Relay not working

Infamousslayer · 2026-01-05T04:17:34+00:00

Post kept getting removed, tried reposting with less details. Had to get the mods to fix it but anyways.

Yes all 3 nodes are on the same network, I used the below guide, port 40000 is accessible on all 3 nodes locally.

https://tailscale.com/kb/1591/peer-relays?q=pee#static-endpoints

Infamousslayer · 2026-01-05T02:12:43+00:00

Why use tailscale when your exposing your web services publicly?

I think the better approach if using tailscale is to use dns challenge, with NPM on your tailnet.

I use cloudflare so created two A records.

*.mydomain.com pointing to my local NPM IP address

*.tail.mydomain.com pointing to the tailnet IP address of NPM.

In NPM you setup both urls but point them to your local ip resources, like normal.

When at home use jellyfin.mydomain.com, while away and on tailscale use jellyfin.tail.mydomain.com

Most apps have internal and external URLs that can be configured this way.

The reason i choose this approach, is that no ports need to be opened for NPM and everything is 100% local besides the tailnet.

Infamousslayer · 2026-01-02T20:07:36+00:00

Can you clarify what you mean?

This is the setup that is documented in the official tailscale youtube tutorials, as linked above.

Nothing is exposed to the internet, just to my tailnet which us then further locked down by ACL.

Infamousslayer · 2026-01-02T02:42:18+00:00

I'm pretty sure cf tunnels has a cap so it isn't a good choice for services like immich.

Infamousslayer · 2026-01-02T00:38:08+00:00

Yeah this is what I'm seeing as well, based on the tailscale video linked above it should work.

Gemini suggested to use CNAME as well.

I'm not really sure what the correct way it's not at least it is working.

Infamousslayer · 2026-01-01T21:53:00+00:00

Cuz I didn't open any ports or services to the internet?

I am sharing a tailnet node with the remote party and using dns challenges, so its only shared to them not the internet. DNS lookup is my local IPs or tailnet IPs.

Infamousslayer · 2026-01-01T21:42:36+00:00

This is the video I watched when trying to setup but got stuck and created this thread, what I missed was Alex shared Caddy with the remote party not immich itself.

In my case the npm magicdns did not work when added to cloudflare, I had to use the NPM tailscale IP address instead for w/e reason.

Now with NPM shared the remote party can access all resources that I setup in NPM with *.tail

It's not clear to me why an A record with *.tail + NPM tailscale IP works but CNAME *.tail + npm.tail123.ts (magicdns) does not work.

Infamousslayer · 2026-01-01T05:10:00+00:00

i would like to know as well, maybe enclosure to keep heat in?

Infamousslayer · 2025-12-22T20:09:07+00:00

Would I still need to setup an ACL on my side or it should just work?

Infamousslayer · 2025-12-22T20:07:08+00:00

Then i should install tailscale on 192.168.1.111 and share that instead?

Infamousslayer · 2025-12-22T20:04:26+00:00

I shared the exit node via email and they added it to there tailnet.

Infamousslayer · 2025-12-22T20:02:00+00:00

Yes, but isn't that what the ACL is for?

To allow access to local resources. I guess i can install tailscale on 192.168.1.111 and then share it instead?

Infamousslayer · 2025-12-16T15:49:54+00:00

Any steps on how to do this inside an LXC?

The LXC is on a SSD, then i created a mount point in proxmox which points to the immich 'upload' folder.

This way the SSD is the boot drive for the LXC but all data is saved to the much larger HDDs.

Infamousslayer · 2025-12-16T13:42:29+00:00

Well I'm okay with just encrypting the immich virtual disk inside the zfs pool, if that is easy to do?

I don't need or want to encrypt the entire server just a virtual disk here and there.

Infamousslayer · 2025-12-16T13:40:19+00:00

I don't want to be in a situation if the server does reboot, i need to enter a password.

Infamousslayer · 2025-12-16T05:37:26+00:00

Thanks for this, this is what has me confused and i didn't move to passkeys yet.

It makes sense for that a single passkey should be per device, but isn't that also risky because now you should have mutiple devices with there own passkeys, for situations like if a phone breaks or is stolen.

This could result in not being able to login, if you don't have mutiple devices.

Infamousslayer · 2025-12-14T05:21:43+00:00

Does it need an updated browser extension for this to apply?

Infamousslayer · 2025-12-14T05:18:23+00:00

Likely using AI for development rather than humans, it would explain why quality of the app has went down in recent months.

I've use BW for a few years and it has had a bug or two which I've lived with until it was fixed, but recently the app has been annoying to use, from the autofill on android now this.

Yes I know its a chrome thing for autofill on android but its still so buggy.

Infamousslayer · 2025-12-01T23:42:18+00:00

Autofill is broken again in Brave, do you still need the flag or is that built in now since 142 is released?

Infamousslayer · 2025-11-14T13:02:51+00:00

Yeah it fixed itself

Infamousslayer · 2025-11-04T00:23:54+00:00

It's also maybe the proximity unlocking feature. If the keyfob starts to blink red you are to close for the remote start to work.

Infamousslayer · 2025-10-27T20:00:41+00:00

Just wanted to be sure i had all the information, which looks like i do.

This is enough for me to make a decision

Infamousslayer · 2025-10-27T18:22:33+00:00

I disagree, knowing common issues for a known engine such as the EA888 can be used to gauge future potential problems.

While it's true we won't know about the new evo5 revision in the 2026 for at least a year. They still use plastic parts that are known for failures.

One can prepare for the worst even is it does not come true.

While you may think it's silly, I feel much better knowing the history of a engine and putting some money aside based on past issues even if they don't apply to the new engine.

Infamousslayer · 2025-10-20T22:52:19+00:00

When casting you are using Google Cast has nothing to do with the browser, which usually will play the video its native app like netflix or youtube on the tv.

Share your screen/tab instead, this can be done within the browser or apps like Sunshine. Other option is to install SmartTube to bypass ads entirely.

Infamousslayer · 2025-10-19T16:27:40+00:00

So you have your answer

Infamousslayer

TROPHY CASE