My mini pc hypertrain contains 3x Beelink S12Pro Proxmox HA Cluster
If you open your login page to internet without security, someone one day will have a field trip inside your NAS files and will find all your "i know what you did last summer" photos.
I do have DS423+ and i am too using Cloudfare tunnel to access it from anywhere.
My CF Tunnel setup done like this:
Domain: nas.example.com points to http://1.2.3.4: and i have 2 access rules added.
One of these rules NEEDS to match otherwise - "You Shell Not Pass"
#1: Public IP needs to be matched as my public IP
#2: Person who wants to login needs to authenticate via Google Authentication. Google authentication needs to match test1@gmail.com or test2@gmail.com
While i am at home, i use nas.example.com to access my nas instead of using its local IP and cloudflare allows access with no questions asked.
While i am outside my home network i get asked to authenticate via google and gain access this way.
+CF Tunnel adds https automatically for me.
I don't use any firewall setup or any other rules inside NAS.
I have 3x n100 16gb ram as proxmox cluster. Have bunch of VMs, containers going. So far, 3 months in and not one single issue. And all 3 going at full tilt still uses less power then my previous single server setup. One of these n100s even have 3x proxmox virtualized where I tinker with cluster, ha, ceph, zfs and other stuff ... Like sandbox, before I move to live.
Inside tailscale admin panel, under DNS settings you can specify which DNS server to use. I think by default that option is off.
I got my ON and pointing to 192.168.178.136 which is pihole. This options forces every device in tailsnet hit Pihole for DNS .
While i was using Windows - MobaxTerm
Now that i switched to MINT - Tabby
Tailscale or Cloudflare Tunnel with Access Rules