Previously, you'd be able to access apps like Jellyfin and Immich by visiting their respective links (i.e. jf.example.com & immich.example.com). You could have done this from any device on any internet connection. While this was very convenient, it posed some security risks and practically allowed anyone to visit these apps that was otherwise meant for a specific group of people.
I pondered around the idea of limiting access based on IP addresses– a unique numerical public ID that is given to your device when connected to the internet– but that often changes and would be a hassle to maintain. The less bothersome I can make this, the better.
The second idea I had was removing signup portals, so that only those with an account to those services can access them. Well, I actually did attempt this, but quickly found out that this caused more harm than good. Not being able to reset your own password or having to rely on me freeing up so I can make you a new account were some of the hurdles.
Alas, I looked to the stars and heavens for inspiration. Went to the beach, sat on the shore, and got my feet a little wet until I realized it's cold and I wanted to go home– 5 minutes in that is. In reality, I got inspired by big corporations such as Apple, who prevents employees from accessing some of their internal services through the use of a virtual private network (VPN). Your job may be doing this now (but obviously in a snoopier fashion).
So, I spent a week and a half pulling my hair and grinding my teeth out, learning how to make my own VPN. Maybe I cried once or twice, but we don't talk about that. I had set out to reach one goal: create a way that allows you to securely access apps on Nilous, plus, throw in some perks like adblocking and improve the speed of websites loading. "What, you can do that?" you might say. No, I can't, but Cloudflare's domain name service (DNS) can!
I had ChatGPT summarize what Cloudflare's DNS is as if you're 5 years old because I don't feel like explaining it. Take it away ChatGPT!
Okay, think of the internet as a big library full of books (websites). When you want to read a book, you go to the library and ask the librarian (DNS server) to find the book for you. Now, sometimes the librarian might take a bit longer to find the book, making you wait before you can start reading. Cloudflare's DNS is like having a super-fast librarian who can find your books really, really quickly! So, when you type a website's name in your browser, Cloudflare helps find that website's address super fast, like a super-speedy librarian finding your book in an instant. This makes it quicker for you to get to the websites you want to visit on the internet!
To summarize, I have successfully built a way for you to securely connect to Nilous with the added benefits of preventing ads and unwanted tracking on the internet and allow you to browse safely and quicker with Cloudflare. Unlike your job, this VPN does not track your browsing history and its sole purpose is what has been mentioned above.
For the nerds
The VPN uses the WireGuard protocol—it's simple, efficient, and can zoom data back and forth quickly instead of the alternative, which is OpenVPN.
While OpenVPN is more reliable and have been around much longer, it is not as speedy as WireGuard. Both help keep your online activities safe and private, but they use different techniques to create a secure connection to your specified source.
VPN configurations sent out to users are set up as a split-tunnel connection, as opposed to a full-tunnel connection like paid VPNs (NordVPN, ExpressVPN, etc.) and as a result, cannot be used to mask your IP, location, and browsing history from your internet service provider (ISP). However, the WireGuard VPN can be used in conjunction with one.
I hope I have provided a clear explanation on why I decided to make a VPN, what exactly is a VPN, and how important it's used to access apps on Nilous. Congratulations on reading this all the way through. Now you can move forward in setting it up.