I…don’t think I need to. It’s all open source. Here is the DBGate repo right here.
If you’re unfamiliar with all of this, that’s your job to get educated. This is how browser-based JS software works. The “proof” is right there in all it’s glory for you to peruse.
No, it can run along anything, as long as you don’t conflict the IP space assigned to a VPN. It creates it’s own IP network space when running, so just don’t overlap with your other VPN software. Using it while at home is a bit wasteful on effort and power, but just use the Jellyfin LetsEncrypt setup and it’s the same thing.
You are missing a lot here. I think you’re confused on the difference between your LAN security, and how that fits into network connections. You don’t need an SSL cert to say that something is secure, that’s just one method of PUBLICLY securing something. Every connection on Tailscale is secure end-to-end, so if you run it on your Pi, any client that can connect to it is secured. No open ports, no lapses in security. The encryption happens between each client and the server. You’re secure.
Okay, so you might be unfamiliar with networking, so maybe some extra confusion there. Let me try to explain that a bit.
The Jellyfin server runs on LAN like normal. No need to use Tailscale if you’re just using your Wi-Fi or Ethernet.
Tailscale/Headscale creates it’s own VPN network which will need its own IP space. Same as any other VPN. It’s just a setting in the config, and the routing is pretty simplistic and mostly automatic.
Tailscale/Headscale can run anywhere. Doesn’t need to be on that Pi, but that Pi will need a Tailscale client to be on the “Tailnet” and communicate with other devices also connected to it.
ProtonVPN clients have their own IP space and network that go elsewhere. That’s its own separate thing.
Sorry, it may be confusing, but Headscale is ONLY the free server component. The client is still Tailscale’s open client. That’s why I’m saying just sign up and try it first with Tailscale, and then if you need more connections without paying, create a Headscale server and re-register your clients to that to skip charges.
Okay, so let me explain a bit:
Tailscale is a commercial client that is semi-FOSS. It’s built on Wireguard, which is FOSS, but the cloud hosted architecture does cost money after I think 5 clients.
Headscale is a FOSS implementation of Tailscale, and totally free to host, skipping the above.
Tailscale itself is super easy to use, and you just install it on a node, register it, and then it has access to any other device on that secured network. So if you install it on your Jellyfin machine at home behind your normal firewall, then install it on your phone, you’ll be able to connect to it without forwarding ports for messing around with much.
It should be that simple.
Run in at home and get Tailscale setup with a Headscale server, or just use Tailscale straight out of you want. That’s the simplest.
A better option would be getting an OpenWRT router and start building proper infrastructure for doing something like this. You’ll have many different options for decentralized and NAT traversing VPNs with this option. GL.Inet Flint is a great choice.
Again, no.
DBGate is an application running in your browser. Just like any other desktop application, except it’s code is executed in the browser, and not a standalone window. DBGate uses the runtime platform of your browser to execute code and create connections to the database you’re using. That’s where you’re getting confused. There is nothing running in the docker container except a dumb HTTP server that allows your browser to load the code to executed, just as if you had visited their website.
This same exact code can also be packaged to run in Electron as a standalone window in your desktop so it seems like its own app. Same exact code that runs in your browser, but using Electron to host and execute its code.
That’s not how it works, or maybe the arrows are pointing the wrong direction in your ASCII. DBgate is an in-browser application in the same way that the other posted is, just with different features. They both run completely in the browser, BUT the files need to get loaded there first right? So the docker version of DBgate is simply starting a tiny web server that bootstraps the client application into your browser when you visit the local port. It’s right in their docs.
No server-side code at all, and in fact, you can kill the docker container after you get it loaded in your browser if you want to double check 😉
Well if it demystifies Tailscale a bit, just think of it like a traditional VPN with specific controls over the traffic flow. It’s e2e encrypted between every node, and you control the exit node. You’re use-case would work just like OpenVON, for example, where your client traffic exits where you decide (your VPS).
If you really want a deeper understanding, have a looke at Headscale and maybe set it up on your VPS. You use your same Tailscale client, and just register it with the Headscale instance on your VPS. Just setting it up will give you a tutorial on how Tailscale works in general. You can ping me with questions, or the Discord is really active and responsive.
Why?
You’re trying to run a DC setup in your home for AI bullshit?