user-xd7zk1pw5y 6 күн бұрын
American cloud i also expensive, and why didn't you have NPM local with tailscale installed, instead of public
@angeloerasto 4 ай бұрын
I did try this a few weeks ago. Transfer speeds are not great as compared to cloudflare tunnels behind cgnat
@RaidOwl 4 ай бұрын
Shucks. Were you using a VPS? Maybe their speeds aren’t good.
@GrishTech 4 ай бұрын
Make sure your tailscale is able to negotiate a direct connection without going through a relay.
@seetcas 4 ай бұрын
@@GrishTechhow to do that
@itsmeenebula 4 ай бұрын
@@GrishTech it can’t behind cgnat
@angeloerasto 4 ай бұрын
ill try this thanks@@GrishTech
@thespencerowen 4 ай бұрын
This is the way.
@TechNerden 4 ай бұрын
Didnt quite catch why this over Cloudflare tunnels? CF tunnel have functions like Geoblocking, WAF, SSO, etc. Does Tailscale? Or why this instead of Wireguard tunnel?
@RaidOwl 4 ай бұрын
Tailscale is just a nice interface and uses Wireguard anyway plus I can just connect my personal machines to everything with the Tailscale client. Cloudflare tunnels are still great but with this you don’t have to worry about bandwidth limits (if you aren’t proxying via CF DNS).
@TechNerden 4 ай бұрын
@@RaidOwl Yeah I agree on this. Its something else than what everyone uses, nice to try something "new"! :)
@seetcas 4 ай бұрын
Why did you choose proxied for dns cloudflare ?
@RaidOwl 4 ай бұрын
Just safer and easier when everything comes in on 443. You can turn it off if you’re doing something that isn’t http/https traffic
@SirHackaL0t. 4 ай бұрын
Gotta love that old CGNAT. If we knew what it stood for. Cheers
@RaidOwl 4 ай бұрын
Cool Guys Never Act Tough
@Jimmy_Jones 4 ай бұрын
Can't Get Network Access. Thanks
@iblackfeathers 4 ай бұрын
the hardware limitations of the raspberry pi zero restrict the speeds of the service but i thought the goal of this was to do one better than cloudflare tunnels by having no imposed limitations on bandwidth? i guess it is implied one can use faster hardware with the same setup?
@RaidOwl 4 ай бұрын
Yeah I did show what the speeds looked like hosting on small LXC container on my server, much faster. The raspberry pi was basically like "hey look you can run tailscale on anything".
@yellowboat8773 4 ай бұрын
I'm not on CG Nat but my ISP blocks.port 80 and 443 meaning I cannot do the DNS challenge for reverse proxy. What are my options?
@codys1108 4 ай бұрын
If you can't expose 80 and 443, then you literally have to use a tunnel. Whether it's Tailscale or Cloud flare, that's up to you.
@rahulkakkarscience 2 ай бұрын
i'm getting this error: too many redirects. And the page is not opening. Can anyone help'?
@rahilarious 4 ай бұрын
nah. Why give third party all possible access to you traffic? Just use raw wireguard.
@andreassa 4 ай бұрын
No headscale?
@RaidOwl 4 ай бұрын
Not today
@Just5KY 4 ай бұрын
Just use rathole, much faster and won't need tailscale
@FUSSSEL 4 ай бұрын
Rathole is only a reverse proxy like npm and can not connect a subnet via VPN like tailscale the hole point of the video is to bypass a cgnat
@munroegarrett 4 ай бұрын
What about security concerns relating to Nginx Proxy Manager?
@RaidOwl 4 ай бұрын
There are security concerns anytime you open services to the outside world. Do you have a specific concern in mind?
@munroegarrett 4 ай бұрын
There have been multiple CVEs and my understanding is that it took a considerable amount of time (> 1 year) to address them.
4 ай бұрын
Was that not on the management page? I hope you do not open that to the internet.
@RaidOwl 4 ай бұрын
nah its closed@
@Darkk6969 4 ай бұрын
@@munroegarrett I've read the same thing so I am using HAProxy in pfsense instead. Also can use tailscale in pfsense. I am not bashing the devs of Nginx Proxy Manager as they have a very small number of maintainers and not alot of time to fix the issues.
@RogerioPereiradaSilva77 4 ай бұрын
Can't this be done by simply using SSH reverse tunneling instead of Tailscale?
@RaidOwl 4 ай бұрын
Maybe 🤷🏻♂️ try it and let me know
@bugdozer314 4 ай бұрын
SSH would be a tcp tunnel, which isn't all that great in many situations. Also SSH is a user process, rather than a kernel process, so higher in the stack and maybe competing with other resources more. I've done both, SSH has it's place as temporary or roving needs may dictate (i.e. permit some non-business vendor entity a specific type of access), but you'd really prefer something that's "bolted on" lower in the kernel stack for infrastructure needs. You'll also need to build/write something to keep SSH running, and explore the timeout and keepalive options to get something that's more reliable and recoverable. It's doable, but you'd probably like something else better.
@patrickhult 2 күн бұрын
Do a video with Headscale on a secure vps
@ThatHz- 4 ай бұрын
Why add a VPS and all this complication vs just using Tailscale alone?
@RaidOwl 4 ай бұрын
I mean…you need somewhere to host the Tailscale client
@JamesTenniswood 4 ай бұрын
@@RaidOwljust use their Tailscale Funnel feature
@rowler952 4 ай бұрын
You could also host a wireguard VPN or OpenVPN for more restrictive networks.
@madness1931 4 ай бұрын
This way you're still opening things up to the internet, like with the normal reverse proxy, but you'll be hiding your IP from your DNS records. Adding a layer of privacy. With just Tailscale, you'd need to setup Tailscale on the server, and each client. It would be more secure, but not feasible for every use case. For me, this method fits my needs perfectly… can't believe I didn't already consider it.
@rowler952 4 ай бұрын
Wireguard is secure enough to be exposed on the VPS
@chuckowens2010 4 ай бұрын
You know you are alright and informative. I gave you a like you are welcome
@user-yu8qc9gn8e 14 күн бұрын
But you need a static ip
@keywal 4 ай бұрын
No need for any of this port or monthly cost stuff. Either host the DNS server yourself or add the ip from tailscale to cloudflare for your services. (The IP should be the VM or LXC you have both Tailscale and NPM/Traefik installed on.) Only devices approved on your tailnet can access the services. Nothings 'exposed' and even publicly posting your IP makes no difference as no one can access it unless i approve your device beforehand. :)
@RaidOwl 4 ай бұрын
So if you host a Wordpress site you are gonna approve every single public device that wants access?
@keywal 4 ай бұрын
Well it’s very unlikely that you’d use Tailscale or a tiny vps for anything that’s to be publicly accessible but you could try with split dns. If I want a family member to be able to access something I have running in my homelab I will invite them to Tailscale and use the ACL to give their device access to that one resource. If they try on another machine it will ask me for approval. Hosting the DNS yourself allows more magic to happen so much so that my family hasn’t even realised how much goes on in the background. They don’t even need Tailscale installed or connected once inside our LAN and if outside they connect to Tailscale and everything continues to work. 😊
@kurt_hansen 2 ай бұрын
But you have trust your externel server security where the tailscale client is running, keep the system up to date, install security fixes, upgrade to the next lts release, if there is one. Hardining the System, so that no hackers or other can enter the server. If so, your local services or local network in you homelab are open to the world, isn't it? And exposing NPM Admin Interface to the public is very critical. So, nice tutorial, but i trust more in cloudflare applications with access restriction in combination with tunnels....
@Bill_the_Red_Lichtie 4 ай бұрын
Hey Brett (small squeaky voice/head), if you are already using a VPS, why don't you run your own HeadScale server on it? Then you don't even need a TailScale account.
@RaidOwl 4 ай бұрын
Howdy! Yeah you can def do that! There are plenty of ways to go about this but I’ve always had good experiences with tailscale
@Bill_the_Red_Lichtie 4 ай бұрын
@@RaidOwlTotally, but I think that your little "Hey Brett" interludes are always fun 🙂 And you left one here for the taking ;-)
@daillengineer 4 ай бұрын
Why all of this when you can just use Tailscale ?
@RaidOwl 4 ай бұрын
You gonna have every person in the world install tailscale if you want to host a website?
@ardenswirl7361 4 ай бұрын
What about tailscale funnel ? I know it has limitations still you can use it right ? any other cheaper solutions like I got the over all I got the over all I idea have been using it for months. Cant afford static ip which is 3$ a month My isp provides Needs to open ort for plex and torrenting cant on my static ip even if i am able to afford as it would be illegal need some otherway around like a cheap vps dmca ignored to do what you did or any other ideas ? Dont say seedbox.@@RaidOwl
@ExodusX13 4 ай бұрын
@@RaidOwl Most people wouldn't host a public website from a home server.
@user-ct7wu1zv9e 4 ай бұрын
you haven't try Hetzner. Price...
@ardenswirl7361 4 ай бұрын
Hetzner is not really useful for plex in this case as they are banning pledx server hosted on their ip, so mainly this is for huge traffic for file serve or a media server Hetzner kind of defeats the purpose lowand box vps seems way to go
Raid Owl
Рет қаралды 353 М.
Jim's Garage
Рет қаралды 42 М.
Lawrence Systems
Рет қаралды 179 М.
Tailscale
Рет қаралды 38 М.