Hey Guys,
currently I’m using cloudflare tunnel to hide the IP the services I’m hosting without opening a Port. However I was able to aquire a cheap VPS. Is there a way to create a “cloudflare tunnel” like system? I had an Idea, but was not able to finish implement it.
Obviously the easy solution would be, host a swag (reverse proxy) container on the vps and open some ports on my local router (one per service) and use duckdns to come around the non static IP issue.
However, I’d prefere not to open ports at home, I quite like the idea of the non port forwarding cloudflare tunnel solution.
So I was thinking I could connect the two sites via wireguard, allow the VPS to access my docker network which runs all the services and then forward the traffic which goe through the reverse proxy (like shown in this picture).
Any Ideas if this is feasible and I’m open to other suggestions, I’m right now in the phase of solution finding, so everything is welcome, especcially when it comes with a tutorial.
Have a great day, Autchi
Yes, there are many different ways you can accomplish this.
Lovely! Will read through it if I can find a better solution than what I got suggested earlier.
Your reverse proxy, as well as the upstream services, can all live inside your wireguard vpn. Of course this eliminates the need for having a registered domain or ssl encryption or publicly exposing the reverse proxy.
You can host Wireguard or any other tunnel that you want inside of a container in the VPS.
I use VPNs inside of a container because they do not grant access to my network to host machine. Then on VPS you can also host something like traefik and that would apply to the VPN container.
I used to have a CGNAt carrier, ran a VPS with an HAproxy lxc container that had Tailscale connected to my home network. HAproxy backend pointed to an on prem HAproxy with backend nodes in my home network. Was very stable. I’ve also used cloudflare tunnels. Cloudflare tunnels are much easier to setup.
I’ve had great success with this script. It’s a script that makes a Wireguard tunnel between your local network and the VPS, so no opening of ports at home needed. It’s made for Oracle VPS though, but it’d probably work elsewhere too.
My current setup is this:
Cloudflare DNS -> Caddy (VPS) -> Wireguard tunnel -> NginxPM (Home) -> services
You can just have the Wireguard tunnel go straight to docker though.
This doesn’t seem to use containers, I’m running Unraid in my home network so I’d prefer a solution which uses docker. Unraid doesn’t act well on installed software.
However, I’d prefere not to open ports at home
But why? Opening one incoming port is not an issue if you only allow connections from the VPS in the firewall on that port. Keeping a 24/7 tunnel up is certainly possible, but it adds another layer of complexity/reliability.
Unfortunately my router doesn‘t allow filtering based on the origin IP. So I‘d have to set this up within every Docker container itself which I don‘t know how to do and I don’t know the implications of this.