• 0 Posts
  • 7 Comments
Joined 1 year ago
cake
Cake day: July 25th, 2023

help-circle



  • I recommend adding hostname: app-name lines for each container then you can just use the hostname and the native port (even if you don’t pass it through with a port: line).

    It’s super useful if you want to expose any apps with a reverse proxy like Caddy. That way the ONLY way to access an apps web interface is via the reverse proxy. Then look at filter rules to deny access unless the client has a LAN IP.

    Poof, you’ve got SSL and custom subdomains for all your apps, but still only on your LAN or personal VPN (like Wireguard or Tailscale).




  • Make sure the Allowed-IPs is as small a subnet as possible. Your device will only route traffic over your VPN that has a destination IP in that subnet.

    That way you’re only tunneling the traffic that needs to go over it. Everything else will go out the normal route.

    Having your device package up and encrypt every packet takes some overhead and will inherently lower your bandwidth throughput, so it’s worth minimizing the number of packets that have to go through that process.