I’ve been following this post since the first comment.

And I have just put together my own RAID1 1TB NAS. And I did not think that 1TB will serve me forever, more like “a good start”.

But the numbers I’ve been seeing in here… you guys are nuts 😆

I think that is not a dummy account. It still comes with all the bells and whistles. If that’s acceptable, then one could just use “create an account” on gmail page

Of course not. The point of their accounts is to lock you in their ecosystem

Unfortunately not every company has a reasonable Head of IT and/or policies

Ah, that link did not go into details, I’m sorry. Take a look here. It might look daunting but effectively it was just a few lines AFAIR

Yes, it’s called IP Forwarding. I don’t have iptables lines ready, it’s been a long while since I’ve done it

https://github.com/palform/palform/blob/main/README.md#self-hosting

It might be a bit too early for someone to having tried it

But it does look interesting

Personally, I would do this in docker. That way you can have clearer separation between services and networks. But it’s not a hard requirement.

I would just do it, as you wrote. For example, on the account of jellyfin server, configure the tailscaleA client, then wireguard client, etc. Set those up as separate user services/processes/system services if root permissions needed and that’s it. Then on other services set the needed connections separately.
It might be handy to set up traefik, so things served via vpns can go through the same routes as local traffic, so you use the same path as your users do

When you have a service that serves something on a port, you are not limited to only one connection. It can be accessed through different clients, the only needed part is that those clients connect to their respective vpn networks and pass the traffic correctly

I don’t see a need for a separate device for that routing

A lot. Last night I’ve been seeing a lot videos that were checking what gets through and where and quite a few that were shadowbanned. And then, of course, a lot on what’s going on in US
Contrary to the general opinion here, TT algorithm can bring you a lot of valuable/new/different opinions. It is, of course, not grassroots and algorithm based but last night I understood more than in a few days of skimming news feed

AFAIK connecting to the VPN was the functionality of that older desktop app. Now they only added mobile apps

The option to connect a client to the VPN has been there in webgui since at least a month

AFAIK it always has been one https://dbtechreviews.com/2025/01/15/exploring-pangolin-the-self-hosted-cloudflare-tunnel-alternative/

It’s a WireGuard VPN with a bunch of automation to make using it as a reverse proxy easier

It’s great that Obtainium exists but that’s not my point. Behind pangolin is a company. Which in a way claims to be “one of us” - distributes open source code, with one of proper licenses, etc. Yet, when they deliver a binary, they only put it on big tech service. They didn’t say “f-droid coming”, which is normal as putting up f-droid builds sometimes takes time, not even “f-droid will be evaluated”. Maybe I’ve become a hardliner but in my book thats a few “sus points” from me

I use pangolin. I use their cloud offer and I’m preparing to move to self-hosted one. But I say: don’t throw away wireguard notes yet, pangolin might enshittify once they get a following

No f-droid? I’m very disappointed

Same as now, you only have to write in docker compose that this local file, next to docker compose should be mounted to that location inside container

Sometimes I wonder if I fail my spouse with not convincing her to privacy, or I let her make her own decisions

I liked Shiawase Decision more when it was just “a bit stretched imagination”

I don’t know about setting colors, but I’m using Lawnchair because it can have folders in the bottom applicatons strip

But the opposite would mean some point did make them go about their sense. And for me that is even more unrealistically optimistic

Hence “I might be jaded”

Here is how the Pangolin resource is configured

Use the hostname that is reachable on docker instead of IP. I think in this case that would be plex (name of docker service/container(?))

Go to access logs in pangolin dashboard and try to find out at which level the problem occurs. Where’s the last spot you see your query? Pangolin? Newt? It disappears after newt? Your plex service logs something about the query?

Maybe things have improved but some years ago I was using Synology servers at work. VMs, HA, etc. They are nice at the beginning but after some time, unfortunately, the truth is that it’s just another locked down box where whether you can tweak a thing depends if it was made possible by Synology. And while I’m not some kind of NextCloud master, I can see how it could require some tinkering from time to time. For sure it’s better to “just do it” and migrate if it’s not enough instead of not getting into the thing at all. But if I were on your spot I’d either go with something less humongous on Synology or NextCloud on docker