2
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 20 Oct 2023
2 points (100.0% liked)
Self-Hosted Main
504 readers
1 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
For Example
- Service: Dropbox - Alternative: Nextcloud
- Service: Google Reader - Alternative: Tiny Tiny RSS
- Service: Blogger - Alternative: WordPress
We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.
Useful Lists
- Awesome-Selfhosted List of Software
- Awesome-Sysadmin List of Software
founded 1 year ago
MODERATORS
I run Wireguard at my public VPS. I run Wireguard on my clients at home. I have Wireguard on the server configured to route via iptables, the ports I desire to send that traffic to my home machines.
This is a good resource: https://www.linuxbabe.com/ubuntu/wireguard-vpn-server-ubuntu
If this pastes correctly, here is a redacted version of my server and client config:
#
# Client (the actual self-host local server)
#
[Interface]
## This Desktop/client's private key ##
PrivateKey =
## Client ip address ##
Address = 10.10.123.2/24
[Peer]
## Ubuntu 20.04 server public key ##
PublicKey =
## set ACL ##
#AllowedIPs = 10.10.123.0/24
# setting to 0.0.0.0/0 routes all outbound through the vpn and out the public vps
AllowedIPs = 0.0.0.0/0
## Your Ubuntu 20.04 LTS server's public IPv4/IPv6 address and port ##
Endpoint = :12345
## Key connection alive ##
PersistentKeepalive = 15
#
# Server (in the Wireguard context, exposed to the Internet)
#
[Interface]
## My VPN server private IP address ##
Address = 10.10.123.1/24
## My VPN server port ##
ListenPort = 12345
## VPN server's private key i.e. /etc/wireguard/privatekey ##
PrivateKey =
PostUp = iptables -i eth0 -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.10.123.2
PostUp = iptables -i eth0 -t nat -A PREROUTING -p tcp --dport 25 -j DNAT --to-destination 10.10.123.2
PostUp = iptables -i eth0 -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 10.10.123.2
PostUp = iptables -i eth0 -t nat -A PREROUTING -p tcp --dport 465 -j DNAT --to-destination 10.10.123.2
PostUp = iptables -i eth0 -t nat -A PREROUTING -p tcp --dport 993 -j DNAT --to-destination 10.10.123.2
PostUp = iptables -i eth0 -t nat -A PREROUTING -p tcp --dport 995 -j DNAT --to-destination 10.10.123.2
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -i eth0 -t nat -D PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.10.123.2
PostDown = iptables -i eth0 -t nat -D PREROUTING -p tcp --dport 25 -j DNAT --to-destination 10.10.123.2
PostDown = iptables -i eth0 -t nat -D PREROUTING -p tcp --dport 443 -j DNAT --to-destination 10.10.123.2
PostDown = iptables -i eth0 -t nat -D PREROUTING -p tcp --dport 465 -j DNAT --to-destination 10.10.123.2
PostDown = iptables -i eth0 -t nat -D PREROUTING -p tcp --dport 993 -j DNAT --to-destination 10.10.123.2
PostDown = iptables -i eth0 -t nat -D PREROUTING -p tcp --dport 995 -j DNAT --to-destination 10.10.123.2
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
## Desktop/client VPN public key ##
PublicKey =
## client VPN IP address (note the /32 subnet) ##
AllowedIPs = 10.10.123.2/32
#
# Server - Ensure these are set in the server if using Ubuntu ufw firewall (or similar?)
#
Anywhere on ens3 ALLOW FWD Anywhere on wg0
Anywhere on wg0 ALLOW FWD Anywhere on ens3
Anywhere on wg0 ALLOW FWD Anywhere on wg0
Anywhere (v6) on ens3 ALLOW FWD Anywhere (v6) on wg0
Anywhere (v6) on wg0 ALLOW FWD Anywhere (v6) on ens3
Anywhere (v6) on wg0 ALLOW FWD Anywhere (v6) on wg0
#
# Server - Ensure ipv4 routing is on (and ipv6 if you're using it)
#
# In /etc/sysctl.conf
net.ipv4.ip_forward=1