1.0 KiB
1.0 KiB
Jefflix VPN Setup — Headscale + Tailscale
Protects all *.jefflix.lol services behind the existing Headscale VPN at vpn.jeffemmett.com.
How It Works
Before (public):
Browser → Cloudflare → Tunnel → Traefik → Jellyfin/etc
After (VPN-only):
Browser → Tailscale (WireGuard) → Traefik → Jellyfin/etc
(Only works if connected to the tailnet)
Traefik still routes by Host header — the only change is how traffic reaches it.
Quick Start
SSH into the server and follow the phases in order:
ssh netcup
Then run setup.sh (or follow the manual steps below).
Files
| File | Purpose |
|---|---|
setup.sh |
Full setup script (run on Netcup) |
coredns/Corefile |
CoreDNS config — resolves *.jefflix.lol to Tailscale IP |
coredns/docker-compose.yml |
CoreDNS container definition |
headscale-config-patch.yaml |
Split DNS addition for Headscale config |
cloudflared-config-clean.yml |
Cloudflare tunnel config with jefflix entries removed |
rollback.sh |
Emergency rollback script |