00:00:00
hi I'm Alex from tailscale and in
00:00:02
today's video I'm going to show you how
00:00:03
to use image a self-hosted photo backup
00:00:06
solution and share that with friends and
00:00:08
family let's say you've just taken a big
00:00:10
trip and you want to share all the
00:00:12
pictures that are on your hard drive
00:00:14
with your family that lives somewhere
00:00:16
else while using tail scale and caddy a
00:00:19
reverse proxy in today's video I'm going
00:00:21
to show you how to do just
00:00:24
that all right so who is this video for
00:00:27
well it's for those of you that already
00:00:29
have self-hosted Services running I'm
00:00:31
not going to cover how to set up image
00:00:33
or audio bookshelf or anything like that
00:00:35
in this video but what I am going to do
00:00:38
and there'll be chapter markers down
00:00:39
below is cover how to set the remote
00:00:42
person portion up so you could share
00:00:45
this video with the relative or with the
00:00:47
friend and say follow these steps in
00:00:49
this video download tail scale in this
00:00:51
way and this is how you as the remote
00:00:53
person can actually go about getting
00:00:55
access to the service that I am hosting
00:00:58
if you do need a helping hand setting up
00:01:00
these applications there are some links
00:01:01
down below to some sample code for
00:01:03
setting up jelly fin audio bookshelf as
00:01:05
well as image and caddy as well but like
00:01:08
I say that isn't the focus for today's
00:01:10
video we're going to be focusing on tail
00:01:12
scale today and specifically custom
00:01:15
domain support that's the key part
00:01:17
because you can share a lot of this
00:01:18
stuff already just using tail scale
00:01:20
serve that's built into tail scale what
00:01:22
makes today's solution unique is that
00:01:24
we're using caddy as a reverse proxy to
00:01:26
support a domain name that you already
00:01:28
own so Alex's domain.com something like
00:01:31
that and so the service that we're going
00:01:33
to use today is image this is basically
00:01:35
a self-hosted replacement for Google
00:01:37
photos any pictures I take on my phone
00:01:39
get automatically backed up to image I
00:01:42
can create albums I can scan for faces I
00:01:45
can you know do all that kind of stuff
00:01:47
that you would do on Google photos
00:01:50
except for the fact the data never
00:01:52
leaves my server and never leaves my
00:01:54
infrastructure so taking a look at what
00:01:56
we've got over here you can see that
00:01:57
I've already got image running at image.
00:02:00
ru. dots andstuff dodev this is a domain
00:02:03
name that I own I purchased it for about
00:02:05
$13 from name cheap you can buy your own
00:02:08
again for that sort of1 $15 price point
00:02:11
it's not too expensive to have your own
00:02:13
domain name these days imit is currently
00:02:15
being served through a reverse proxy
00:02:17
called caddy this automatically handles
00:02:20
all of my TLS certificates and
00:02:21
everything like that from let's encrypt
00:02:24
but I've never really liked the name
00:02:26
reverse proxy it doesn't explain very
00:02:28
well what it does and I thought about
00:02:30
this the other day and when you walk
00:02:32
into a bar there's a bartender right you
00:02:34
want to buy a drink there's a bunch of
00:02:35
bottles behind the bartender you know
00:02:37
some whiskies some Gins that kind of
00:02:39
thing and you think to yourself I want
00:02:41
access to those resources behind the
00:02:43
bartender well that's what a reverse
00:02:45
proxy is doing you place a request you
00:02:48
order a drink and the bartender or the
00:02:51
reverse proxy has permission to go and
00:02:53
get that resource for you on the back
00:02:55
end it has the logic of knowing which
00:02:57
server is able to serve that that web
00:03:00
request and so what we're going to do
00:03:01
today is share that reverse proxy out
00:03:03
over your tail net we're going to put a
00:03:05
c name into a public registra pointing
00:03:08
to the ts.net entry which is your
00:03:11
personal private DNS name given to your
00:03:14
tailet so that it only resolves over
00:03:17
your tailet you're not exposing any of
00:03:19
this to the internet and that's such a
00:03:20
crucial difference between doing this
00:03:22
with something like port forwarding or
00:03:24
firewall rules or something like that
00:03:26
all of this remains completely offline
00:03:30
you know that we're not exposing any of
00:03:32
this to the public internet and so you
00:03:34
as the administrator of the image
00:03:36
instance Your Role here is to make sure
00:03:38
that your reverse proxy is working so in
00:03:40
our case that's caddy and then you're
00:03:42
going to need to put an entry into Cloud
00:03:44
flare as a public DNS record we'll come
00:03:47
on to that in just a second so let's
00:03:49
take a look at my tail scale admin
00:03:51
console over here you can see that I've
00:03:52
got a caddy node in my tailet the actual
00:03:56
image service is being served through
00:03:58
this auntu server down here here at the
00:04:00
bottom but at the top here we've got
00:04:02
caddy as the reverse proxy as another
00:04:04
node on the tailet now I'm using proxmox
00:04:07
underhood you can do this however you
00:04:09
like but I'm going to use proxmox to
00:04:10
show you today in here we can see that
00:04:13
we have caddy running so if I type caddy
00:04:15
for example it's installed I have it
00:04:18
installed as a system D service and
00:04:20
there'll be links in the description
00:04:22
down below to all of the resources if
00:04:23
you want to do this in an lxc container
00:04:26
using systemd to run caddy as a service
00:04:28
as well now if I do a tail scale status
00:04:31
inside this lxc container you can see
00:04:34
that it's just behaving like any other
00:04:36
tail scale node on my tailet but what's
00:04:38
interesting is if we take a look at the
00:04:40
caddy file that I'm using by the way the
00:04:41
caddy file is the way that we tell caddy
00:04:44
what we want to proxy where so you can
00:04:46
see here for example I've got three
00:04:48
services that I'm proxying through my
00:04:50
caddy instance first of all we've got
00:04:52
image running on one
00:04:54
192168
00:04:56
111013 on Port
00:04:58
2283 the the next one we've got is audio
00:05:01
bookshelf this is a self-hosted audio
00:05:03
book app and you can see that this one
00:05:05
is actually running on the tailet IP of
00:05:08
the auntu server as well and then
00:05:10
finally we've got jellyfin which is a
00:05:12
self-hosted media server that doesn't
00:05:14
need the cloud or anything like that and
00:05:16
all we're using there is the DNS name
00:05:18
through tail scales magic DNS feature of
00:05:21
ubu ubu 2204 D
00:05:24
server now I I chose these three
00:05:27
services in this way to show you the
00:05:28
different way you could configure your
00:05:30
caddy file using a local Lan IP address
00:05:33
so this box could be something that's
00:05:35
not even on your tailet for example so
00:05:38
long as it's rootable from the caddy
00:05:40
instance itself audio books for example
00:05:43
could be any node anywhere else on your
00:05:45
tail net anywhere in the world and again
00:05:48
the same principle applies to jellyfin
00:05:50
because it's just using the tail scale
00:05:52
magic DNS name now the other thing I
00:05:54
wanted to draw your attention to is at
00:05:55
the top of this file is this Cloud flare
00:05:57
section here this is how caddy
00:06:00
automatically generates the https the
00:06:03
TLs certificates for these self-hosted
00:06:06
Services you can see when I do the
00:06:08
import Cloud flare here it Imports that
00:06:10
cloud flare token and caddy has some
00:06:12
logic in it under the hood that knows oh
00:06:15
he specified Cloud flare that means I'm
00:06:17
going to have to go and do the Acme
00:06:19
request to go and generate the TLs
00:06:21
certificates automatically for cloud
00:06:23
flare so what's required on the tail
00:06:25
scale side okay we need to make sure
00:06:26
that it's a node on our tail net okay so
00:06:28
I'll do a tail scale status I've already
00:06:30
done tail scale login just to save us a
00:06:32
bit of time in the video now the next
00:06:34
thing we're going to have to do is
00:06:35
configure the public DNS side of this
00:06:38
solution we're going to need to know
00:06:40
where our domain names name servers are
00:06:43
pointing in my case I've pointed my
00:06:45
domain dots and stuff dodev I've pointed
00:06:48
the name service for that domain to
00:06:50
cloudflare so that I can use cloudflare
00:06:52
as my public DNS entry to manage all of
00:06:54
my DNS records so once you've gone ahead
00:06:57
and got logged into Cloud flare it's
00:06:58
going to be a case of heading over to
00:07:00
the domain itself and then on the left
00:07:03
hand side here you can see there's a DNS
00:07:05
section just here and then the entire
00:07:07
thing is configured here in one entry so
00:07:09
I've got star. RDU as a wild card entry
00:07:12
pointing to caddy Velociraptor hyen
00:07:16
noodle fish. tsnet now you will get this
00:07:19
value here the target which is required
00:07:21
to create a c name you'll get that by
00:07:24
heading over to your tail scale admin
00:07:26
console go to DNS and whatever value is
00:07:29
here whatever value is in this box here
00:07:31
under tailet name in my case
00:07:33
Velociraptor hyphen noodle fish. ts.net
00:07:36
that's the value that you want to put
00:07:38
into here this must be a fully qualified
00:07:41
domain name this is because when you
00:07:43
share the node to another tailet it's
00:07:45
not accessible by the short name it's
00:07:47
only accessible by the full fully
00:07:50
qualified domain name of caddy do
00:07:53
whatever. ts.net and with that done
00:07:55
click save and you can verify this by
00:07:58
opening a terminal window windows so
00:07:59
I'll just drag this one in from over
00:08:01
here and we'll do a dig what did I I
00:08:03
mean i' yeah test. U do some stuff dodev
00:08:08
and because this is a wild card you
00:08:10
should see that we return a c name here
00:08:13
for caddy do your tailet name. ts.net
00:08:17
doesn't have to be caddy by the way it
00:08:19
just has to match the name of the node
00:08:22
in your tail scale admin console so
00:08:24
again just to get that we go over to the
00:08:26
tail scale admin console click on the
00:08:28
drop down here and whatever this second
00:08:30
entry is here this is the fully
00:08:32
qualified domain name for the node
00:08:34
itself all right so that was a lot have
00:08:36
we got it first of all we need to know
00:08:38
what our fully qualified domain name is
00:08:40
for caddy the node on your tailet so we
00:08:43
get that in the admin console click on
00:08:44
the drop down second option over here we
00:08:47
then in Cloud flare need to make sure
00:08:49
that the name servers for our domain
00:08:51
wherever we registered it in my case I
00:08:53
registered mine at name cheep but you
00:08:55
know other registar are available and I
00:08:58
pointed my name service for that domain
00:09:00
to Cloud flare once I'd done that and
00:09:03
everything had propagated properly which
00:09:05
can take a few hours by the way I simply
00:09:07
went and created a new record you click
00:09:09
the add record button over here click on
00:09:11
the drop down see name you know I can
00:09:14
blah blah blah whatever put that in and
00:09:16
then my target here for example is you
00:09:19
know test.
00:09:21
Velociraptor that has to match the fully
00:09:23
qualified domain name in your tailet
00:09:26
remember and then TTL time to live I
00:09:28
mean whilst I'm doing a bunch of testing
00:09:30
for this video I set mine to one minute
00:09:32
if you leave yours to Auto you probably
00:09:35
won't have any issues so just leave that
00:09:36
one alone click save and then it might
00:09:39
take a moment or two to propagate but if
00:09:41
I do uh what did I call it I've already
00:09:44
forgotten blah blah
00:09:47
blah if I do blah blah blah we should
00:09:51
see that yeah there you go the C name
00:09:53
now resolves to test. Velociraptor and
00:09:56
so the next thing to do is to go ahead
00:09:57
and share it with your relative to do
00:09:59
that we head over to the tail Scout
00:10:01
admin console once more click on this
00:10:03
button here which says share next to the
00:10:06
three dot menu and generate and copy an
00:10:08
invite link once we've done that you
00:10:10
share this with your friend or relative
00:10:12
they can do this from a mobile device or
00:10:14
a laptop doesn't really matter so long
00:10:16
as it's logged into the tailet that they
00:10:18
created now in terms of the
00:10:20
chronological order of this video this
00:10:21
is where things get a little confusing I
00:10:23
wanted to create a dedicated chapter so
00:10:25
that you could share this with friends
00:10:27
or family and say hey go to this Tim
00:10:29
stamp and play From This Moment forward
00:10:31
so I'm going to skip ahead or skip back
00:10:34
in time a little bit go through the
00:10:35
process of creating a brand new tailet
00:10:38
for your relative and then once we get
00:10:40
towards the end of that chapter that's
00:10:42
where this invite link part will
00:10:44
actually get
00:10:46
used hello and welcome to the remote
00:10:48
setup part of this video I'm going to
00:10:50
walk you through creating a brand new
00:10:52
tailet and connecting it to that remote
00:10:54
service that your friend or relative is
00:10:55
trying to share with you creating a tail
00:10:58
scale account is completely free head
00:11:00
over to tails scale.com to get started
00:11:02
once there click on the button in the
00:11:04
top right which says get started and
00:11:07
then you'll need to choose your identity
00:11:09
provider in today's video we're going to
00:11:11
use Google I've created a dedicated
00:11:14
Google account just for this video
00:11:15
called myoms tailet
00:11:18
gmail.com nice and straightforward so
00:11:21
I'm going to click on sign up with
00:11:22
Google and I'm already authenticated in
00:11:25
this browser session with that Google
00:11:27
account so it presents me the choos an
00:11:29
account option just here I'm going to
00:11:30
click on that one click
00:11:33
continue and easy as that we've created
00:11:35
a tail scale account so let's add our
00:11:38
first device I'm going to make it this
00:11:40
laptop that we're using right here head
00:11:42
over to tailscale
00:11:44
docomo now if you're on a mobile device
00:11:47
you will go to the app store for your
00:11:49
device and search tail scale and
00:11:51
download the app there but on a laptop
00:11:54
in this case it's Mac OS we're actually
00:11:55
going to go to the Mac App Store to
00:11:57
download tail scale click on the the
00:11:59
little get button or the cloud icon if
00:12:00
you've already done it with this Apple
00:12:01
ID like I have here download and install
00:12:04
the
00:12:05
application click on open and you will
00:12:07
see up here in the menu bar we now have
00:12:09
a new app this is where we'll log in so
00:12:12
I'm going to go ahead and just check the
00:12:13
toggle box here which is going to turn
00:12:15
tail scale on and then I'm going to
00:12:17
click the login button now we should be
00:12:19
familiar with this page by now but this
00:12:21
is the sign in with Google this is where
00:12:23
we use the same Google account that we
00:12:25
used to create the tailet in the
00:12:27
previous step
00:12:30
once you click that button we're going
00:12:31
to be presented with a screen here which
00:12:33
says do you want to connect this device
00:12:35
this laptop do you want to connect this
00:12:36
device to your tailet and then once you
00:12:39
click on the big blue button to say
00:12:40
connect my device it's going to take you
00:12:43
to your admin console this is where you
00:12:46
will see all of the different devices on
00:12:48
your tailet and this is the point where
00:12:50
if someone sent you an invite link we'd
00:12:53
now click on that invite link and add
00:12:55
that shared node into this tail net so
00:12:57
I'm going to go and pretend to be the
00:12:59
friend or relative that's sharing this
00:13:01
service with you for just a second and
00:13:03
generate an invite link I go over to the
00:13:05
share button here generate and copy an
00:13:07
invite link what you will see as the
00:13:09
remote person is an invite link that
00:13:11
looks something like this login.
00:13:13
tailscale doccom slash admin SL invite
00:13:17
and then a string of characters when you
00:13:19
put that into a web browser or click on
00:13:21
it on a mobile device some magic will
00:13:23
happen and we will ask you if you want
00:13:25
to have this shared device added to your
00:13:26
tailet I'm going to click on the button
00:13:28
here which says accept invite and when I
00:13:31
do you'll notice that inside your tailet
00:13:34
now notice the tailet name at the top
00:13:36
here my mom's tailet gmail.com you've
00:13:38
now got two noes you've got your laptop
00:13:41
and also the shared service that the
00:13:43
other person's trying to share with you
00:13:45
what this means is if they've given you
00:13:47
a website to go to so in my case here
00:13:49
for this demo it's image. ru. dots and
00:13:52
stuff dodev you can now access that
00:13:55
service on any device that you're logged
00:13:58
in with tech tail scale remember we
00:13:59
logged in using the tail scale up up
00:14:01
here in the corner to my mom's tail net
00:14:04
and now any service that that friend or
00:14:06
relative has shared with you you can now
00:14:08
access on any device that you are logged
00:14:10
in with tail scale on now I'm going to
00:14:12
go ahead and get logged in with the
00:14:13
username that the person has provided to
00:14:16
me which in this case is a tail and
00:14:18
scales gmail.com that's right get logged
00:14:21
in and suddenly I can see my photos and
00:14:24
so this is the Crux of the solution I
00:14:26
can now go ahead and you know create
00:14:27
albums if I want to this is a image
00:14:30
specific thing not a tail scale specific
00:14:32
thing of course I'm going to create an
00:14:34
album called Canada 23 create a new
00:14:36
shared album and image has a bunch of
00:14:38
users within it for example so if you
00:14:40
want to go ahead and create a bunch of
00:14:42
users for your friends and family as the
00:14:44
server admin you go into the
00:14:45
administration section of image over
00:14:47
here and just create a different user
00:14:49
account within image for every user that
00:14:52
you want to have their own you know view
00:14:55
of the image application now earlier on
00:14:57
in the video I also showed how we could
00:15:00
use audio books and jelly fin as well so
00:15:03
whoever shared this service with you may
00:15:05
have a few other things they want to
00:15:06
share with you up their sleeve and it
00:15:08
should just be a case of going and
00:15:10
typing in whatever URL they've given you
00:15:12
so in my case RDU do doson stuff dodev
00:15:16
loads an audiobook server for
00:15:19
example and then if I wanted to go ahead
00:15:22
and load up jelly fin which is a
00:15:23
self-hosted media server again it's just
00:15:25
dots and stuff dodev and you can see
00:15:28
that
00:15:29
we can share a whole bunch of
00:15:30
self-hosted services using this method
00:15:34
now what if we want to do this on a
00:15:35
phone for example I want to access image
00:15:37
from this iPhone right here well I need
00:15:39
to install tail scale on that device I
00:15:41
don't need to accept the invite more
00:15:43
than once though because once we accept
00:15:46
the invite into our tailet because all
00:15:48
the devices are connected together with
00:15:50
direct connections as part of the tailet
00:15:52
grouping of devices there's no need to
00:15:55
accept the invite on each device just
00:15:57
once per tailet will will suffice now to
00:16:00
download tail scale on the iPhone we go
00:16:02
to the app store and just search for
00:16:03
tail
00:16:05
scale once we see it appear in the
00:16:07
search results we just click on the
00:16:09
little Cloud icon or get or open and if
00:16:12
you're on Google Play it'll be the same
00:16:13
type of deal here and then once the app
00:16:16
is downloaded let's click on open to
00:16:18
open the tail scale application now
00:16:20
we're going to walk through the getting
00:16:21
started wizard I'm going to click on get
00:16:23
started yes I understand about the
00:16:24
Privacy stuff I'm going to allow
00:16:27
notifications and then and click on
00:16:29
install VPN configuration this is so
00:16:31
that tail scale can manage the VPN
00:16:34
configurations on this particular iPhone
00:16:37
the next thing we got to do is actually
00:16:38
get logged into the tailet now I'm going
00:16:40
to click on the login button and again
00:16:42
I'm going to use the Google
00:16:44
authentication provider using the same
00:16:46
my moms tailet gmail.com Google account
00:16:50
that we created earlier in the video
00:16:52
again I'm going to click on the big blue
00:16:54
connect button to connect this device to
00:16:56
my tailet and you can see we've got all
00:16:58
of our devices showing up right here as
00:17:00
well as the shared node that we accepted
00:17:02
the invite for in the previous step on
00:17:05
the laptop remember you don't need to
00:17:07
accept the invite more than once just
00:17:09
once per tailet will suffice and so now
00:17:12
if I go to the image app on my phone and
00:17:14
log in you can see I've put the image.
00:17:16
RDU address in here I'm going to log in
00:17:18
with the username and password that
00:17:20
whoever shared the service with me gave
00:17:22
me and just like that over 5G I'm able
00:17:25
to connect to image on my phone remember
00:17:28
5G means I can't possibly be in the same
00:17:31
building and connecting to this thing so
00:17:32
I could be in England I could be in
00:17:34
Japan or America right now it wouldn't
00:17:36
matter as long as I had internet
00:17:38
connectivity I could actually resolve
00:17:40
this image service and of course on my
00:17:43
laptop as well I'm able to resolve image
00:17:45
over tail scale using the shared node
00:17:47
technique with a custom domain that we
00:17:49
just set up so this is a little taster
00:17:52
of what you can do with tail scale thank
00:17:54
you so much for joining me on this
00:17:56
little Choose Your Own Adventure with
00:17:58
friends and family with tail scale typee
00:18:00
video and until next time I've been Alex
00:18:02
from tail scale
