this post was submitted on 18 Dec 2023
10 points (91.7% liked)

Selfhosted

40187 readers
710 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud
Loki
CannaVet
devve
HybridSarcasm
[email protected]
10
Mailu+Photoprism using Traefik, NGINX, & Cloudflare (self.selfhosted)
submitted 11 months ago by werefreeatlast to c/selfhosted
7 comments fedilink hide all child comments
 

Hello, I recently got into Photoprism and it's now my one and only app that I care to spend time feeding. Except Google says I'm running out of space please buy more and I want to do badly but nah. So I found mailu to be a pretty simple docker. Photoprism was working so well initially as dynamic DNS and then I moved to Cloudflare and the world opened up for more. Cloudflare wanted money for portzilla so I found NGINX and that reverse proxy manager is awesome. However I could not figure out how to set it up to get mailu working. I found hints that Traefik could fix that with simple yml files per each service. Could someone please share some info on this? I so far have gotten Traefik to come up but then followed a YouTube video to add TLS and I'm not able to login internally or externally. I think the cloudflare connection is working because I get the same 404 error page as I do locally with 10.178.35.83:9080 as an example I get the same page as "my page.com". The video said to expect that but did not elaborate as to how they fix it or how they bring NGINX under the traefik umbrella.

https://youtu.be/XH9XgiVM_z4?si=G8BQXd3zO5AhILy-

He has the config files here:

https://github.com/JamesTurland/JimsGarage/tree/main

I used his version 3 per the video, but now I can't get to the dashboard.

Anyway after I do figure out this dashboard, the next hurdle would be to figure out how to setup mailu so I can send emails to [email protected]

I'm behind an ONT, which can forward ports and then a Unifi Controller with USG which can also forward ports. Currently I'm forwarding 80 and 443 on both right to the computer holding docker.

all 8 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 11 months ago (1 children)

Think of the path the user go form their browser to your service as a children’s connect the dots game. They must go from their browser, to the internet, … eventually to your service, each step doing one thing to get closer to the service and back. Both Traefik and Nginx reverse proxy does the same thing, routing traffic from the entry point to your service, so you don’t need both.

I think the path currently might look something like this:

User -> Internet -> Cloudflare DNS (port 80/443) -> Cloudflare Tunnel (inside your network) -> Traefik (port 80/443) -> Service A

And now you want to add an extra route that goes something like:

User -> Internet -> Cloudflare DNS (port 80/443) -> Cloudflare Tunnel (inside your network) -> Nginx Reverse Proxy (can’t use port 80/443 because it’s taken by Traefik, so port XYZ but that costs a fee) -> Service B

If this understanding is correct, I’d recommend simplifying to just either Traefik or Nginx, as both does the same job of routing traffic from your entrypoint (Cloudflare tunnel) to your service.

For a Traefik based setup, you’d ideally put it on a bridged host network in docker, and have it listen there. Add individual service you’d want to expose (i.e. just the container of the web server for the app, not the database) to that network, and apply the appropriate container labels to expose it. It’d then be able to handle all the appropriate routing for you.

I don’t use Nginx, so I can’t touch on that, but I’d imagine similar setup in which you have Nginx listen to 80/443, then have it route the request to your service as needed based on whatever setup mechanism it uses.

[–] werefreeatlast 1 points 11 months ago (1 children)

Yes this is what I was thinking, but like I said I ended up with not being able to login to the traefik dashboard. I'm going to disable NGINX and keep trying to get to the dashboard again. I'll have some play time in a few hours. However from some searching, it seems that having both can be okay?

[–] werefreeatlast 1 points 11 months ago (1 children)

Oh this is embarrassing.... NGINX the webserver! Not the reverse proxy manager! Okay now I get it! People use Traefik to serve NGINX sites not NGINX reverse proxy manager services. Gotcha! Okay now it makes sense, it's one or the other.

[–] [email protected] 2 points 11 months ago

Yup, traefik isn't able to do any sort of serving itself so for anything more complex than a handful of ports you're expected to use nginx or whatever webserver to serve what you need and then have traefik on top of that as a reverse proxy. Or at least that's my understanding as a somewhat new user.

[–] [email protected] 1 points 11 months ago

Here is an alternative Piped link(s):

https://piped.video/XH9XgiVM_z4?si=G8BQXd3zO5AhILy-

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.

[–] [email protected] 1 points 11 months ago* (last edited 10 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
DNS Domain Name Service/System
HTTP Hypertext Transfer Protocol, the Web
nginx Popular HTTP server

2 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.

[Thread #365 for this sub, first seen 19th Dec 2023, 16:55] [FAQ] [Full list] [Contact] [Source code]

[–] werefreeatlast 1 points 10 months ago

No matter what I try I keep getting a 404 error. I'm taking now the shotgun approach and changing the yml file copy paste from anyone and anything out there that has ever reported a successful configuration LOL. I lost all hope. Installing Traefik is a Total undeniable PITA.

The first thing is that the documentation is all over the place like a rainbow of letters just threw up into the Internet.

Hey here's a configuration that works! -- api.insecure! .nah! It's -- "ap.insecure"!.... nah you have to add $ to every letter on Wednesday and then wait for the _ and press *** three times and hit enter the word not the keyboard key but the font has to be in bold and you have to use an old IMAC.

Guys your software is shit if no one can install it. This is my third weekend trying stuff to get it to run. I got it to work one time. In fact it does probably run but I just can't get to the damned dashboard.... Is it localip.dashboard.com? Is it dashboard.ip:8080/username?

Frustrated 🥴.