Use Wireguard or whatever to create a VPN between your home and your VPS, put a reverse proxy on the VPS to route all incoming requests to your home server, and point your domain to the VPS.
this post was submitted on 24 Sep 2023
40 points (95.5% liked)
Selfhosted
39964 readers
291 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 1 year ago
MODERATORS
You can use a reverse proxy for TCP and HTTP(s), and do port forwarding for other services.
OpenVPN can be bridged as well so all devices attached to your ap/router can be on the same broadcast. I’d rate this as fairly advanced but it’s possible. See here for details
Edit: without a bridge you will have double NAT, but that’s not too much of an issue imo.
So I think I'm running into this problem a bit now. The reverse proxy and everything TCP and HTTPS works. The mail server I'm still trying to figure out. I'm using Wireguard to tunnel, do you know how to "bridge" that up to the VPS so that ports I need open to listen for incoming SMTP are also being listened on on the VPS?
WireGuard don’t do bridge. But smtp is tcp on port 25 and can go though proxy.
Note: you’ll need a ptr record for your VPS IP, not all providers allow this. You’ll also need to make sure your vps provider don’t block port 25. (like digital ocean)
What’s your current setup? VPS with reverse proxy and WireGuard to your home server/network?
I tend to use haproxy and would just add a tcp frontend on port 25 and have the backend point to my home-server WireGuard IP and the port I run my smtp server. Or the local ip - if your lan subnet is in the allow section of what config on the VPs side
This is the solution I went with. Had to tinker a bit with the KeepAlive settings, but otherwise smooth sailing now! Thanks!
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| HTTP | Hypertext Transfer Protocol, the Web |
| HTTPS | HTTP over SSL |
| IP | Internet Protocol |
| NAT | Network Address Translation |
| SMTP | Simple Mail Transfer Protocol |
| SSL | Secure Sockets Layer, for transparent encryption |
| TCP | Transmission Control Protocol, most often over IP |
| VPN | Virtual Private Network |
| VPS | Virtual Private Server (opposed to shared hosting) |
[Thread #161 for this sub, first seen 24th Sep 2023, 13:15] [FAQ] [Full list] [Contact] [Source code]
Good bot
Running a solution like Wiregaurd + VPS or Tailscale is probably your best solution. It'll be transparent for you and won't set off any red flags for the network.
I've run tailscale on a cellular home internet platform as well a shared one like you have and it was slick.
I’ve had the exact same spectrum setup in Orlando and I just gave up connecting to local services. Had a VPS for my external stuff and things I wanted to reach away from home and then used a couple of local services when at home.
Personally I use tailscale which should punch through double NAT. It's a wire guard based mesh VPN, but an exit node should make it a normal VPN
If you're already using Wireguard, it's super easy to add a VPS to your Wireguard network and route all traffic through it. Then you can port forward pretty easily using some iptables rules from the VPS public IP to an IP on the Wireguard network.
That said, doing it that way will involve routing all of your traffic through the VPS, which means you'll need a good low latency connection to your VPS. (You can set up split tunneling, but it's a bit of a hassle to do that and port forwarding.) An alternative would be to set up a reverse proxy on the VPS, and reverse proxy your VPN IP.
Any non-proxiable services probably shouldn't be exposed directly to the internet anyway, and you can simply expose them via VPN.