this post was submitted on 26 Nov 2023
6 points (100.0% liked)

Self-Hosted Main

521 readers
6 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 2 years ago
MODERATORS
[email protected]
6
Tailscale: the marvellous tool that became indispensable to my tech life (alien.top)
submitted 1 year ago by [email protected] to c/[email protected]
85 comments fedilink hide all child comments
 

I can't praise Tailscale and its developers enough... I discovered this do-it-yourself VPN solution about half a year ago and boy has it improved my life... Here is what I managed to accomplish with it.

I am running Tailscale on my old macbook air, henceforth referred to as my "server", my two firesticks, and my phones.

*remotely=outside of LAN, so over internet*

-I can access my SMB shares remotely from my phones with OwlFiles and from my M1 Macbook air seamlessly through Finder. All I had to do was enter a simple command on my server in Terminal to add TCP/445 to "Services". Tailscale then forwards incoming TCP connections on port 445 from within my tailnet to port 445 on my mac’s server. The result is that I am able to mount my 2TB share from anywhere I have internet and manage my files as though I was on my home network. I also have access to my entire media library from VLC installed on all my devices (once again, through SMB). If only I could somehow add my remote SMB shares to Kodi... But Kodi doesn't seem to allow me to type in custom IP addresses when trying to add SMB shares. Let me know in the comments if you know how to add remote SMB shares to Kodi (the ones it does not detect automatically).

-Similarly, by adding a suitable HTTPS port to my server's Tailscale services, I am able to manage the Transmission torrent client installed on my server remotely through Transmission's web interface (while connected to Tailscale, of course).

-I can back up to Time Machine remotely and accessing my Time Machine backups remotely as well. There are a few caveats though. On my server, I had to add a shared folder (from Settings), allow access to it via SMB and mark it as a Time Machine backup destination. The process is pretty straightforward. The trick is to add it as a backup destination THROUGH TAILSCALE by typing in the Tailscale IP of your server or the Magic-DNS domain name. Also, you will not be able to access pre-existing time machine backups through Tailscale! Only the destinations that you initially add through Tailscale. This is why I have two backup destinations on my server - one that I back up to from my LAN and one that I use over Tailscale remotely. Works like a charm!!!

-I can control my server through VNC remotely and seamlessly as if I was connected to LAN. To do that, I had to add TCP/5900 to my server's Tailscale services (which is akin to opening up TCP port 5900 to incoming connections from within the tailnet). This is particularly useful when I don't have my M1 mac with me, but need to run Python code inside Spyder. I just turn on my bluetooth/trackpad combo, connect it to my S10+, jack myself into my tailnet, MultiVNC my way into my server and BAM.

-MagicDNS deserves its own praiseful review. Not only did it assign a permanent, simple domain name to all my Tailscale-enabled devices, but it allowed me to configure my own DNS server for Tailscale-connected devices. I was then able to choose custom DNS servers for specific domains, which let me block FireTV updates without compromising my security (The DNS server used for that looks a little sketchy so I don’t want all of my traffic to go through it) and also use AdGuard DNS without breaking Doordash’s Dasher app by routing doordash-specific DNS requests to Google’s DNS and not AdGuard’s. Solid win here, as Adguard's DNS bricks the Dasher app. Let me know in the comments if you want to see my Magic-DNS configuration.

-FUNNEL: By running a funnel (proxy) on my home server, I am able to access my dad's Bell Fibe TV channels through their web interface from anywhere on Earth - Bell treats my traffic as if it's coming from my home network! It will NOT work if you use the mobile app, but works flawlessly from within Samsung Internet, Safari (on mac) and Grazing 3 (on iOS). Also, it’s quite neat to browse with my Canadian IP even when I am travelling (no more annoying "cookie consent" notices when in the EU). I suspect Netflix users could use this sort of setup to get around password-sharing restrictions. I am also running funnels on my firesticks just in case I need more bandwidth.

-SUBNETS: I am running a subnet on my home server so that I could adb into my firesticks and manage them remotely with scrcpy (update apps, install tweaks, etc). Yes, I am not a huge fan of the command line ^^' . I can also access my wifi cameras remotely from my mac. The desktop app for the cheap chinese ones only allows you to manage them over LAN, but Tailscale takes care of that. Works like a charm!

I am beyond pleased with everything Tailscale enables me to do. It baffles me that this technology is somehow free to use. I am extremely grateful to be a part of the Tailscale community. Thank you!!

Share your ideas and questions in the comments.

(page 2) 35 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 1 year ago

Thanks but I pass I think. Proprietary software is against the mindset of self-hosting if one asks me. But if it works for you, it's just fine I guess. It's just not for me

[–] [email protected] 1 points 1 year ago

I found setting up wireguard super simple and did not need tailscale at all. Why involve a business when the technology just works.

[–] [email protected] 1 points 1 year ago (2 children)

The bit I’ve always been confused about by Tailscale is the business model. They spend a fortune (i guess)in advertising on every podcast. If something is free then you’re the product. Assuming they’re not evil incarnate and harvesting personal data, I can only assume that a high proportion of self-hosters work in IT and have purchasing power. Actually that would be a fair sized IT department because 100 devices would cover a fairly modest office environment.

I hope that’s working for them because I fulfill neither of those criteria but as a noob I do find it jolly useful!

[–] [email protected] 1 points 1 year ago

I can only assume that a high proportion of self-hosters work in IT and have purchasing power.

I believe that's the case with Bitwarden. They're making the big bucks from organizations. Can't see why it wouldn't be the same with Tailscale.

[–] [email protected] 1 points 1 year ago (1 children)

They have a lot to say about it,

https://tailscale.com/blog/free-plan/

I tend to overall believe what they put in this article, even if at times they're a bit grandiose with stuff like "Fix the internet".

[–] [email protected] 1 points 1 year ago

Makes sense. I didn’t honestly believe they were selling data, more that it might be unsustainable. But they seem pretty confident so here’s hoping!

[–] [email protected] 1 points 1 year ago

I've started to put tailscale clients inside docker containers. That way services can move freely from continent to continent and I just don't care...

[–] [email protected] 1 points 1 year ago (2 children)

The only thing which bothers me is their lack of proper user accounts.

I don't mind registering for a service like Tailscale, but I definitely don't want use a Google/Microsoft/whatever account for it!

Headscale might be a solution to that, but for something designed to essentially punch through most of my security I would rather prefer something well-supported by a larger player, tbh.

[–] [email protected] 1 points 1 year ago (1 children)

Full disclosure: I work for Tailscale.

You're looking for custom OIDC providers.

https://tailscale.com/blog/custom-oidc/

load more comments (1 replies)
[–] [email protected] 1 points 1 year ago

Headscale might be a solution to that, but for something designed to essentially punch through most of my security I would rather prefer something well-supported by a larger player, tbh.

Firstly, why do you want something from a larger player? The whole idea of self-hosting is to avoid relying on the work of large players.

Secondly, Tailscale isn't a large player. If you look at how many people it has on its GitHub page, it's got 20 people able to make commits. This isn't a large organisation, it's a small company:

https://github.com/orgs/tailscale/people

Thirdly, Tailscale uses Wireguard at its core, which isn't something from a "larger player". If you can't trust Wireguard, how are you going to trust Tailscale?

[–] [email protected] 1 points 1 year ago

It's been a game changer for me also. One feature that no one seems to address is the tailnet lock function. A common complaint is that tailscale being a 3rd party service could see your data (not true). The more valid concern that tailnet lock addresses is the situation where a hacker could add a malicious node -- if they were to get access to the control plane. Tailnet lock addresses this by giving complete control plane approval to you. The alternative is to go full self hosted with the headscale implementation, but I personally don't feel any need to switch at this point.

[–] [email protected] 1 points 1 year ago

Welcome to the world of VPNs.

[–] [email protected] 1 points 1 year ago (1 children)

What can Tailscale do that Zerotier can't?

load more comments (1 replies)
[–] [email protected] 1 points 1 year ago (1 children)

Can you go into more detail about your Bell Fibe TV setup? Does it only work in a browser or did you find a way to make it work with an Arris box or Android TV device (which, if it's on the Bell network, should let you watch any channel you subscribe to)?

I'm wondering how IGMP snooping/multicast would work through the tunnel if I wanted to put a box elsewhere.

[–] [email protected] 1 points 1 year ago

So the thing is, my dad pays for Bell Fibe Internet and TV and when I am on LAN, I can watch all the channels that the subscription includes from virtually ANY device (firesticks, iphones, androids, laptops, etc.) either by downloading the Bell Fibe TV app from the appstore or by going to https://tv.bell.ca/home. Bell detects automatically that I am connected to the internet through them, as well as my dad's subscription (no need to log in or anything). I can trick Bell into thinking that I am at home by running a funnel on my server with the help of Tailscale. Now, when I am away from home, the app will only work when I am on wifi AND connected to Tailscale AND using my server at the exit node (funnel). If I am on cellular, I have to use the website I mentioned earlier. The best browsers for that are Samsung Internet on android and Grazing 3 on iOS, since they allow the picture to fill the entire screen. In principle, you should be able to access your subscription from any device that has a web browser and can run Tailscale.

load more comments
view more: ‹ prev next ›