Selfhosted

Normally we don’t have to use SSL when we connect to the services via Tailscale as all connections are end-to-end encrypted and only allowed users could access your network. But there are always exceptions like you want put your tailscale domain behind a public domain or you have to use SSL for internal connections. For example, horader on ios requires the SSL and it won’t work when we host hoarder using docker even we enable HTTPS on tailscale DNS and add cert to the NAS. When I access hoarder via the tailscale of the NAS, it always returns insecure connection. I tried created the SSL cert using tailscale cert and make it the default cert of my Synology, it still fails as tailscale cert only cover the port 443 so the services running at other ports are not covered. ...

Remote Accessing NAS using Tailscale Simply put, Tailscale is a private VPN built on the WireGuard protocol, designed to support a Zero Trust architecture for managing devices within a subnet. As a mesh network, Tailscale enhances connectivity when accessing NAS services remotely. Compared to traditional VPNs and firewalls, WireGuard and Zero Trust offer significantly better security since every device requires authentication to communicate with others. This granular access control minimizes risk—even if an attacker compromises one device, they won’t automatically gain access to the entire private network. Unlike conventional firewalls, which often have a hardened exterior but a vulnerable core, Tailscale ensures both outer and inner security. ...

Intro In Route transmission to VPN container, I talked about how to download contents via VPN tunnel so we can get rid of some troubles. But that is far from enough for us to build a home media server which should work as Netflix and Hulu to us. We shouldn’t bother with the torrent and subtitle search. Once we add a show to our watch list, everything should be set up automatically. I will introduce the tools and necessary setup for me to build a home media server in the following sections. ...

Recently I changed my ISP to ATT to try their fiber, and they gave me the bgw320 as the gateway for the Internet service. And I have trouble connecting to my Synology’s services like Jellyfin. I suspect it has some conflicts with the network of these docker services running in Synology or the internet setup of Synology. Considering the configuration of docker network could be another rabbit hole, I didn’t go that route. I decided to connect the gateway with my own router and use the passthrough function in the gateway so I can do the port forwarding in my router. ...

Intro When you have a NAS at home, it feel bad if you don’t keep it running for something even if you don’t use it. It is the major backup to store the photos we shoot with our iphones. However, it is just basic use and hosting a media center with it sounds more cool. I used to use transmission-openvpn and it works perfectly, however, my VPN expires and I decided to use proton free tier. This is where things go south - I spent two days on it and I cannot get it work. When I am about to give up, I found a better approach for my purpose - running transmission and vpn in separate docker container and route transmission to vpn conatiner. It sounds a great idea in the first place given we should only do one job for each service - unix’s princinple. ...