TerribleDev/ente
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Tailscale.md

Browse Source
This commit is contained in:
frost
2025-02-23 13:11:58 +05:00
committed by GitHub
parent 48f6071f5c
commit e0dd39dd95
1 changed files with 14 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
docs/docs/self-hosting/guides/Tailscale.md
View File

@@ -1,22 +1,23 @@
---
title: Self Hosting with Tailscale
description: Guides for self hosting Ente Photos and/or Ente Auth with Tailscale
description: Guides for self-hosting Ente Photos and/or Ente Auth with Tailscale
---
# Guide
This guide aims to achieve selfhosting Ente photos or Ente-Auth with tailscale (TSDPROXY) without exposing any port OR if someone is behind CGNAT and cannot expose any post on the internet but want to run his/her own selfhosted service for themselves, friends and family only.
This guide aims to achieve self-hosting Ente photos or Ente-Auth with tailscale (TSDPROXY) without exposing any port OR if someone is behind CGNAT and cannot open any port on the internet but want to run their own selfhosted service for themselves, friends and family only.
Before getting start keep the following NOTE in mind.
> [!NOTE]
> If someone is behind double or triple CGNAT; must install tailscale system wide by running `curl -fsSL https://tailscale.com/install.sh | sh` in your linux terminal and `sudo tailscale up` otherwise dns resolver will fail and uploading will not work. This is not necessary for those who are not behing CGNAT.
This guide also work on docker rootless and normal.
> This guide also work on docker rootless and normal.
> [!CAUTION]
Remember that current docker update 28.0.0 has some bug and cannot connect to external network. Make sure to install docker-ce 27.5.0, docker-ce-rootless-extras 27.5.0 and docker-ce-cli 27.5.0. Hopefully docker 28.1.0 will resolve this issue in next week.
Remember that current docker update 28.0.0 has some bug and cannot connect to external network. Make sure to install docker-ce 27.5.0, docker-ce-rootless-extras 27.5.0 and docker-ce-cli 27.5.0. Hopefully docker 28.1.0 will resolve this issue in next week. Refrence links are [Moby Github Repo Issues 49511](https://github.com/moby/moby/issues/49511) and [Moby Github Repo Issues 49519](https://github.com/moby/moby/issues/49519)
> [!IMPORTANT]
> For docker rootless, user must have permission locally to all directories that are necessary for Ente-photos selfhosted server. It is achieve through `sudo chow -R 1000:1000 /home/ubuntu/docker/ente`. In linux terminal do check UID `id -u` or simpally `id`. First user is always 1000. To allow **listening and ping** on any port without root, create `/etc/sysctl.d/99-rootless.conf` with the following content:
> For Docker rootless, the user must have local permissions for all directories required by the Ente-photos self-hosted server. This can be achieved by running `sudo chown -R 1000:1000 /home/ubuntu/docker/ente`. In the Linux terminal, you can check the UID with `id -u` or simply `id`. The first user typically has UID 1000.
> To allow listening and pinging on any port without root privileges, create a file called `/etc/sysctl.d/99-rootless.conf` with the following content:
> ```
> net.ipv4.ip_unprivileged_port_start=0
> net.ipv4.ping_group_range = 0 2147483647
@@ -61,9 +62,9 @@ networks:
proxy:
name: proxy
```
Now login into your tailscale account admin counsle > settings > keys > Generate authkey. Give any description and must select resuable, because the key get purged if not selected after reboot of machine. It is advisable to create Tags in ACLs settings `tag: tsdproxy` `tag: ente` `tag: minio` as well. As this will create a tag nodes with no key expirory. One is safe to reboot restart docker or machine.
Now login into your tailscale account admin counsle > settings > keys > Generate authkey. Give any description and must select resuable, because the key get purged if not selected after rebooting machine. It is advisable to create **Tags** in **ACLs settings** `tag: tsdproxy` `tag: ente` `tag: minio` as well. This will create a tag nodes with no key expirory. One is safe to reboot restart docker or machine.
> Copy the generated authkey as it is shown only once.
Make tsdproxy.yaml file in `cd docker/tsdproxy/config` by running `sudo nano tsdproxy.yaml` and pupolate it with the following contants:
Make tsdproxy.yaml file in `cd docker/tsdproxy/config` by running `sudo nano tsdproxy.yaml` and pupolate it with the following contant:
```
defaultproxyprovider: default
docker:
@@ -99,7 +100,7 @@ sudo mkdir -p /home/ubuntu/docker/ente/minio-data
sudo mkdir -p /home/ubuntu/docker/ente/postgres-data
sudo mkdir -p /home/ubuntu/docker/ente/scripts/compose
```
Than give permission user for each of the above directory. `sudo chown -R 1000:1000 /home/ubuntu/docker/ente/custom-logs` etc etc. Make sure not to skip `/home/ubuntu/docker/tsdproxy/config`
Than give user permission for each of the above directory. `sudo chown -R 1000:1000 /home/ubuntu/docker/ente/custom-logs` etc etc. Make sure not to skip `/home/ubuntu/docker/tsdproxy/config`
`cd docker/ente/script/compose` and run `sudo nano credentials.yaml` than populate it with the following:
```
@@ -133,7 +134,7 @@ s3:
bucket: scw-eu-fr-v3
```
In the same directory run `sudo nano minio-provision.sh` and populate it with the following contants:
In the same directory run `sudo nano minio-provision.sh` and populate it with the following contant:
```
#!/bin/sh
@@ -259,7 +260,7 @@ networks:
external: true
```
> Thats it. Run `docker compose up -d`. Wait till every container become healthy. Open web browser. Make sure tailscale is installed on the machine. Visit https://ente.xyz.ts.net/ping. It will pong. All good if you see it. First time it will take minute or two to get SSL cert. Downnload Desktop or mobile app. Tap 7 time on the screen, which will prompt developer mode. Add https://ente.xyz.ts.net. Add new user. When asked for OTP. Just go to terminal and run `docker logs ente-museum-1`. Search for userauth. Feed the six digit and Done.
> Thats it. Run `docker compose up -d`. Wait till every container become healthy. Open web browser. Make sure tailscale is installed on the machine. Visit https://ente.xyz.ts.net/ping. It will pong. All good if you see it. First time it will take minute or two to get SSL cert. Downnload Desktop or mobile app. Tap 7 time on the screen, which will prompt developer mode. Add https://ente.xyz.ts.net. Add new user. When asked for OTP. Just go to linux terminal and run `docker logs ente-museum-1`. Search for userauth. Feed the six digit and Done.
> For getting 100TB (limitless) storage. Just Install ente-cli for windows. Extract it and add folder. Name it **export**. Add config.yaml file along and populate it with the following:
```
@@ -274,12 +275,12 @@ Right-Click in the directory where you have extracted ente-cli. Select `open in
.\ente.exe account bob # change bob to yours
```
Hit Enter twice.
For export directory, just write export. As we already created **export** folder.
For export directory, just write export. As already created **export** folder earlier.
**Write email. The one which is already used befor when creating ente account in ente desktop app.**
Type the same Password used before for the account.Run
```
.\ente.ext account list
```
and you will see the account ID. copy it.
> Open museum.yaml file. `cd docker/ente`. Run `sudo nano museum.yaml` and the account ID under Admins. Delete any previous entries.
This will list all account details. Copy Acount ID.
> Navigate to museum.yaml file. `cd docker/ente`. Run `sudo nano museum.yaml` and add the account ID under Admins. Delete any previous entries.
Restart ente-museum-1 container from linux terminal. Run `docker restart ente-museum-1`. All well, now you will have 100TB storage. Repeat if for any other accounts you want to give unlimited storage access.