Hi all :)
I’ve got a media server set up running Navidrome, Calibre-Web, and Immich along with some other services, and want to get access to them from outside the house now. I’ve read that Caddy is good for securing things by making it easier to set up encryption, but I’m not sure I understand that side of things.
I’ve set up a Cloudflare tunnel for a Minecraft server, and I’ve got Tailscale installed but not set up with an exit server yet, but understand that Caddy would be better. I ideally want to set up apps on my wife’s phone so that she can access the libraries too.
Is it just a case of installing Caddy and setting up the services I want to share through it? That seems too easy, like I’ve missed something.
If it makes any difference, I’ve got a standard UK ISP router with a few ports forwarded, and I’m going to add an access point and then a LevelOne GEP-5070 managed switch to learn about things like VLANs. The link to the switch is here:
https://mayflex.com/shop/product/GEP-5070
I feel like I’m missing something, but can’t think what, so I’d be grateful for any help :)
You must log in or register to comment.
Tailscale and Tailscale SSH (cli) and Sunshine and Moonlight (gui).
Caddy supports mTLS so if your client apps support it you could put everything behind client certs (assuming your services support it)
You also could use plain Wireguard since it might be simpler if you have the option to open up the firewall. I personally use netbird since I’m behind CG nat
I would also deploy IPv6 since it will help a lot of performance on carrier grade Nat networks like mobile data.
pangolin is cool
Totally unnecessarily complicated though. Just setup Wireguard, Caddy and some routing.
Pangolin is cool. Combines a lot of things you’d normally have to piece together. However, OP already has a secure, operating server. I’m just not sure where OP came to the conclusion to toss in Caddy into an already viable system.
You’ve got Cloudflare tunnels/Zero Trust and Tailscale. You’ve got it wrapped up. Honest Question: What makes you think Caddy would be better? I think adding Caddy would be adding more complexity to a system that is already got everything it needs to operate correctly. I’m not even sure what Caddy would bring to the table in this scenario.
I use Tailscale. It’s much simpler. Just install it on the host and client devices and everything is securely connected.
You may also be interested in Calibre Web Automated (which is similar but with more features)
Tailscale meets your needs even without an exit node configured.
you already have a cloud flare tunnel, so you can add a new entry for a domain and point it to another service. cloud flare handles the encryption. for docker, I have my reverse proxy on port 80 doing the routing and the docker route is http://localhost/
