I’m also using cloudflared tunnel but is there a tutorial to set up 2FA with Google login as well as geoblockers?
I used to do this but was bothered by the fact there’s a 100MB upload limit, stopping longer videos from uploading so I switched to a reverse proxy
Don’t you get blocked because crowdsec detects file enumeration?
Can anyone give me a ELI5 for Tailscale?
Tailscale + domain name pointing to TS IP.
Caddy proxy with Cloudflare DNS challenge for Letsencrypt cert
I second that! Agreed there is a cost to the domain, but this means easy setup, get encrypted transport and use for all other services without poking holes in firewall. The advantage also is that I am creating an “off-site backup” and can just got to the other place, connect to the internet and it starts working. I know tailscale is similar.
Have you noticed issues with files over 1GB with that setup? I did, and had to disable cloud flare’s proxy. Works great now behind nginx.
I found from some research that cloud flare simply limits you to 1GB file transfers and/or a hard timeout that you can’t change, but I could be wrong.
What I do know is that disabling the feature fixed the failed uploads I was having with larger videos.
Edit: Found a comment describing my issue. https://www.reddit.com/r/immich/comments/1f0cs71/comment/ljr89fv
Problem is, Cloudflare Tunnels have a 100MB upload limit. So if you try to upload a video bigger than that to Immich it can become a problem. Especially files bigger than 1GB always fail for me
How do you secure this from attacks? I’m in the same setup but want to lock it down a bit more than just the immich login page
Do you run it on router or a container on the Nas directly?
This!
Way too easy setup compared to the other VPNs. Got it working perfectly for me and my wife, so that we can VPN into our home server when on the go, using our google logins and access jellyfin wherever we are.
Care to share that shortcut?
On your NAS
sudo nordvpn login --token <token>
sudo nordvpn set meshnet on
Refer to the docs on how to configure your device for Meshnet.
That’s nice, I also have nginx rp setup. Just a flip of a switch and it’s accessible. I prefer using the vpn though. Might just need to play around with the 2FA on immich once it has a stable release to get more confortable with it being accessible on the internet.
That’s a very interesting idea which I have never considered. I’ll have to give it more thought.
I kinda like all traffic going thru the vpn since that way pihole also does it’s magic.
What do you use it for?
Yeah there is, https://www.youtube.com/watch?v=wdmbAo02ktQ
Geoblocking is very easy. Cloudflare → Your domain → Security → WAF → Custom Rules. Then make a custom rule: Country → Does not equal → Your Country → Block.
Don’t rely heavily on it, but it’s just an extra step for attackers.
Do you mean remotely only? I have no issues uploading video files larger than 100mb as far as I can tell, but I’m at home usually. What platform does the 100mb limiting factor come from?
No. I’ve not seen it do that. You seen it?
The filter only checks for failed logins.
You install it on your devices. Each device gets an IP and they are reachable between themselves but not from the outside. So you access immich using the IP from tailscale instead of your LAN or WAN ip.
It’s a mesh vpn based on wireguard. It basically allows your devices to be on the same network even when they are not. Basically, a VPN, creates a virtual network for your devices to connect to.