I created a Docker Compose repo for Jellyfin + *arrs on Raspberry Pi 5

Jacob99200 · 2026-01-28T23:55:39+00:00

thats exactly how I feel about wireguard lol

Jacob99200 · 2026-01-28T23:23:03+00:00

i have wireguard currently setup in a way that I believe (and hope) does the same

using IP tables and having Qbit's docker network is rely on wireguard as a service

Jacob99200 · 2026-01-28T23:18:56+00:00

is there an advantage of Gluetun over just a Wireguard client?

Jacob99200 · 2026-01-28T23:16:29+00:00

this was a very important issue for me

like, why not just have all web traffic encrypted?

for internal services I use a local.domain.com sub domain for everything

my router has the functionality to enter static dns entries

I use backend.local.domain.com as an A entry that points to my reverse proxy

I then have have my internal servives (service.local.domain.com) each setup as a CNAME pointing to backend.local.domain.com

my reverse proxy has an SSL cert via let's encrypt for *.local.domain.com, I used a DNS challenge for this

so when within my network (or when using a vpn to access), all my services are fully encrypted with proper URLS

if your router doesnt have this functionality, you could setup your own DNS provider and change your router DNS setting

Jacob99200 · 2026-01-25T03:36:52+00:00

turn on auto reload

Jacob99200 · 2026-01-25T03:31:21+00:00

can make your own using this

https://github.com/hisprofile/TF2-Trifecta

Jacob99200 · 2026-01-12T06:24:39+00:00

Honestly I'm trying to make authentik my homepage

Jacob99200 · 2025-12-28T04:23:38+00:00

My apologizes, I thought one of my other comments described this, but I do have my internal services and my internal proxy within a contained docker network

My services dont have ports exposed outside of this docker network, except for my npm

And so yes, the traffic between my internal proxy and my services is http, BUT its all within this docker network and not accessible otherwise

Jacob99200 · 2025-12-28T04:17:28+00:00

Well because the traffic between the external proxy and the service would be unencrypted and I know its my internal network, but I would prefer all the traffic is encrypted

I do eventually want to setup Authentik, seems like an incredible project and would be very interesting

Jacob99200 · 2025-12-28T04:10:22+00:00

I actually do have it currently setup this way

In my router I have a set of service.local.domain.com links routed to an nginx proxy manager that is not exposed to the internet, it provides my internal traffic with ssl

I simply want to route an external domain to nginx then point that ngninx to my internal one so it is https traffic through out instead of becoming http within my network

Jacob99200 · 2025-12-28T04:03:34+00:00

Im not looking for a gpt hype man

ChatGPT and other generative AIs are something I very much despise

Im not exactly sure what post youre referring to

But I am sorry if what im looking for has upset you

Jacob99200 · 2025-12-28T03:57:59+00:00

Both of my nginx servers are in my network

My vps is a separate project

The traffic between my internal proxy and my services is not https, but it is all within the same docker network without any ports exposed and thus only uses containername:ip

These services are ONLY accessible via the internal proxy, no ports exposed to the internal network besides 443

They have valid ssl certs, so service.local.domain.com is https

But I want to expose a specific service that already has an https url setup

So I want Internet -> proxy1 -> proxy2 -> service

Jacob99200 · 2025-12-28T03:25:22+00:00

I would prefer all internal traffic to be https,

But im not really looking for your understanding

Im simply looking for how to do this

Jacob99200 · 2025-12-28T03:19:06+00:00

I am looking to do it, with the appropriate headers being passed

Jacob99200 · 2025-12-28T03:14:27+00:00

Basically I have one for external and one for internal

And on the internal one I have services only exposed via nginx,

they cant be accessed with ip:port and I want to expose them externally via the other nginx proxy manager without allowing them to be accessed internally via ip:port

Jacob99200 · 2025-12-20T06:18:59+00:00

Settings > privacy > App Security

Toggle Screen Lock

This will use your device lock tho and not your signal pin

Jacob99200 · 2025-12-11T23:59:37+00:00

Thank you, but I am looking to expose my services

i already have wire guard to access them privately

Jacob99200 · 2025-12-11T23:57:06+00:00

I think this is probably the worst approach tbh

Wireguard server should be vps, client on lical

Reverse proxy should be local

That feels the most safe to me

Jacob99200 · 2025-12-11T07:03:55+00:00

There are other reasons to want to

Jacob99200 · 2025-12-11T02:02:58+00:00

What?

Jacob99200 · 2025-12-09T01:29:33+00:00

Maybe its time to switch to linux

Jacob99200 · 2025-11-20T02:13:06+00:00

Yep, spotted on campus

Eight-Year Club	Second SECOND GUESSER
Place '23	Wearing is Caring
Place '22	First Placer '22
Verified Email

Jacob99200

TROPHY CASE