I spent all day today trying to get the routing to work correctly between Tailscale, Nginx and Adguard.

Basically I wanted to be able to be able to use **http://immich.network ** to route to 192.168.1.2:9000

I wanted to share the steps I took so people don’t have to go through what I did.

First a few things Local Server IP: 192.168.1.2

  1. I installed Ngnix and Adguard, in a Docker Containers, and gave Adguard IPs 3000, 3001 instead of 80 and 443 because Ngnix took it.
  2. I went to my router and made it use the DNS: 192.168.1.2
  3. I configured Proxy Host in Ngnix … immich.network => 192.168.1.2:9000
  4. I configured DNS rewrite in Adguard … *.network => 192.168.1.2

At this point I was able to use http://immich.network finally. I installed Tailscale to be able to access when I’m outside but http://immich.network didn’t work.

These helped me https://tailscale.com/kb/1019/subnets + https://tailscale.com/kb/1054/dns?q=global+nameserver

  1. I created a subnet… tailscale up --advertise-routes=192.168.1.0/24
  2. I approved it on Tailscale login

At this point I was able to access home server using its local IP 192.168.1.2 but I couldn’t get http://immich.network to work.

  1. I created a nameserver dns with split DNS but I used my local ip… 192.168.1.2 => network

Finally everything is working… I have a feeling that I’m doing it wrong but I’m too tired and it’s finally working.

  • LifeBandit666@feddit.ukEnglish
    1·
    2 months ago

    Hello again.

    I’ve gone through your steps outlined in this post now for LAN. I’ve made my own network name .crypt and added *.crypt to Adguard and pointed it at the IP address of Nginx.

    I’ve then gone and mapped my local services in Nginx. So radarr.crypt sonarr.crypt plex.crypt etc and mapped them to ports.

    Now what I enjoyed was that I had to map Adguard to forward to Nginx, but in Nginx I can use the IP address of anything on my network, not just on the host.

    So it’s map Adguard in DNS rewrites to Nginx IP, then map the IP:ports in Proxy Hosts in Nginx.

    Now when I use my Tailscale exit node (that I have from Home Assistant) I can use those addresses outside the house.

    I have noticed it only works for the .crypt domains, and not .local despite being set up as well. I guess because .local is a special address it is harder to map to Tailscale.

    Anyway, it’s working for me after following what you’ve done, I just did less in Tailscale because of the exit node