I’ve recently reinstalled my HPE Proliant DL Gen 9. The OS I chose for the reinstall was Proxmox. I wanted to remotely access some of my services and virtual machines and that is where Tailscale came in. Of course, when connecting from remote networks, I wanted all my traffic to go over https, for this I used Nginx Proxy Manager.
In this post I will tell you exactly how you can access your self hosted services from anywhere in the world over https using tailscale and nginx proxy manager. You should have a domain name of your own to follow my exact setup.
Creating a Tailscale account#
Go to tailscale.com and create your account. After that, you can already install tailscale on your own devices if you want.
Setting up Nginx Proxy Manager#
The next step is setting up Nginx Proxy Manager. Since I installed Proxmox, I’ve used the Nginx Proxy Manager helper script to install it into an LXC.
The important part here is that you install tailscale in the same container that runs Nginx Proxy Manager. You will probably have it running on a Linux system / container, check here how to install.
Or just blindly copy paste this command, because you should definitely trust every command a stranger on the internet tells you to run. (just kidding this is the real command at this time, just double check):
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
You will get a link to add this device into your tailnet, add it and you are done!
Optionally you can disable the key expiry for this client in the tailscale admin console, this way you won’t need to reauthenticate every so often.
DNS setup#
Now for the https part.
First, you should choose your subdomain. In my case I’ve chosen *.home.mydomain.com.
This way, I can add resources like: pihole.home.mydomain.com. You could also
just choose for *.mydomain.com, then you can add resources like pihole.mydomain.com.
This is fully up to you.
If you have chosen the subdomain, go do your DNS provider, which in my case is Cloudflare,
and add a DNS A record for your chosen subdomain (in my case this was *.home) and
point it to the Tailscale IP address of your Nginx Proxy Manager device (get it from the
admin console).
Tailscale IP addresses are private, meaning somebody that is not connected to your tailnet, cannot resolve that IP to your Nginx Proxy Manager. This keeps everything private without opening up things to the internet.
If you are using Cloudflare, then you will need to create an API token. Go to Profile > API Tokens and click Create Token. Use the Edit zone DNS template. Next, change the name of the token to something informative like “Nginx Proxy Manager”, under Zone Resources select your domain name and then click Continue to summary, after that click Create Token. Make sure to note down that token for the next part.
Next, open Nginx Proxy Manager and go to certificates. Here we will add our wildcard
SSL certificate. Click Add Certificate > Let’s Encrypt via DNS. In the
domain names field, add your domain (in my case: *.home.mydomain.com). Then
select your DNS provider (in this case: Cloudflare). You will see a field
Credentials File Content pop up, here you need to add the API token you
created in Cloudflare. After that is all done, click Save.
Accessing resources#
To access your resources you can just add Proxy Hosts to your services.
Example: Proxmox#
I wanted my Proxmox UI to be available at pve.home.mydomain.com.
- Domain Names:
pve.home.mydomain.com(notice that you can add multiple domain names if you want) - Scheme:
https(because Proxmox has a self signed certificate, you can use https to access the UI) - Forward Hostname / IP:
192.168.x.x(the local IP of the Proxmox server) - Forward Port:
8006 - Toggle on websockets support (if you want to use the terminals in the UI)
- SSL: select your SSL certificate you previously created and enable
Force SSL, you can also enable the rest if you want
If you have done all that, you can click Save.
Et voila, now you can access your Proxmox UI on pve.home.mydomain.com.
