Remote access selfhosted services like Jellyfin or Nextcloud from anywhere with ZeroTier
Securely access selfhosted services like Jellyfin or Nextcloud from anywhere with ZeroTier
If you want to access you locally hosted services in your home network from anywhere you have multiple options. You can either use a VPN or port forwarding. Port forwarding is not really secure that’s why we focus on VPNs in this article. There are multiple VPN solutions out there like OpenVPN, Wireguard, ZeroTier, Tailscale and many more. I will only focus on ZeroTier in this post, but the same principles apply to other VPN solutions as well.
What is ZeroTier?
ZeroTier is a SD-WAN that allows you to connect multiple devices in a virtual network. It is very easy to setup and works on almost every platform. It is also open source and free for personal use. You can find more information on their website.
Let’s get started (Creating a ZeroTier network)
If you don’t already have a ZeoTier account and network, you can create both very easily on their website. After you created your account, just click on “Create Network”. You can note down the network ID, we will need it later.
Create the network Your first network
The next step is to add all your devices that should be able to access your services. You can follow the instructions on the ZeroTier website to download and install the ZeroTier client on your devices. Most of the clients have a GUI, so you can just enter the network ID and join the network. If you want to use ZeroTier on your server without a GUI, you can use the following command to join the network: sudo zerotier-cli join <network id>
.
Go back to the ZeroTier website and click on “Members”. You should see all your devices that you added. You still have to authorize them by clicking on the checkbox on the left of each device entry.
Your new ZeroTier network should now be setup. You can try adressing your server by its ZeroTier-IP (you can find it on the ZeroTier website) from another device in the network.
For a full explanation of how to setup ZeroTier on different devices you can check out the Getting Started documentation.
Access your services from devices that don’t support ZeroTier
If you want to access your services from devices that don’t support ZeroTier you can setup a proxy server. There are many different ways to achieve this, but I will show you a very easy way to do it.
First you need at least one device that can act as the proxy server, which has ZeroTier installed and is part of your ZeroTier network. You can use a Raspberry Pi for example.
Install socat
The next step is to install socat. Socat is a command line based utility that establishes two bidirectional byte streams and transfers data between them. On Debian based systems you can install it with sudo apt install socat
.
1
sudo apt install socat
Test the proxy
Now we can test if the proxy works. We will use socat to forward the traffic from port 8096 to the ZeroTier IP of our server. You can change the port if you want to.
1
socat tcp-listen:8096,reuseaddr,fork TCP:172.1.1.2:8096 # change port and Zerotier IP accordingly
Now you should be able to access your server from another device that isn’t part of your ZeroTier network by entering the local IP of the proxy server and the port you specified in the browser.
Start socat on boot
Now we need to create a service that starts socat on boot. Create a new file in /etc/systemd/system/
called jellyfin-proxy.service
or similar. The filename determines the name of the service. Then paste the following content into the file and replace the ZeroTier IP with the IP of your server. You can also change the port if you want to.
1
2
# Create the service file
sudo vim /etc/systemd/system/jellyfin-proxy.service
1
2
3
4
5
6
7
8
9
10
11
[Unit]
Description=Socat Jellyfin Proxy
After=network.target
[Service]
ExecStart=/usr/bin/socat tcp-listen:8096,reuseaddr,fork TCP:172.1.1.2:8096 # change port and Zerotier IP accordingly
Restart=always
User=jellyfin_user # Change this to the user that should run the service
[Install]
WantedBy=multi-user.target
Reload the systemd daemon.
1
sudo systemctl daemon-reload
The last step is to enable the service and start it.
1
2
sudo systemctl enable jellyfin-proxy
sudo systemctl start jellyfin-proxy
To check if the service is up and running you can use:
1
sudo systemctl status jellyfin-proxy
You should now be able to access your services from anywhere with ZeroTier even if your devices don’t support it.