llm-server-docs icon indicating copy to clipboard operation
llm-server-docs copied to clipboard

Published 20 hours ago verified publisher icon varunvasudeva1

Request: Adding steps for remote access

Open PlebeiusGaragicus opened this issue 11 months ago • 3 comments

Wonderful guide! Personally I'm trying to figure out how to best provide remote access to my setup and I'd love to see a few options added to this guide.

I understand that it greatly increases the complexity and can also be considered off-topic - but that last mile issue is honestly game-changing.

I use my OpenWebUI setup on both my phone, work and personal computers and can also provide access to friends and family.

My current setup uses Cloudflare tunnels. I limit access using access groups with Cloudflare so they don't even have to remember a username/password - they just get emailed a code and OpenWebUI uses the authenticated headers.

I'd like to expand this setup to not trust Cloudflare, though. I'd like to use a reverse proxy to allow for multiple services to be hosted (in addition to my OpenWebUI). Several I have found have Let'sEncrypt support. I think using Cloudflare for dynamic DNS would be good - but I haven't yet found a definitive guide online and haven't been successful myself in setting this up. My basic Cloudflare tunnel that serves OpenWebUI works, but stepping up to a reverse proxy with multiple services (Comfy UI, my own streamlit app, etc), handing my own E2E encryption and running it all in Docker hasn't been successful.

PlebeiusGaragicus avatar Dec 15 '24 19:12 PlebeiusGaragicus

Hey @PlebeiusGaragicus, thank you! Initially, I didn’t really get into it because I felt I’m not nearly experienced with networking enough to be writing about it. Even now, I’m not necessarily a better networking engineer but I do have a pretty good solution running.

I use Tailscale on my server and access it with any other peer on my tailnet with the required info (hostname.random-name.ts.net:port). I also use a Raspberry Pi running Pihole for ad and tracker blocking - Tailscale allows the entire tailnet to be forced to use this DNS. Managing users works great and, aside from minor DNS connectivity issues, it's smooth both as a user and administrator (I also manage friends and family on the tailnet). With that in mind, I want to keep the guide's section open to other options for those that don't want to use Tailscale - I only started using it because ATT Fiber's network is behind a gateway that doesn't play well with PiVPN/Wireguard and Tailscale abstracted away the days of configuration I would have had to work through.

Let me leave this issue open while I draft a networking section - I do agree with you that, while small materially, it has a large impact on how people communicate with their servers outside of their home network. Thanks for opening this up!

varunvasudeva1 avatar Dec 18 '24 18:12 varunvasudeva1

Hello @PlebeiusGaragicus! Finally managed to get around to this and added a section on Remote Access. It has instructions for Tailscale but I'm still planning to add a vanilla Wireguard version so I think I'll just leave this open till then.

varunvasudeva1 avatar Jan 15 '25 20:01 varunvasudeva1

So glad to hear!!

I have since started learning Wireguard and it's been working wonderfully for me! Specifically, I have a VPS that is running Caddy reverse proxy which re-directs my subdomains via wireguard to my home lab server.

There are endless ways to accomplish all this which makes it paralyzing to pick one approach and make meaningful progress.

PlebeiusGaragicus avatar Jan 18 '25 17:01 PlebeiusGaragicus