I am running a Proxmox node with a VM running a couple of Podman rootless containers, one of which is Jellyfin. I have also installed Traefik on a separate LXC unprivileged container. I have installed Tailscale on both the VM and the LXC.
What I want now is to create a reverse proxy so that I create subdomains pointing to my registered domain name, e.g. example.com.
I want when trying to access ‘jellyfin.example.com‘ the reverse proxy to point to the Tailscale IP or URL, for example ‘https://media.tbXXX.ts.net:8096‘. But that should work only when connected to the Tailscale network.
Is this even possible? If it is, can you point me to some resources explaining the whole configuration?
Yes, it is possible, but you need a domain (example.com) that I guess you want to be resolved from internet and a public face ip.
After that, yep, if the reverse proxy can resolve tailscale names (basically it has tailscale installed in the same machine) and the service is reachable via tailscale, then it is perfect.
In fact in my setup I have a public domain name that is translated into a private domain name in the reverse proxy (exactly what you want with the addition of tailscale)
I have a registered domain name already, but I am behind CGNAT and I don’t really have a public IP.
I want to allow access to my services remotely only through Tailscale.
My setup just has the local IP (of the reverse proxy) in the domain’s DNS records, and I have Tailscale on my home server setup to advertise subnet routes, so I can use the same local IP when at home or remote via Tailscale. No need to use your public IP or open ports or anything.
Yes, I know that, but I just don’t want to remember the port numbers or create some bookmarks.
I think I can create a CNAME record for *.media to point to the Tailscale address of the reverse proxy and then use the reverse proxy with Cloudflare API key to serve SSL certificates from my domain.
I am currently struggling a bit with the setup though.
This approach, but if you setup your server to advertise subnets you can use your local IP range instead of tailscale’s. Port numbers for individual services would be handled by your reverse proxy, you can setup a subdomain route for each service.
Instead of having to keep track of bookmarks you can use something like homepage on the root of your domain, as a dashboard to navigate to all other services.
OK I understood that the request came from internet and tailscale was to link the reverse proxy and the server.
In this case try ipv6, pretty sure you have ipv6 and you will have a public address.
But for this case you will need a dns in your network so example.com can be resolved and then your proxy will make the right request.
Yes doable.
deleted by creator