[{"content":"","date":"September 27, 2025","externalUrl":null,"permalink":"/en/categories/","section":"Categories","summary":"","title":"Categories","type":"categories"},{"content":"","date":"September 27, 2025","externalUrl":null,"permalink":"/en/categories/cv/","section":"Categories","summary":"","title":"Cv","type":"categories"},{"content":"Hi! I\u0026rsquo;m a passionate web developer specialized in backend solutions, with a preference for Laravel and PHP. I dedicate myself enthusiastically to every phase of a project, from initial planning to final delivery, ensuring high-quality results.\nAlways looking for new professional challenges, I\u0026rsquo;m eager to contribute to innovative projects and grow in a dynamic and stimulating environment.\n","date":"September 27, 2025","externalUrl":null,"permalink":"/en/cv/","section":"Francesco Caglioti","summary":"","title":"Francesco Caglioti","type":"page"},{"content":"","date":"September 24, 2025","externalUrl":null,"permalink":"/en/categories/homelab/","section":"Categories","summary":"","title":"Homelab","type":"categories"},{"content":"","date":"September 24, 2025","externalUrl":null,"permalink":"/en/categories/tailscale/","section":"Categories","summary":"","title":"Tailscale","type":"categories"},{"content":" HomeLab # I run a HomeLab with very basic functionality, for example:\nHomeAssistant Paperless Trilium Notes I\u0026rsquo;ve always accessed these services through Cloudflare Tunnel and never had a bad experience using it, but it always bothered me to publish all my services to the open internet and make them accessible to anyone.\nSo over time I considered using a VPN, so that only myself and the people I grant access to could use these services. This decision comes with some drawbacks, like not being able to share documents from Paperless via link, or losing some of the \u0026ldquo;away from zone\u0026rdquo; features in HomeAssistant — nothing that a hybrid solution can\u0026rsquo;t mitigate.\nTo give some context on my HomeLab structure, I have a MiniPC running Proxmox. Inside it there\u0026rsquo;s an LXC container for the Cloudflare Tunnel, which up to now (together with the Cloudflare dashboard configuration panel) has acted as a Reverse Proxy for the services I wanted available outside my network.\nTailscale subscription # After reading on subreddits and watching YouTube (bless YouTube), I came across several people using Tailscale, a VPN provider with an excellent free tier for hobbyists, based on WireGuard. At that point I created an account, connected my PC and phone for the initial setup, and started planning what I would need to configure from there.\nNginx Proxy Manager # I decided to use a new LXC container with Nginx Proxy Manager for the Reverse Proxy role. Once installed, I just had to configure my SSL certificate under \u0026ldquo;SSL Certificates\u0026rdquo; using Cloudflare as the provider.\nCloudflare # To use Cloudflare as a Let\u0026rsquo;s Encrypt provider you need to generate a token from the Cloudflare dashboard, going to Manage Account \u0026gt; API Tokens. From there you create a new token with the \u0026ldquo;Edit DNS Zone\u0026rdquo; permission and save it for later.\nAlso, while you\u0026rsquo;re there, go to your domain panel under DNS and add a new entry configured for the local network. Nginx configuration # Back on Nginx, you can finalize the SSL certificate configuration and add your first host. Go to \u0026ldquo;Add SSL Certificate\u0026rdquo; and select Let\u0026rsquo;s Encrypt.\nThen enter your domain, check \u0026ldquo;Use DNS Challenge\u0026rdquo; and configure it for your provider — in this case Cloudflare. The last bit of Nginx configuration, to make sure things work going forward, is to register a new host.\nYou can do that directly under \u0026ldquo;Hosts \u0026gt; Proxy Hosts\u0026rdquo; and configure the new proxy.\nWarning! Make sure to use the same domain you entered earlier. Once the new proxy is configured, try connecting directly with the new URL and check that you can reach your service.\nFor any other questions on configuring Nginx, here\u0026rsquo;s a video by Wolfgang who explains the basics very well, including how to get it running with DuckDNS.\nTailscale configuration # I had some trouble accessing my local network through Tailscale, because for some reason I was convinced that simply configuring a host would be enough — in the case of Nginx — to immediately reach the surrounding network. Unfortunately I learned the hard way that\u0026rsquo;s not the case, but let\u0026rsquo;s go step by step.\nFirst, you need to install the Tailscale add-on on an LXC container. In my case I decided to install it in the same container as Nginx for convenience, but you can create a dedicated one just for this.\nOnce that\u0026rsquo;s done, just keep following the documentation to get it working as a regular Tailscale node. But that\u0026rsquo;s not what we want — we want this node to act as a \u0026ldquo;bridge\u0026rdquo;, exposing a subnet to the rest of the devices connected to the VPN.\nTo make it a bridge with the rest of the network, you need to take a couple of steps. Here are the links:\nSubnet Routes Exit Nodes To explain step by step what I did:\nEnable IP forwarding Advertise the subnets I\u0026rsquo;m interested in to Tailscale Approve those subnets from the Tailscale control panel Configure the Tailscale client to allow connections to other nodes on the local network Mark the Tailscale client as an \u0026ldquo;exit node\u0026rdquo; In practice, these two wiki pages let me complete exactly the configuration I wanted: remote access to my home network as if I\u0026rsquo;d never left home.\nFinal configuration # As mentioned above, I have some services that should NEVER be directly accessible from the open internet, like Nginx, but others that to function properly need a properly configured tunnel — take HomeAssistant for example.\nSo I decided to apply a hybrid rule for my needs, leaving some containers protected behind the VPN and others reachable through the Cloudflare Tunnel. Some examples:\nVPN Nginx Vikunja Trilium Tunnel HomeAssistant Paperless Conclusion # I think this was a great experiment to learn how to use Tailscale, and I\u0026rsquo;ll definitely keep using it (I already have a few ideas with n8n in mind). I also believe it should be the default choice in many cases when deciding to self-host services at home.\n","date":"September 24, 2025","externalUrl":null,"permalink":"/en/article/tailscale/","section":"Blog","summary":"","title":"Tailscale VPN","type":"article"},{"content":"","date":"September 24, 2025","externalUrl":null,"permalink":"/en/categories/vpn/","section":"Categories","summary":"","title":"Vpn","type":"categories"},{"content":"","externalUrl":null,"permalink":"/en/article/","section":"Blog","summary":"","title":"Blog","type":"article"},{"content":"","externalUrl":null,"permalink":"/en/","section":"Francesco Caglioti","summary":"","title":"Francesco Caglioti","type":"page"},{"content":"","externalUrl":null,"permalink":"/en/series/","section":"Series","summary":"","title":"Series","type":"series"},{"content":"","externalUrl":null,"permalink":"/en/tags/","section":"Tags","summary":"","title":"Tags","type":"tags"}]