"Not going to explain this in detail again" - * Proceeds to explain in detail* 💜
@basdfgwe5 ай бұрын
Jim - not going to lie. This looks super complicated, and I sometimes watch your videos because of your calming voice.
@hyperprotagonist5 ай бұрын
I feel like I could fall asleep if he narrated cosmology videos.
@Jims-Garage5 ай бұрын
I wish it would work on my kids! WireGuard is probably the right choice for most people. I'm experimenting with headscale but I'll see how it works out.
@LtdJorge5 ай бұрын
@@Jims-Garage Narrate how to create your own VPN to them 😂
@omerta33935 ай бұрын
Currently I use headscale on all my devices, I did it based on your old video, thanks for update
@Jims-Garage5 ай бұрын
@@omerta3393 hey, that's awesome.
@rodrimora5 ай бұрын
Are you comfortable using a deployment with alpha versions and spotty web UI? Provided you are going abroad and would want to have the most stability possible as in case it goes down your out of luck :/ Are you planning a redundant access like wire guard or the cloud Tailscale just in case? I really prefer selfhosted but I don’t know how polish this is.
@Jims-Garage5 ай бұрын
Typically no, but it's very close to tailscale and semi supported. I do have fallback to WireGuard if needed. It's not me going on vacation, it's my mini server. That's why I'm setting this up so I can remote manage/use it.
@rodrimora5 ай бұрын
@@Jims-Garage sorry I misunderstood what is going on vacation hahahah! Thanks for the response. I’m in a similar situation but it’s me who is going on vacation and got really paranoid about remote access to my homelab. And thought about the most robust solution considering I have a dynamic ip. A couple docker ddns containers updating a duckdns and a cloudflare dns to work with wireguard as it requieres an ip/domain to work. A wireguard docker+wireguard vm in another bare metal server just in case (I found the docker wireguard to have less performance, ok for ssh but lackluster for remote gaming) But what has never failed me was Tailscale, the home assistant raspberry with an addon, a docker Tailscale, a vm running Tailscale… no need to worry about dynamic IP or ports, and works every time, maybe not as performant as a direct connection to wireguard but good enough for ssh/webserver/troubleshooting
@OM-rnd5 ай бұрын
Hi Jim. Thank you for your channel. It was one of the things why I decided to start my home server journey. It’s absolutely fantastic to have comprehensive information how to setup things. My setup is going great and growing every day. One thing I’m struggling now is how to structure my network regarding I’m being CGNAT. Your videos about NetBird and Headscale helped a lot. Could you consider to make a video for newbies with general overview how to structure setup for those pure things stucked without port forwarding. E.g. you have your docker containers, their networks, network of Proxmox VM, your Opnsense/Pfsense and VPS for self hosting NetBird/Headscale and maybe few more things in docker. How to configure flow of data, do you need to have reverse proxy at home and/or at VPS in this setup, do you need DMZ and so on. Just traffic flow and general structure, considering that all vms and basic networks already set up. It sounds like a lot but such video would be a lifesaver for those who just starting out and don’t understand why one needs certain things.
@Jims-Garage5 ай бұрын
@@OM-rnd thanks, that's a good topic, I'll consider that (it's a little more difficult as I don't have that problem so I need to replicate). In my head I'd still be using a reverse proxy (DNS challenge) to make sure all services are SSL etc and play nicely within the browser.
@substandard6495 ай бұрын
Excellent demo Jim. I'm planning try all of the self hosted SDN options before I commit. Bit concerning that it's been 12 months since the last production release, i wonder if Netbird is more active.
@Jims-Garage5 ай бұрын
@@substandard649 I was also surprised by the distance between releases. I will be checking out netbird soon.
@d1wepn5 ай бұрын
@@Jims-Garage +1 for a netbird video plz 😁
@BenThatOneGuy5 ай бұрын
I went with Netbird, and love it. Headscale was just not streamlined or robust enough for my tastes.
@kafadek8252 ай бұрын
The reason why the Nodes and Routes do not work in headscale-admin is because you have Legacy API (Headscale < 0.23) ticked in settings. Thanks so much for this
@Jims-Garage2 ай бұрын
@@kafadek825 thanks, I did test both on and off and it didn't seem to make a difference. Perhaps a quirk of my setup, or it's been fixed now.
@alex.prodigy5 ай бұрын
SQLite is actually quite fast even with heavy usage , the problem is that you usually want to run your DB and your App separately and that's a non-starter for sqlite. So if you are fine with running your app and db on the same system , sqlite is a good choice in my opinion.
@HunterGeophysicsAustralia5 ай бұрын
Hi Jim. Love all your videos. Just wondering if you could please make a tutorial for installing OpenProject (as a Docker container) using Traefik as the load balancer? The official documentation only provides instructions for Nginx or Apache, and I'd rather use Traefik as I have no other need for those two and have plenty of other needs for Traefik, so would rather just use that if it's possible. Thanks for considering.
@Jims-Garage5 ай бұрын
@@HunterGeophysicsAustralia thanks, I'll take a look at it
@HunterGeophysicsAustralia5 ай бұрын
@@Jims-Garage thank you heaps for considering it. I've been wracking my brain trying to get it to work for the last few weeks. 🤦♂
@demanuDJ5 ай бұрын
Hey Jim, great video. Any chance for self hosted netbird demo?
@Jims-Garage5 ай бұрын
Yes, I'm going to netbird in the near future.
@espressomatic2 ай бұрын
Here's a fall 2024 update. As of October 2024, Headscale-admin is unable to set/activate the API key and doesn't seem to work with the stable 0.23.0 Headscale release. Issue on github as-yet unaddressed.
@Jims-Garage2 ай бұрын
Thanks for the feedback. I've since moved over to Netbird, works well and having the UI built in is wonderful.
@moeinio15 күн бұрын
Thank you for the great video. I see that Traefik is not included in this docker-compose file. Assuming it is already installed and running, would you mind sharing the file or the video for that too?
@Jims-Garage15 күн бұрын
@@moeinio it's on my channel, search for Traefik
@pksrbx2925 ай бұрын
I thought you would do a net bird one
@Jims-Garage5 ай бұрын
@@pksrbx292 it'll be in the near future. I mention it at the end of the video.
@PW-726485 ай бұрын
@@Jims-Garage Is the netbird better in your opinion?
@Jims-Garage5 ай бұрын
@@PW-72648 I haven't used it enough, but from a technical perspective they're basically the same.
@departuring5 ай бұрын
@@Jims-Garage self hosted netbird was unstable
@Justin-cy8de5 ай бұрын
@@Jims-Garage in my experience netbrid is a lot more refined than headscale. requires more ressources to run, but gives you a great UI for management.
@yifeiren8004Ай бұрын
You can setup authentik with headsacle, create a pipeline for self registration. Then you can manage through authentik for users
@espressomatic2 ай бұрын
It'd be cool to rip out the Traefik stuff and maybe give an example of using other reverse proxies. Good overview nonetheless.
@Jims-Garage2 ай бұрын
I've considered it a few times but it would be hard work doing it for the other big 2 as well. If I don't use a proxy then people will ask for it...
@jonathandoe74902 ай бұрын
I think people who are familiar with traefik will know exactly how to make this work with it versus someone who uses the other 2 won't know what to take out that would likely break the container and make it not work.@@Jims-Garage
@espressomatic2 ай бұрын
@@jonathandoe7490 That's what I was thinking.
@HunterGeophysicsAustralia5 ай бұрын
At 22:17, it shows the IP address and MAC address of your phone. The IP and MAC are identical on my screen for my phone. I assume this is a bug...?
@Jims-Garage5 ай бұрын
@@HunterGeophysicsAustralia the IP is likely the first in the default range, the MAC is probably a similar thing (not sure why it's random though). Good spot!
@AlexandroSanchezАй бұрын
That's not a MAC address, but a IPv6 address. It's the same on your phone because that's the first (IPv4, IPv6) address pair allocated.
@userou-ig1zeАй бұрын
Some thoughts why wouldn't use: a) feels unsafe to have a docker container take care if your secure connections (what if the container is out of date too much, or the compose content changes without users noticing...) b) it would be great if it offered some onion routing between nodes (and interchangable exit nodes) c) what happens if the server goes down? Doesn't it create another, single poinr of failure for the entire network?
@urzaaaaa5 ай бұрын
I noticed, you are creating a user per device. Is that recommended way? Would there be some disadvantage to have one user per multiple devices?
@Jims-Garage5 ай бұрын
@@urzaaaaa you could do either, I was simply using a user per device.
@mankala85 ай бұрын
If you delete a user, I think it deletes your devices. My plan is to have users tied to people and devices to their devices. I'm the admin, so the infrastructure is probably going to be tied to my user. Though maybe I'll make a user for myself and a user for admin separately? It's probably more important once you start adding ACLs.
@Ogk103 ай бұрын
On the exit nodes do you have to turn the feature on/off if you don't want to route all of the traffic between clients? For example if I watch youtube on client A does it go through client B? Basically can it do split tunneling to route only the home lab services and not the whole internet? Still waiting for that offsite NAS video btw ;)
@Jims-Garage3 ай бұрын
@@Ogk10 thanks for the reminder, it's in the works! Whichever exit node you select, that is where traffic is routed through. You can split tunnel so that only local goes over the mesh VPN and internet is routed out locally.
@Ogk103 ай бұрын
@@Jims-Garage Awesome, thanks!
@JoeRoux-vm2wh2 ай бұрын
dont you have a writeup on this? I have now tried 3 diffrent explenations but get to a point where i cant see to get an iphone to register. it keeps opening port 8080 and i have a reverse proxy
@Jims-Garage2 ай бұрын
@@JoeRoux-vm2wh no, sorry, it's the docker compose and video. Sounds like you need to loadbalance 8080 to something like 443.
@IgnoreMyChan5 ай бұрын
Hi Jim, is there a backup of your plex video that got taken down? Maybe on peertube or Odysee?
@Jims-Garage5 ай бұрын
It's on X
@IgnoreMyChan5 ай бұрын
@@Jims-Garage Do you have a direct link? Without account I can not see your posts.
8:26 "because it was created elsewhere, when I setup traefik" huh? what am I supposed to do?
@Jims-Garage5 ай бұрын
You simply need to change the proxy network to whatever network your proxy is on. If you don't have one check out the video I discussed (I use Traefik).
@ggsap5 ай бұрын
@@Jims-Garage That makes sense. I am using caddy bare metal though.
@b3lt3r-t8q4 күн бұрын
Hmmm. About to try and setup Headscale with a GUI called Headplane which seems to be the closest thing to the official Tailscale one. This is still somewhat opaque to me - if user and device is 1:1 then what is the difference between them? If Headscale uses WG under the covers then does an LXC host need to be configured to allow net device config? Some tutorials do and others ignore (or maybe run in VM not LXC). I guess the major gap is the network/route allocation. In my head I would want all my devices configured in the system but then (eg) set up a network (route?) so that devices A, B and D can see each other but C cannot. and maybe A and C have their own network which B and D know nothing about. Every tutorial I've watched so far follows this videos' approach and does all to all which surely is not what you'd want especially if you allow access from other people. Like I said - I'm going to try and use it as that's how I learn best but I think some network pictures would really help people get a grip on this.
@javisartdesign5 ай бұрын
thanks for the video, very detailed. There is a way to share some ip ranges of your internal network from headscale without installing tailscale or adding routes?
@Jims-Garage5 ай бұрын
@@javisartdesign there's an option to allow LAN access per client. This will use NAT to enable it.
@javisartdesign5 ай бұрын
@@Jims-Garage thanks, I will take a look
@GundamExia885 ай бұрын
Great video! How would you compare Twingate vs Headscale/Tailscale?
@Jims-Garage5 ай бұрын
Thank you. I'm yet to test out Twingate, I'll be doing it in the near future (hopefully!).
@jonathandoe74902 ай бұрын
Does anyone have a docker compose of the headscale admin UI without the traefik stuff ? wish i knew how to remove it and have the container work myself.
@Jims-Garage2 ай бұрын
@@jonathandoe7490 delete the labels, the proxy network and add the ports. That's all that's needed.
@TheXalloumi5 ай бұрын
hello! thanks for your explanatory videos. i am unfortunately unable to access my internal services which are behind reverse proxy (traefik) through the headscale network, using the https address . (this address works locally, e.g without the tailscale network), if i use the ip address it works without any problems. any solution?
@Jims-Garage5 ай бұрын
@@TheXalloumi it's probably the DNS setting for the client. Change it to use your internal DNS and ensure it can reach it.
@TheXalloumi5 ай бұрын
@@Jims-Garage thanks for your reply. unfortunately that is not working. i have changed the dns settings in the application to not using the tailscale dns, i also changed the dns settings of the config.yaml file, but without success. is that working for anybody?
@ashoktvm4 ай бұрын
How to get headscale URL if running on selfhost?
@Jims-Garage4 ай бұрын
You need to register a domain. Check my Traefik video. You'll also need to port forward if possible.
@john__johnson5 ай бұрын
Another great tutorial. I had better performance with wireguard in my testing but good to have options.
@Jims-Garage5 ай бұрын
Yes, I suspect WireGuard will be faster. I'm going to do some testing though.
@john__johnson5 ай бұрын
@@Jims-Garage it's very close speed wise but I had much more artifacts when streaming games with moonlight/sunshine when using tailscale vs WG.
@Jims-Garage5 ай бұрын
@@john__johnson interesting, I'll be sure to check that out
@WillHung5 ай бұрын
I'm curious about why the ugreen is on permanent vacation. A little hint?
@Jims-Garage5 ай бұрын
I'll be using it as a remote server
@kiloy10065 ай бұрын
as always, high quality content and I was able to spin up headscale and register android and windows devices. I have one question though, what would be an advantage of running self-hosted headscale instead of using official one? I know free tier limits users and devices, but I wonder if there's any other good reason to run the headscale in my home server? again, thank you for the video!
@Jims-Garage5 ай бұрын
@@kiloy1006 the real answer is not really, but it does help with privacy as tailscale won't know your node IPs. There is a case when traffic can be rooted through tailscale servers but even then it's end to end encrypted
@mankala85 ай бұрын
Does headscale-admin work better if you uncheck "legacy api (headscale < 0.23)"? Because you're running the 0.23 alpha. I'd imagine the checkbox is for people who don't want to run the alpha.
@Jims-Garage5 ай бұрын
Good spot, forgot to discuss that. It made no difference in my testing.
@mankala85 ай бұрын
@@Jims-Garage The api node access stuff _looks_ correct in the headscale-admin code at a cursory glance. Headscale docs say you need to be running headscale over TLS/https for remote access to work with 50443 open to allow in the rpc traffic. You're running behind traefik, but headscale itself is running through http, so that could possibly be a problem? If that was the problem, though, I don't know why headscale-ui would work but -admin wouldn't. I've just been looking into it for a very short period of time, though, so I don't know whether rpc is what they're using for the api. I don't run my headscale behind a reverse proxy, and it only works with https, and the api seems to be what headscale-admin is looking for, but I'm running v0.22.3, so unfortunately it's annoying for me to dig into it more without a big chunk of time.
@liduke29703 ай бұрын
hey i'm worry about that everyone has your headscale -ui ip and port can add their own user, would it be dangerous?
@AndrewHargreave5 ай бұрын
Perfect timing.....almost. I'm in the middle of doing what you're planning. I have a Synology NAS that I've been backing up to iDrive E2 block storage. I've maxed out the tier I'm on....and tired of paying $300US/yr. I bought a 16TB external USB drive and connected a Raspberry Pi4 to it and using is as an ssh remote target for Synology HyperBackups. I have a little vacation trailer on a lake and finally got a decent internet connection there so I'm going to use this as my offsite backups. Been looking for a solution better then a simple OpenVPN link. I like that this solution would give me access into the network there as well. I await your followup video on how you get that working...hope it's not too far in the future :)
@Jims-Garage5 ай бұрын
@@AndrewHargreave it'll be the next video, but I'm also going to check out netbird as an alternative. I'd be careful with a USB, I'd certainly recommend a HDD over it (2 if budget permits).
@DominikSchmid5 ай бұрын
Thank you for this compréhensive tutorial. I love your curated videos! Could you also make a video about nebula overlay network. This would be great! There are only very few tutorials to be found about it.
@Jims-Garage5 ай бұрын
Thanks, I'll take a look at it.
@mastermoarman3 ай бұрын
Will theas work on tje vps you set up ?
@Jims-Garage3 ай бұрын
Should do
@jomijohn70684 ай бұрын
Does is it work without public static ip?
@Jims-Garage4 ай бұрын
@@jomijohn7068 yes, I have a dynamic IP. Checkout DDNS
@UniversScience4 ай бұрын
"Has more features, but the features are broken" 😂
@Jims-Garage4 ай бұрын
Haha, yes. I hope it's updated soon and they work again!
@Snoekverslaafde5 ай бұрын
How to do this on a NAS lets say Synology? Cant use ports like 80 there etc. And what if we dont use proxy as network? EDIT: Tried lots of things. But it wont work for me.
@wh1t3lotus195 ай бұрын
Not recommended to newbie there head and tail will spin all day try it on simple but really easy to understand and you can tell the video is heavily edited most people like to see you do it on screen so they can follow your video.
@Jims-Garage5 ай бұрын
Not sure I follow, I did do it on screen and referenced previous videos for more details where necessary.
@antoniomax31635 ай бұрын
pls add info about defguard
@brksnunes5 ай бұрын
Hi Jim, greetings from Brazil! I've been loving your content and rebuilding my homelab following your videos! I'm eagerly waiting for the video about Netbird, as I found the service very interesting. Keep up the good work!
@Jims-Garage5 ай бұрын
@@brksnunes thanks, I almost have it working. Video as soon as I do
@BenjaminBenStein5 ай бұрын
❤
@bluesquadron5935 ай бұрын
first
@johannesnguyen10905 ай бұрын
4
@HarishPillay5 ай бұрын
first++
@emanuelpersson31683 ай бұрын
Change Hostname: sudo sqlite3 /var/lib/headscale/db.sqlite UPDATE nodes SET hostname = "new_hostname" WHERE given_name = "current_name_NOT_hostname"; ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Change ID: sudo headscale nodes rename -i ID # ID is the ID number of the device as shown in "headscale nodes list"