Comment on Paralyzed by indecision
MigratingtoLemmy@lemmy.world 9 months agoAbsolutely. Everyone should, in theory, be alarmed by the blatant push towards being the world’s biggest MiTM by Cloudflare, but if one doesn’t care about that, then it’s a very good service.
I would personally consider running my own VPS with encrypted storage and run Wireguard tunnels (with the VPS as the server and my devices/home router) as the client. If I connect to the same socket, I could essentially connect to my home network without opening any ports there. Tailscale operates on a similar concept at scale, but you’d be better off hosting headscale if you care about privacy.
Molecular0079@lemmy.world 9 months ago
I was thinking the same thing regarding VPS and Wireguard. I use Wireguard personally to VPN into my home network for remote management, but I still haven’t looked up how to make a VPS as a proxy using it. I know they can join the same network and talk with each other but how what’s the best way to route port 80 and 443 on the VPS to my server at home? Iptables?
MigratingtoLemmy@lemmy.world 9 months ago
That would be correct. Typically people recommend reverse-proxies for this because of their routing capabilities, but unless you have complicated checks and other functionality you need to implement, simple NAT is the best way to go about this.
nftablescan do exactly what you need with excellent performance.Molecular0079@lemmy.world 9 months ago
Thanks! Yeah i am already using a nginx reverse proxy in a docker container to expose my other docker containers so I was thinking two reverse proxies in a row might be too inefficient. Will definitely look into nftables. Nftable rules are temporary though right? What’s the correct way to automate running these rules on boot?
MigratingtoLemmy@lemmy.world 9 months ago
Ideally, to preserve them in a file and run a command to load them at start-up. This is trivial to do in OpenRC or similar init systems, whilst systemd will require a service configured for it.