Yes, there are many different ways you can accomplish this.
this post was submitted on 28 Nov 2023
2 points (100.0% liked)
Self-Hosted Main
504 readers
1 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
For Example
- Service: Dropbox - Alternative: Nextcloud
- Service: Google Reader - Alternative: Tiny Tiny RSS
- Service: Blogger - Alternative: WordPress
We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.
Useful Lists
- Awesome-Selfhosted List of Software
- Awesome-Sysadmin List of Software
founded 1 year ago
MODERATORS
Lovely! Will read through it if I can find a better solution than what I got suggested earlier.
Your reverse proxy, as well as the upstream services, can all live inside your wireguard vpn. Of course this eliminates the need for having a registered domain or ssl encryption or publicly exposing the reverse proxy.
You can host Wireguard or any other tunnel that you want inside of a container in the VPS.
I use VPNs inside of a container because they do not grant access to my network to host machine. Then on VPS you can also host something like traefik and that would apply to the VPN container.
I used to have a CGNAt carrier, ran a VPS with an HAproxy lxc container that had Tailscale connected to my home network. HAproxy backend pointed to an on prem HAproxy with backend nodes in my home network. Was very stable. I’ve also used cloudflare tunnels. Cloudflare tunnels are much easier to setup.
However, I'd prefere not to open ports at home
But why? Opening one incoming port is not an issue if you only allow connections from the VPS in the firewall on that port. Keeping a 24/7 tunnel up is certainly possible, but it adds another layer of complexity/reliability.
Unfortunately my router doesn‘t allow filtering based on the origin IP. So I‘d have to set this up within every Docker container itself which I don‘t know how to do and I don’t know the implications of this.
I've had great success with this script. It's a script that makes a Wireguard tunnel between your local network and the VPS, so no opening of ports at home needed. It's made for Oracle VPS though, but it'd probably work elsewhere too.
My current setup is this:
Cloudflare DNS -> Caddy (VPS) -> Wireguard tunnel -> NginxPM (Home) -> services
You can just have the Wireguard tunnel go straight to docker though.
This doesn’t seem to use containers, I’m running Unraid in my home network so I’d prefer a solution which uses docker. Unraid doesn’t act well on installed software.