#Reverse proxying

Is Termux confusing to setup? Are you tired of updating and installing ST on every device you have? Want organization of your chats and characters? Well you are in luck. This guide will hopefully cover how to host SillyTavern on your PC where you can connect from anywhere and chat to your bots on the same PC you use to run AI models!

You will have to buy a domain for yourself and configure a CNAME for your SillyTavern page. We suggest adding or buying the domain on Cloudflare as this guide will cover how to do this with Cloudflare itself.

For Linux, we will reverse proxying SillyTavern through Traefik. There are other options such as NGINX or Caddy, but for this guide, we will use Traefik as it is what we use ourselves.

1. Get the private IP of your computer using ifconfig or from your router.

   Tip

   It is recommended to set your private IP to a Static IP. Refer to your router's manual or Google to configure static IPs.

2. Get your public IP of your modem by Googling what's my ip.

   About Public IPs

   Most residential/home networks use Dynamic IPs which are renewed after months of use. If you have a dynamic IP, use either DDClient or remember to check and change your public IP ever so often on the Cloudflare Dashboard.

3. Install Docker by following the Docker installation guide here.

   Note

   Do not install Docker Desktop.

4. Follow the steps in Manage Docker as a non-root user in the Docker post-installation guide here.

5. Go to your root folder in Linux and make a new folder named docker.

   cd /
   sudo mkdir docker && cd docker
   

6. Execute chown, replacing with your Linux username to set the permissions in the docker folder.

   sudo chown -R <USER>:<USER> .
   

7. Make a folder inside the docker folder, that being secrets and inside secrets being cloudflare.

   mkdir secrets && mkdir secrets/cloudflare
   

8. Make a folder inside the docker folder, that being appdata and inside appdata being traefik. Enter the appdata/traefik folder afterwards.

   mkdir appdata && mkdir appdata/traefik
   cd appdata/traefik
   

9. Create a acme.json file using touch and set the permissions of it to 600.

   touch acme.json
   chmod 600 acme.json
   

10. Using nano or a similar editor, create a file name traefik.yml and paste the following. Replace the template email with your own, then save the file.

    api:
        dashboard: true
        debug: true
        insecure: true
    entryPoints:
        http:
            address: ":80"
            http:
                redirections:
                    entryPoint:
                        to: https
                        scheme: https
        https:
            address: ":443"
    serversTransport:
        insecureSkipVerify: true
    providers:
        docker:
            endpoint: "unix:///var/run/docker.sock"
            exposedByDefault: false
        file:
            filename: /config.yml
            watch: true
    certificatesResolvers:
        cloudflare:
            acme:
                email: YOUR_CLOUDFLARE_EMAL@DOMAIN.com
                storage: acme.json
                dnsChallenge:
                    provider: cloudflare
                    #disablePropagationCheck: true  # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
                    resolvers:
                        - "1.1.1.1:53"
                        - "1.0.0.1:53"
    

11. Return back to the docker folder.

    cd /docker
    

12. Using nano or a similar editor, create a file name docker-compose.yaml and paste the following. Save the file afterwards.

    secrets:
        CF_DNS_API_KEY:
            file: ./secrets/cloudflare/CF_DNS_API_KEY
    
    services:
        traefik:
            image: traefik:latest
            container_name: traefik
            restart: unless-stopped
            secrets:
                - CF_DNS_API_KEY
            ports:
                - 80:80
                - 443:443
                - 8080:8080
            environment:
                CLOUDFLARE_DNS_API_TOKEN_FILE: /run/secrets/CF_DNS_API_KEY
                CLOUDFLARE_ZONE_API_TOKEN_FILE: /run/secrets/CF_DNS_API_KEY
            volumes:
                - /var/run/docker.sock:/var/run/docker.sock:ro
                - ./appdata/traefik/traefik.yml:/traefik.yml:ro
                - ./appdata/traefik/config.yml:/config.yml:ro
                - ./appdata/traefik/acme.json:/acme.json
                - /etc/localtime:/etc/localtime:ro
    
    networks:
        internal:
            driver: bridge
    

13. Login to Cloudflare and click on your Domain, followed by Get your API token.

14. Click on Create Token then Create Custom Token and make sure you give your token the following permissions.

    Token Permissions

    Zone -> DNS -> Edit

    Zone -> Zone -> Read

    Click on Continue to summary followed by Create Token.

15. Copy the Token Key given to you and store it somewhere secure.

16. cd into secrets/cloudflare and using nano or a similar editor, create a file named CF_DNS_API_KEY and paste your key inside.

17. Return to your domain page and go to DNS. Create a new record using Add record and create two A type keys like the ones below. Replace PUBLIC_IP with your own public IP, then click Save.

    Type	Name (required)	Target (required)	Proxy Status	TTL
    A	DOMAIN.com	PUBLIC_IP	Proxied	Auto
    A	www	PUBLIC_IP	Proxied	Auto

18. Create another record of the CNAME type, then click Save. Here is an example on how it should appear on the Cloudflare dashboard.

    Type	Name (required)	Target (required)	Proxy Status	TTL
    CNAME	silly	DOMAIN.com	Proxied	N/A

19. cd into appdata/traefik and using nano or a similar editor, create a file name config.yml and paste the following. Replace PRIVATE_IP with the private IP you obtained, and silly.DOMAIN.com with the name of your subdomain and domain page, then save the file.

    http:
        routers:
            sillytavern:
                entryPoints:
                    - "https"
                rule: "Host(`silly.DOMAIN.com`)"
                middlewares:
                    - https-redirectscheme
                tls: {}
                service: sillytavern
    
        services:
            sillytavern:
                loadBalancer:
                    servers:
                        - url: "http://PRIVATE_IP:8000"
                    passHostHeader: true
    
        middlewares:
            https-redirectscheme:
                redirectScheme:
                    scheme: https
                    permanent: true
    

20. Run Docker Compose using the following commands:

    cd /docker
    docker compose up -d
    

21. Go to your SillyTavern folder and edit config.yaml to enable listen mode and basic authentication, whilst disabling whitelistMode.

    listen: yes
    whitelistMode: false
    basicAuthMode: true
    

    Tip

    Make sure to change the default username and password to something strong that you can remember.

    Or to use the SillyTavern accounts as usernames and passwords:

    basicAuthMode: true
    enableUserAccounts: true
    perUserBasicAuth: true
    

    Tip

    Before enabling perUserBasicAuth ensure you have a valid multi-user setup with working passwords.

22. Wait a few minutes, then open your domain page you made for ST. At the end of it, you should be able to open SillyTavern from anywhere you go just with one URL and one account.

    Tip

    If nothing happens after several minutes, check the container logs for Traefik for any possible errors.

23. Enjoy! :D

1. Follow Steps 1-11 of Linux (Bare-Metal SillyTavern).

2. Login to Cloudflare and click on your Domain, followed by Get your API token.

3. Click on Create Token then Create Custom Token and make sure you give your token the following permissions.

   Token Permissions

   Zone -> DNS -> Edit

   Zone -> Zone -> Read

   Click on Continue to summary followed by Create Token.

4. Copy the Token Key given to you and store it somewhere secure.

5. cd into secrets/cloudflare and using nano or a similar editor, create a file named CF_DNS_API_KEY and paste your key inside.

6. Return to your domain page and go to DNS. Create a new record using Add record and create two A type keys like the ones below. Replace PUBLIC_IP with your own public IP and the example domain with your domain, then click Save.

   Type	Name (required)	Target (required)	Proxy Status	TTL
   A	DOMAIN.com	PUBLIC_IP	Proxied	Auto
   A	www	PUBLIC_IP	Proxied	Auto

7. Create another record of the CNAME type, then click Save. Here is an example on how it should appear on the Cloudflare dashboard.

   Type	Name (required)	Target (required)	Proxy Status	TTL
   CNAME	silly	DOMAIN.com	Proxied	N/A

8. Git clone SillyTavern into the docker folder.

   cd /docker && git clone https://github.com/SillyTavern/SillyTavern
   

9. Using nano or a similar editor, create a file name docker-compose.yaml and paste the following. Replace silly.DOMAIN.com with the subdomain you added above, the save the file afterwards.

   secrets:
       CF_DNS_API_KEY:
           file: ./secrets/cloudflare/CF_DNS_API_KEY
   
   services:
       traefik:
           image: traefik:latest
           container_name: traefik
           restart: unless-stopped
           secrets:
               - CF_DNS_API_KEY
           ports:
               - "80:80"
               - 443:443
               - 8080:8080
           environment:
               CLOUDFLARE_DNS_API_TOKEN_FILE: /run/secrets/CF_DNS_API_KEY
               CLOUDFLARE_ZONE_API_TOKEN_FILE: /run/secrets/CF_DNS_API_KEY
           volumes:
               - /var/run/docker.sock:/var/run/docker.sock:ro
               - ./appdata/traefik/traefik.yml:/traefik.yml:ro
               - ./appdata/traefik/config.yml:/config.yml:ro
               - ./appdata/traefik/acme.json:/acme.json
               - /etc/localtime:/etc/localtime:ro
       sillytavern:
           build: ./SillyTavern
           container_name: sillytavern
           hostname: sillytavern
           image: ghcr.io/sillytavern/sillytavern:latest
           volumes:
               - "./appdata/sillytavern/config:/home/node/app/config"
               - "./appdata/sillytavern/data:/home/node/app/data"
           restart: unless-stopped
           labels:
               - "traefik.enable=true"
               - "traefik.http.routers.sillytavern.entrypoints=http"
               - "traefik.http.routers.sillytavern.rule=Host(`silly.DOMAIN.com`)"
               - "traefik.http.middlewares.sillytavern-https-redirect.redirectscheme.scheme=https"
               - "traefik.http.routers.sillytavern.middlewares=sillytavern-https-redirect"
               - "traefik.http.routers.sillytavern-secure.entrypoints=https"
               - "traefik.http.routers.sillytavern-secure.rule=Host(`silly.DOMAIN.com`)"
               - "traefik.http.routers.sillytavern-secure.tls=true"
               - "traefik.http.routers.sillytavern-secure.service=sillytavern"
               - "traefik.http.services.sillytavern.loadbalancer.server.port=8000"
   
   networks:
       internal:
           driver: bridge
   

10. Run Docker Compose using the following commands:

    docker compose up -d
    

11. Stop the SillyTavern Docker container.

    docker compose stop sillytavern
    

12. Go to your SillyTavern folder (appdata/sillytavern/config) and edit config.yaml to enable listen mode and basic authentication, whilst disabling whitelistMode.

    listen: yes
    whitelistMode: false
    basicAuthMode: true
    

    Tip

    Make sure to change the default username and password to something strong that you can remember.

13. Start the SillyTavern Docker container again.

    docker compose up -d sillytavern
    

14. Wait a few minutes, then open your domain page you made for ST. At the end of it, you should be able to open SillyTavern from anywhere you go just with one URL and one account.

    Tip

    If nothing happens after several minutes, check the container logs for Traefik for any possible errors.

15. Enjoy! :D

DDClient allows you to sync your public IP to Cloudflare in the situation that your ISP changes it, allowing you to continue accessing your ST instance as if nothing ever happened.