I’ve been researching different ways to expose Docker containers to the internet. I have three services I want to expose: Jellyfin, Omnivore (Read-it-later app), and Overseerr.
I’ve come across lots of suggestions, like using Nginx with Cloudflared, but some people mention that streaming media goes against Cloudflared tunnel TOS, and instead recommend Tailscale, or Traefik, or setting up a WireGuard VPN, or using Nginx with a WireGuard VPN.
The amount of conflicting advice has left me confused. So, what would be the best approach to securely expose these containers?


Yes, but No, but. It’s like an always on self discovering VPN. No need to connect and login if you lose connection or change from WiFi to cell to Ethernet, it just figures it out. And as other commentor said it is wireguard. So you can set it up yourself without a 3rd party, just takes a little bit of tech savvy skill and trasfering some public keys between each set of connections. Tailscale just makes it effortless.