I know that I can use 3rd party services to set up a tunnel, like Cloudflare, but I’d like to implement this myself.
I feel like every time I research this question I find all kinds of blogs / form posts across the timescape on the topic, and I’m just looking for whatever might be the most current or recommended best method of configuring a VPS tunnel. I’m behind a CG-Nat which is why I want to set one up.
If you’ve done this recently yourself, where did you get your info from?
I don’t have a particular guide to reocmmend, but assuming you have a VPS already, you’ll basically need just a few components:
A VPN (I’d use wireguard) tunnel between your network at home and the VPS
A reverse proxy on your VPS (nginx-reverse-proxy is a pretty user-friendly implementation) to forward traffic to the correct host on your local network
A DNS record for your subdomain that points to your VPS’s public IP address.
That should basically do what you need. The reverse proxy will see the domain (https://whatever.example.com) and pass it on to the machine on your local network (e.g. 192.168.1.111:8888) via a VPN connection (which will push the routes so the VPS knows how to get to your local network).
So here is a question: does it need to be a sub domain? Can’t I redirect all traffic to the VPS? If I wanted to host a HTML website at my root domain and have it served by nginx for example, couldn’t I do that?
I just see subdomain mentioned in the guides / tools I see but I don’t understand why exactly.
Doesn’t have to be a subdomain, but just good practice for hostnames to be a subdomain because hostnames generally represents a named server (subdomain) within an organization (domain). Also it makes things easier if you add additional servers in the future to just assign another hostname to the new server.
I usually do:
domain.ext - leave open, not used.
servername.domain.ext - A records in DNS pointing to servers’ public addresses; (i.e. servera.domain.ext. A 10.0.0.123; serverb.domain.ext. A 10.0.0.234; etc.)
service.domain.ext - CNAME to the server it is on (i.e. auth.domain.ext. CNAME servera.domain.ext
This way it is super quick for me to move entire server to different provider (update A record) or move service to another server (update CNAME record) when I need to shuffle things around.
If you’re running a public facing website, you could always CNAME your www and @ (or whatever your DNS provider uses to represent root domain) to your server specific A record entry.
It’s funny, when you explain it, my IT hat goes on and I totally get it lol. I guess the context felt different enough that I didn’t get it. But I work with Windows domains all day and that’s exactly how DNS operates in that environment.
Ultimately I think for a tunnel you’ll end up with your records pointing to your VPS. So you’ll have a *.domain.tld CNAME record and maybe a @ CNAME record and your nginx server on the other end of the tunnel would handle the routing.
Hey, it definitely doesn’t have to be just a subdomain. You can have a record for example.com point to your VPS’s IP at the same time you have www.example.com, nextcloud.example.com, and jellyfin.example.com. Have as many services and domains as you like and the reverse proxy will direct the traffic to the correct local server based on the domain name.
One way you can do this flexibly is to have two records in your DNS: an A record pointing example.com to your VPS and a CNAME pointing *.example.com to example.com. That way, any subdomain will go to your VPS and you only have to add new services in the reverse proxy.
There isn’t a guide yet that I’ve found. I slowly & painfully assembled all the info and beat my head against the task until I had something working & stable.
I’m currently building a comprehensive one, but due to circumstances beyond my control, it’s taking forever.
I think civilization just hasn’t gotten there yet, but I suspect I’m not the only one working on this, so I bet the reverse proxy tunnel HOWTO situation will be way better in a year or two…
FWIW I use nginx on the front end, and rathole for my tunnels - the latter is a very straightforward way to set up the tunnels.
I’m very slowly typing up a blog post on how I did it, but I had success tunneling my Plex through T-Mobile’s CGNAT by running this Docker container on my local machine and on a free (technically PAYGo using always-free services) Oracle Cloud account.
Much like Cloudflare, this is for sending specific-port traffic through the tunnel.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
selfh.st Newsletter and index of selfhosted software and apps
I don’t have a particular guide to reocmmend, but assuming you have a VPS already, you’ll basically need just a few components:
That should basically do what you need. The reverse proxy will see the domain (https://whatever.example.com) and pass it on to the machine on your local network (e.g. 192.168.1.111:8888) via a VPN connection (which will push the routes so the VPS knows how to get to your local network).
So here is a question: does it need to be a sub domain? Can’t I redirect all traffic to the VPS? If I wanted to host a HTML website at my root domain and have it served by nginx for example, couldn’t I do that?
I just see subdomain mentioned in the guides / tools I see but I don’t understand why exactly.
Doesn’t have to be a subdomain, but just good practice for hostnames to be a subdomain because hostnames generally represents a named server (subdomain) within an organization (domain). Also it makes things easier if you add additional servers in the future to just assign another hostname to the new server.
I usually do:
domain.ext- leave open, not used.servername.domain.ext- A records in DNS pointing to servers’ public addresses; (i.e.servera.domain.ext. A 10.0.0.123;serverb.domain.ext. A 10.0.0.234; etc.)service.domain.ext- CNAME to the server it is on (i.e.auth.domain.ext. CNAME servera.domain.extThis way it is super quick for me to move entire server to different provider (update A record) or move service to another server (update CNAME record) when I need to shuffle things around.
If you’re running a public facing website, you could always CNAME your
wwwand@(or whatever your DNS provider uses to represent root domain) to your server specific A record entry.It’s funny, when you explain it, my IT hat goes on and I totally get it lol. I guess the context felt different enough that I didn’t get it. But I work with Windows domains all day and that’s exactly how DNS operates in that environment.
Ultimately I think for a tunnel you’ll end up with your records pointing to your VPS. So you’ll have a
*.domain.tldCNAME record and maybe a @ CNAME record and your nginx server on the other end of the tunnel would handle the routing.Hey, it definitely doesn’t have to be just a subdomain. You can have a record for example.com point to your VPS’s IP at the same time you have www.example.com, nextcloud.example.com, and jellyfin.example.com. Have as many services and domains as you like and the reverse proxy will direct the traffic to the correct local server based on the domain name.
One way you can do this flexibly is to have two records in your DNS: an A record pointing example.com to your VPS and a CNAME pointing *.example.com to example.com. That way, any subdomain will go to your VPS and you only have to add new services in the reverse proxy.
There isn’t a guide yet that I’ve found. I slowly & painfully assembled all the info and beat my head against the task until I had something working & stable.
I’m currently building a comprehensive one, but due to circumstances beyond my control, it’s taking forever.
I think civilization just hasn’t gotten there yet, but I suspect I’m not the only one working on this, so I bet the reverse proxy tunnel HOWTO situation will be way better in a year or two…
FWIW I use
nginxon the front end, andratholefor my tunnels - the latter is a very straightforward way to set up the tunnels.I’m very slowly typing up a blog post on how I did it, but I had success tunneling my Plex through T-Mobile’s CGNAT by running this Docker container on my local machine and on a free (technically PAYGo using always-free services) Oracle Cloud account.
Much like Cloudflare, this is for sending specific-port traffic through the tunnel.
https://github.com/DigitallyRefined/docker-wireguard-tunnel
I saw this and I think it’s what I’m going to do too. I figure I can just configure it with my existing nginx information and go from there.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
7 acronyms in this thread; the most compressed thread commented on today has 20 acronyms.
[Thread #50 for this sub, first seen 16th Aug 2023, 06:05] [FAQ] [Full list] [Contact] [Source code]
Cool bot!