2
submitted 11 months ago by Autchirion@alien.top to c/main@selfhosted.forum

Hey Guys,

currently I'm using cloudflare tunnel to hide the IP the services I'm hosting without opening a Port. However I was able to aquire a cheap VPS. Is there a way to create a "cloudflare tunnel" like system? I had an Idea, but was not able to finish implement it.

Obviously the easy solution would be, host a swag (reverse proxy) container on the vps and open some ports on my local router (one per service) and use duckdns to come around the non static IP issue.

However, I'd prefere not to open ports at home, I quite like the idea of the non port forwarding cloudflare tunnel solution.

So I was thinking I could connect the two sites via wireguard, allow the VPS to access my docker network which runs all the services and then forward the traffic which goe through the reverse proxy (like shown in this picture).

Any Ideas if this is feasible and I'm open to other suggestions, I'm right now in the phase of solution finding, so everything is welcome, especcially when it comes with a tutorial.

Have a great day, Autchi

top 9 comments
sorted by: hot top controversial new old
[-] watchdog_timer@alien.top 2 points 11 months ago

Yes, there are many different ways you can accomplish this.

[-] Autchirion@alien.top 1 points 11 months ago

Lovely! Will read through it if I can find a better solution than what I got suggested earlier.

[-] dually@alien.top 1 points 11 months ago

Your reverse proxy, as well as the upstream services, can all live inside your wireguard vpn. Of course this eliminates the need for having a registered domain or ssl encryption or publicly exposing the reverse proxy.

[-] PovilasID@alien.top 1 points 11 months ago

You can host Wireguard or any other tunnel that you want inside of a container in the VPS.

I use VPNs inside of a container because they do not grant access to my network to host machine. Then on VPS you can also host something like traefik and that would apply to the VPN container.

[-] Conscious-Calendar37@alien.top 1 points 11 months ago

I used to have a CGNAt carrier, ran a VPS with an HAproxy lxc container that had Tailscale connected to my home network. HAproxy backend pointed to an on prem HAproxy with backend nodes in my home network. Was very stable. I’ve also used cloudflare tunnels. Cloudflare tunnels are much easier to setup.

[-] certuna@alien.top 0 points 11 months ago

However, I'd prefere not to open ports at home

But why? Opening one incoming port is not an issue if you only allow connections from the VPS in the firewall on that port. Keeping a 24/7 tunnel up is certainly possible, but it adds another layer of complexity/reliability.

[-] Autchirion@alien.top 1 points 11 months ago

Unfortunately my router doesn‘t allow filtering based on the origin IP. So I‘d have to set this up within every Docker container itself which I don‘t know how to do and I don’t know the implications of this.

[-] Anejey@alien.top 0 points 11 months ago

I've had great success with this script. It's a script that makes a Wireguard tunnel between your local network and the VPS, so no opening of ports at home needed. It's made for Oracle VPS though, but it'd probably work elsewhere too.

My current setup is this:

Cloudflare DNS -> Caddy (VPS) -> Wireguard tunnel -> NginxPM (Home) -> services

You can just have the Wireguard tunnel go straight to docker though.

[-] Autchirion@alien.top 1 points 11 months ago

This doesn’t seem to use containers, I’m running Unraid in my home network so I’d prefer a solution which uses docker. Unraid doesn’t act well on installed software.

this post was submitted on 28 Nov 2023
2 points (100.0% liked)

Self-Hosted Main

504 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS