I’ve been researching different ways to expose Docker containers to the internet. I have three services I want to expose: Jellyfin, Omnivore (Read-it-later app), and Overseerr.
I’ve come across lots of suggestions, like using Nginx with Cloudflared, but some people mention that streaming media goes against Cloudflared tunnel TOS, and instead recommend Tailscale, or Traefik, or setting up a WireGuard VPN, or using Nginx with a WireGuard VPN.
The amount of conflicting advice has left me confused. So, what would be the best approach to securely expose these containers?
Do you actually want to expose the things to “the internet”, or do you just want yourself (and an approved set of other users) to be able to access them from outside of your network?
If it’s the former, you’re going to want to learn about DNS, NAT, exposing ports, firewall settings, and network monitoring.
But if it’s the latter, then I recommend checking out tailscale because that gives you and some friends LAN-like access with a great internal DNS and it works really well.