If you’re running a home server or a NAS, it’s likely that you’re using Docker containers to get access to some of the best open-source tools and services. But there’s one big problem with self-hosting – remote access. As easy as it is to pull a container’s web UI when you are on your home network, things can get pretty messy once you step out. Port forwarding can be risky, dynamic IP addresses will usually break, and like most users, I don’t want to fumble around with a VPN connection every time I want to access my recipe tracker on the go.
When I first started running Docker apps on my Synology NAS, I stuck to a local-only setup for a very long time. This worked fine, but as my stack has grown to include productivity tools, I need to access these on the go. Whether it’s a media server, a notes app, or just the aforementioned recipe tracker, a simple, secure way to connect back to my server outside my network is what I needed. After testing dozens of methods, I’ve settled on two methods as a reliable and secure way to connect back to the Docker apps on my home server.
Using a reverse proxy setup
Streamlined remote access with a reverse proxy
A reverse proxy is one of the most convenient ways to get remote access to all the Docker apps on your server. Moreover, it allows me to use an easily memorizable URL instead of an IP address to dial back in. This alone makes remote access dramatically easier, but there’s more to unravel here.
While I use the built-in reverse proxy manager on my Synology NAS, running Nginx in a Docker container is a popular choice. Nginx offers a lightweight solution purpose-built for the task at hand and, once configured, sits between the internet and your apps, routing incoming requests to the right container based on the subdomain. Whenever you spin up a new container, you can easily create a new proxy rule in Nginx and point it to a new subdomain guaranteeing remote access.
An added advantage of using Nginx or even Synology’s built-in reverse proxy solution is SSL certificate management. This allows every service I expose to be issued an SSL certificate guaranteeing that all the connections are encrypted by default.
On a day-to-day basis, the reverse proxy set up is as fool-proof as it comes. Not only does it make the set-up feel polished and professional, but it adds a lot of ease of use through remote access, and the fact that I don’t have to remember ports. Having access to descriptive subdomains makes it all that much easier to access my services on the go.
Using Tailscale
Secure, easy and free
While a reverse proxy is an excellent solution for quick, browser-based access, it’s not the only way to access your apps and services on the go. There are times when you want the security and flexibility of a direct private connection to your home network. This is where Tailscale comes in.
Tailscale creates a secure, encrypted network between your home network, and any device like a laptop, smartphone, or tablet, ensuring that they all act like they are on the same local network, no matter where you are.
The beauty of Tailscale is that it handles all the heavy lifting for you and is essentially plug and play. Once you’ve installed it on your server or NAS, there is no need to worry about port-forwarding or exposing services to the internet. Each device gets a unique Tailscale IP address that only devices connected to my Tailscale account can access. I can connect to the web interface of my Docker containers using these private IPs, exactly as if I were on my home network.
Tailscale has a few additional features up its sleeve that you might appreciate. For example, MagicDNS means that you don’t have to type out long IP addresses. You can configure your Synology NAS as a subnet router to access any other device on your network. You can also use your NAS as an exit node, allowing for secure internet access on all your Tailscale connected devices. It’s extremely flexible and is what I’d recommend for users who want a no-fuss solution.
Bringing all my services together for secure remote access
Between my reverse proxy setup and Tailscale, I have two easy-to-use and secure methods to connect to my home server remotely. The reverse proxy is convenient with its clean URLs that I can easily share with others too. Tailscale, on the other hand, provides me with a private tunnel back home without having to open ports or manage a full-blown VPN. Using both in combination, I can basically tap into my self-hosted tools from anywhere in the world without the stress of regular troubleshooting.
Self-hosting is all about control and having reliable remote access is part of that. Between these two methods, you have the choice of a more hands-on, open-source and in-your-control solution as well as a zero-config commercial solution to reach your Docker containers in peace, no matter where you are.
