There are a number of steps required to enable external access to the applications running on your NAS:
- Domain Name and DNS Configuration
- Enable Traefik
- Router Configuration
- Enable specific applications for external access
Enabling access to applications externally does not automatically secure them. If you can access an application from within your own network without a username and password, this will also be the case externally.
It is your responsibility to ensure that applications you enable external access to are secured appropriately!
Domain Name and DNS Configuration
ansible_nas_domain to the domain name you want to use for your Ansible-NAS. You'll need somewhere to host the DNS for that domain - Cloudflare is a good free solution. Once you have an account and Cloudflare is hosting the DNS for your domain, create a wildcard DNS entry (
*.myawesomedomain.com) and set it to your current IP address.
You then need to enable and configure the Cloudflare Dynamic DNS container (
cloudflare_ddns_enabled: true) so the wildcard DNS entry for your domain name is updated if/when your ISP issues you a new IP address.
Traefik routes traffic from ports 80 (HTTP) and 443 (HTTPS) on your Ansible-NAS box to the relevant application, based on hostname.
traefik_enabled: true in your
all.yml. By default it listens on ports 80 and 443, but doesn't route any traffic.
You need to map ports 80 and 443 from your router to your Ansible-NAS box.
How to do this is entirely dependent on your router (and out of scope of these docs), but if you're using Ansible-NAS then this should be within your skillset. :)
Enable Access To Specific Applications
Every application has a
<application_name>_available_externally setting in its
defaults/main.yml. Setting this to
true (by overriding it in your nas.yml) will configure Traefik to route
<application>.yourdomain.com to the application, making it available externally.