April 10, 20242 yr Author @Vr2Io I still don't understand what happened... I went to docker page in Unraid and stopped all containers and I started the containers again, one by one. I even restarted the Unraid server and now I can access the domain locally without tailscale.
April 10, 20242 yr 8 minutes ago, firstTimer said: @Vr2Io I can access the domain locally without tailscale. Seems you mean UI unreachable gone now ? Edited April 10, 20242 yr by Vr2Io
April 10, 20242 yr Author 1 minute ago, Vr2Io said: Not fully understand that, I haven't use Tailscale ( knowing it like VPN ) Anyway, you mean UI unreachable gone ? Yes. I wanted to understand what container cause the issue of making the Unraid UI unreachable so I made those steps: Stopped all containers (with tailscale VPN activated on my laptop) otherwise I couldn't reach the Unraid UI Turned off tailscale and the Unraid UI became reachable again though domain Started each docker container one by one (I expected that one of the container made the Unraid UI unreachable) I started all the containers and Unraid UI is still reachable (basically no container caused the issue of make the Unraid UI unreachable) To double check, I restarted the Unraid and now everything is reachable without tailscale
April 10, 20242 yr That mean Tailscale + Docker service combination got problem. Btw, I never try Tailscale, so no idee. 🙃
April 11, 20242 yr Author 1 hour ago, Vr2Io said: Did you solve this problem finally ? YES!!! Unraid is reachable from local address and HomeAssistant is running inside IoT VLAN and VMs are running in InternalServices VLAN so everything is working as expected. I wanted to route local services from IPs to domain names... do you have any suggestion? I mean let's say I have homeAssistant with IP 192.168.10.100 then I want to reach it at home.myhomelab.home Do you have any suggestion how to achieve something like this? I tried with Pihole but I can't see any device using pihole as local DNS server, I suspect that firewall rules that blocks VLAN to communicate with other VLANs is the problem... but even if I disable it, no devices is using pihole as DNS server Edited April 11, 20242 yr by firstTimer
April 12, 20242 yr 5 hours ago, firstTimer said: do you have any suggestion? Most people will apply dynamic DNS service to register a domain to map your ISP IP, then open necessary port ( i.e. HA is TCP 8123 ) at your router and point to the IP of HA. But this may be dangerous, so people will limit the internet IP range to allow access or add reverse proxy between them. There are many free dyn DNS service provider, you could try Google Duck DNS https://www.duckdns.org . For HA, Android have HA apps, this would provide much great user experience then web browser to access on mobile device. Once you have a domain, you can open different port for different service for internet access. 5 hours ago, firstTimer said: I suspect that firewall rules that blocks VLAN to communicate with other VLANs This normal, router default won't routing traffic between different subnet / vlan, it default only routing private traffic to internet. So you need set routing rule, i.e. the rule for other subnet to access Pihole. There are also another method was each subnet ( vlan ) have its own Pihole, then you don't need additional routing. Edited April 12, 20242 yr by Vr2Io
April 12, 20242 yr Author 3 hours ago, Vr2Io said: Most people will apply dynamic DNS service to register a domain to map your ISP IP, then open necessary port ( i.e. HA is TCP 8123 ) at your router and point to the IP of HA. But this may be dangerous, so people will limit the internet IP range to allow access or add reverse proxy between them. There are many free dyn DNS service provider, you could try Google Duck DNS https://www.duckdns.org . For HA, Android have HA apps, this would provide much great user experience then web browser to access on mobile device. Once you have a domain, you can open different port for different service for internet access. This normal, router default won't routing traffic between different subnet / vlan, it default only routing private traffic to internet. So you need set routing rule, i.e. the rule for other subnet to access Pihole. There are also another method was each subnet ( vlan ) have its own Pihole, then you don't need additional routing. I don't like to open ports in router... I am just scared that if a bad actor tries to enter I wouldn't even notice... 1 pihole for each vlan, sounds a little complicated to set up but I know that there is teleport function/app. It is used to sync the settings between each pihole without doing it manually each time. What do you think? It means though that I have to add missing VLANs to eth1 page, right?
April 12, 20242 yr I apply routing (Pihole) and install duplicate docker for different need, to install duplicate docker really easy, just copy the template then change its name and appdata path. 3 hours ago, firstTimer said: there is teleport function/app I don't like that method, it will affect network traffic and cause security concern. Edited April 12, 20242 yr by Vr2Io
April 12, 20242 yr Author 4 hours ago, Vr2Io said: I apply routing (Pihole) and install duplicate docker for different need, to install duplicate docker really easy, just copy the template then change its name and appdata path. I don't like that method, it will affect network traffic and cause security concern. Thanks for your suggestion.... first I have to look into ubiquiti if it is even possible to set a different DNS Server for each VLAN
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.