I’ve been researching different ways to expose Docker containers to the internet. I have three services I want to expose: Jellyfin, Omnivore (Read-it-later app), and Overseerr.

I’ve come across lots of suggestions, like using Nginx with Cloudflared, but some people mention that streaming media goes against Cloudflared tunnel TOS, and instead recommend Tailscale, or Traefik, or setting up a WireGuard VPN, or using Nginx with a WireGuard VPN.

The amount of conflicting advice has left me confused. So, what would be the best approach to securely expose these containers?

  • notfromhere@lemmy.mlEnglish
    4·
    16 days ago
    1. Never host anything that is externally accessible
    2. If you have to, put it behind a VPN (OVPN, Wireguard, IPSec, Tailscale, etc.)
    3. Certificate based authentication is preferred for VPN tunnels
    4. Always TLS encrypt your actual endpoints. Private CAs are most secure but a pain in the ass. Let’s Encrypt is very simple to set up in most cases.

    Just my 2 cents.