I need help figuring out where I am going wrong or being an idiot, if people could point out where…

I have a server running Debian 12 and various docker images (Jellyfin, Home Assistant, etc…) controlled by portainer.

A consumer router assigns static Ip addresses by MAC address. The router lets me define the IP address of a primary/secondary DNS. The router registers itself with DynDNS.

I want to make this remotely accessible.

From what I have read I need to setup a reverse proxy, I have tried to follow various guides to give my server a cert for the reverse proxy but it always fails.

I figure the server needs the dyndns address to point at it but I the scripts pick up the internal IP.

How are people solving this?

  • ѕєχυαℓ ρσℓутσρє@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    2
    ·
    7 months ago

    My setup looks like the following:

    /etc/wireguard/wg-vps.conf on the VPS
    -----------------------------------------------------
    [Interface]
    Address = 10.8.0.2/24
    ListenPort = 51820
    PrivateKey = ********************************************
    
    # packet forwarding
    PreUp = sysctl -w net.ipv4.ip_forward=1
    
    # port forwarding 80 and 443
    PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.8.0.1:80
    PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.8.0.1:443
    PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.8.0.1:80
    PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.8.0.1:443
    
    # packet masquerading
    PreUp = iptables -t nat -A POSTROUTING -o wg-vps -j MASQUERADE
    PostDown = iptables -t nat -D POSTROUTING -o wg-vps -j MASQUERADE
    
    [Peer]
    PublicKey = ********************************************
    AllowedIPs = 10.8.0.1
    
    /etc/wireguard/wg-vps.conf on my home-server
    ---------------------------------------------------------------
    [Interface]
    Address = 10.8.0.1/24
    PrivateKey = ********************************************
    
    [Peer]
    PublicKey = ********************************************
    AllowedIPs = 10.8.0.2
    Endpoint = <VPS-DDNS>:51820
    PersistentKeepAlive = 25
    

    Now, just enable the tunnel using sudo systemctl enable --now wg-quick@wg-vps. Make sure that the port 51820, 80, and 443 are open on the VPS. Now, allow 80, 443 through the firewall on the home-server (not on the router, just allow it locally), and it should work.