Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Best Way to remote access Docker containers and server?

Featured Replies

I'm trying to gain access to my server from the wider web, and am running into issues, and just asking which of the paths would be the best for me to proceed down, apologies if this is not the best place to post or if there's already a topic about it, and I've been unable to find anything helpful in the relevant documentations.

So far, I've come across a few different approaches to achieve this goal. 1. Reverse proxy servers, which sounds like a custom DNS server, where someone can enter a custom URL, which routes to the proxy, then connects to the servers IP through a database or dictionary type of thing, then relays the relevant data back to your PC. Tailscale plugin, or other such VPN service, which allows a docker to directly connect to your tailscale network, which you can configure to be accessible to the outside world through their built in funnel system via a custom URL or IP, which tailscale provides. And 3rd, Tailscale docker, which is close to the first, but instead of each docker connecting separately, they all route their traffic through the docker, which then connects to your tailscale network. Lastly, of which I don't fully understand i think, is using some kind of API like unraid connect and port forwarding to allow services to reach outside networks, but this requires an SSL certificate from the CA, and while i can get, if I don't need one, id rather not go through the bureaucracy of it. If there is any i misses, please let me know, and i will check it out and amend this topic to keep all the pathways in one spot for others encountering the same issue.

So far, I've tried using the tailscale plugin the most, as it seemed the best and easiest option. However, I've ran into some issues. Unless i add a auth key, i would need to go into the logs and manually connect each one to my tailnet, and id like for it to auto-connect, but i haven't been able to get that function to work. I assume it has to do with inside your tailnet, selecting add device, select server, and configure to your liking, which you would need to allow the reusable argument, and optionally add a tag and set it as a temporary connection, but i haven't been able to get that to work properly, it just fails in the docker logs, and I'm unsure why. The next issue I'm encountering is that when the docker restarts, my tailnet considers it a separate connection each time, and the number of "connected services" just compounds, which is just more annoying than anything. Then, when its connected, I'm unable to access both versions of the GUI, both the basic and tailscale versions, but when i start one without tailscale enabled, it works just fine. For the reverse proxy server, that requires what seems to be a complicated setup, limited ports(also a problem for the Tailscale docker, but unsure if that actually affects data transfer speeds), requires port forwarding which I'm unsure if i can easily do, as we've router problems in the past, and I don't want to reopen that can of worms if I don't need to, and this method seems to be only semi secure if hackers know where to look for the domain. It also might require an SSL certificate, unsure atm. And, like i mentioned before, if i don't absolutely need one, I'd rather not have to worry about getting one. Tailscale docker and API services like unraid connect haven't been able to get working or just seem to be very poor security.

While I'm not too worried about the security aspect, i still don't want to take chances with a potential hacker being able to access my server and network and being able to infect other connected devices. So far, the only things I'm actually planning on using it for, is a media server, like Jellyfin or Plex, and a custom minecraft server me and some friends can play on without needing to pay a third party server.

TL:DR; want to be able to use docker services without needing a closed tailnet server for me and select friends to access, how should i best go about that?

If i missed anything, or there's some additional info youd like me to clarify on, please let me know so i can assist.

Edited by VALOR

  • Community Expert

Didn't read the wall of text, but it's clear you're over thinking it :)

Just use NginxProxyManager, it'll let you host your services and provide the SSL certs if you need them (you probably don't). The only time you REALLY need to use a VPN is to access the local network.

Make sure your services stay up-to-date, and you won't have much to be worried about.

  • Author

As i mentioned in the wall of text, id rather not use a reverse proxy server because that would require me to mess with my router, which caused a whole different headache last time I tried to access it to change some settings. So if you have another option to provide, please feel free to read to wall first, then respond so you don't make another comment that I had already covered.

  • Community Expert
On 3/13/2026 at 11:59 AM, VALOR said:

So far, I've tried using the tailscale plugin the most, as it seemed the best and easiest option. However, I've ran into some issues. Unless i add a auth key, i would need to go into the logs and manually connect each one to my tailnet, and id like for it to auto-connect, but i haven't been able to get that function to work. I assume it has to do with inside your tailnet, selecting add device, select server, and configure to your liking, which you would need to allow the reusable argument, and optionally add a tag and set it as a temporary connection, but i haven't been able to get that to work properly, it just fails in the docker logs, and I'm unsure why.

If this is the case you’re using Tailscale wrong. The Tailscale plugin is a one and done deal.

You authenticate each physical device one time and you can access your entire LAN. So your server, your laptop, your phone all need to be added ONCE. And you’re in.

There is nothing to do with containers other consoles/logs.

You should NOT be using the little Tailscale toggle that you see on a container template page.

If this is too complicated. Unraid has a wireguard VPN manager built in. It does the same thing as Tailscale but a lot more manually. You will need a DDNS for this to keep your public IP updated.

Another easy to use option is Cloudflare Tunnels

Edited by MowMdown

  • Author
14 hours ago, MowMdown said:

You should NOT be using the little Tailscale toggle that you see on a container template page.

How else would i use the plugin for the dockers then? Cause the only time I can select that is when the plugin gets added, which has each docker install tailscale depending on the specifications you define. This also would pull up a status icon next to your docker name to tell you things like connection status, Tailnet IP, server/funnel, and more I probably forgot about. And for whatever reason, it gets defined as a separate instance by my tailnet, so unless i use a auth key, it just makes more ghost connections. Unless you mean the tailscale docker, then use the docker network type in the template settings. But I haven't been able to get that working, although i think that's more of just a "IDK what I'm doing" type of thing.

14 hours ago, MowMdown said:

Unraid has a wireguard VPN manager built in. It does the same thing as Tailscale but a lot more manually. You will need a DDNS for this to keep your public IP updated.

That sounds like its more difficult, if not annoying and time consuming. I might still use the DDNS just bc the IP of the server likes to change on me, and thatll help with accessing the dockers without needing to give them static IPs, which they dont seem to like for whatever reason.

  • Community Expert

I think you're fundamentally missing a critical thing. You don't NEED tailscale for your individual containers.

Simply getting your server on your tailnet is all you need to access ALL your containers via the tailscale IP and the container port. For example if your tailscale IP is 100.106.13.67 and you wanted to access plex, you type in http://100.106.13.67:32400

If you want to take it one step further and have access via your local IP instead of the tailscale IP, you go to the tailscale plugin settings and advertise your router subnet and then approve the subnet on tailscale admin dashboard online.

If you want to take it even further see this tailscale dns guide I wrote

Edited by MowMdown

On 3/16/2026 at 1:10 PM, MowMdown said:

I think you're fundamentally missing a critical thing. You don't NEED tailscale for your individual containers.

Simply getting your server on your tailnet is all you need to access ALL your containers via the tailscale IP and the container port. For example if your tailscale IP is 100.106.13.67 and you wanted to access plex, you type in http://100.106.13.67:32400

If you want to take it one step further and have access via your local IP instead of the tailscale IP, you go to the tailscale plugin settings and advertise your router subnet and then approve the subnet on tailscale admin dashboard online.

If you want to take it even further see this tailscale dns guide I wrote

Hi Mow,
I'm trying to access my Paperless on Unraid instance via Tailscale on https externally but it always fails. I am however able to access it via the server tailscale IP through http and it's port 80XX as you explain above. But I am concerned that the connection is not secure by not using https. Do you know how I can get a secure Tailscale connection to my paperless container going through this method?
Do I really need to use NGINX or Adguard? or just using Tailscale would be possible to achieve a secure connection?.
Incidentally I can connect externally to my unraid server successfully via https, but when I add the container port for the paperless ngx to the url it fails.
Grateful for any suggestions.
Kind regards

2 hours ago, Dwsomers said:

I'm trying to access my Paperless on Unraid instance via Tailscale on https externally but it always fails. I am however able to access it via the server tailscale IP through http and it's port 80XX as you explain above. But I am concerned that the connection is not secure by not using https.

Your connection to your Tailnet devices is always encrypted. Accessing Paperless with http over Tailscale is the same as accessing it with http in your local network. For someone to see that traffic, they need to be on your Tailnet or local network.

  • Community Expert
14 hours ago, Dwsomers said:

Hi Mow,
I'm trying to access my Paperless on Unraid instance via Tailscale on https externally but it always fails. I am however able to access it via the server tailscale IP through http and it's port 80XX as you explain above. But I am concerned that the connection is not secure by not using https. Do you know how I can get a secure Tailscale connection to my paperless container going through this method?
Do I really need to use NGINX or Adguard? or just using Tailscale would be possible to achieve a secure connection?.
Incidentally I can connect externally to my unraid server successfully via https, but when I add the container port for the paperless ngx to the url it fails.
Grateful for any suggestions.
Kind regards

If you want https to paperless, paperless itself would need to have its own SSL certificate installed and that’s almost always never the case.

Tailscale is secure it’s just wireguard with a fancy interface to seamlessly connect your tailnet devices. That connection is encrypted.

But if it really bothers you, you would want to setup a reverse proxy to get https in your browser. Technically the connection between the reverse proxy container and the paperless container would still be using the http port of paperless.

I don’t know anybody who installs certs for each container as it would have to be done manually and every time the cert expires. (It’s why everyone uses a reverse proxy)

Refer to my Tailscale dns guide I linked and it walks you through how to set it up.

Edited by MowMdown

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.