this post was submitted on 29 Nov 2024
10 points (81.2% liked)

Selfhosted

40493 readers
727 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
10
connect to vps (lemmy.ml)
submitted 5 days ago* (last edited 5 days ago) by [email protected] to c/selfhosted
 

Hello

Trying to see if there is an easier way or if is secure.

I have a VPS. I want to use for web services (docker) only accessible internal and not exposed to interent e.g. ZorAxy/ngnix manager.

I don't want to use Tailscale as the VPS is headscale and feel not secure.

Don't want to use VPN as I don't want my device to connect to it, forward my traffic from VPS IP. Also I use android a lot and that uses a commerical VPN.

So I thought ssh tunnel, make tun device on vps, and make docker compose port to the tun ip. Can then use a proxy on android to connect to my internal web servers. As for Linux, I have to make another tunnel and proxy my browser - problem is that everything from the browser goes through my vps, so like a VPN.

Just wondered if there was an easier solution and is this way secure?

Thanks

top 6 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 2 days ago

What are you asking?

[–] macattack 1 points 3 days ago

Keep us posted. I am using tailscale, but plan on transitioning to a VPS running a VPN and/or headscale on it. Your scenarios isn't something I'm familiar w/ but might be a good option

[–] [email protected] 4 points 5 days ago* (last edited 5 days ago) (1 children)

I think you can set up a VPN in a way that it doesn't forward all traffic, just specific traffic to one IP or a certain network, and everything else goes out the default route. That would leave you with your regular connection, except if you're talking to your VPS, then it'll go through the tunnel. But that won't help you with the android and multiple VPN apps at the same time.

Maybe you could configure the firewall on the VPS to drop all traffic from the internet, but just accept packets from your home IP address? I mean with most providers your IP is going to change regularly. You'd need some additional logic or write some script. Your VPS would add an exception to its firewall so you can access it, while dropping all other internet traffic by default. That'd be a solution completely without VPNs.

Or if it's just a few simple services... Lock them with some login screen and people would have to log in with username+password to your services.

[–] [email protected] 8 points 5 days ago

Split tunneling with wireguard is probably the best way for this.

There are many tutorials, here's an example: https://ssh.sshslowdns.com/wireguard-split-tunnel-config/

This will let you have some things on wiregusard and some not

[–] [email protected] 2 points 5 days ago

check out gluetun

might help. i use it for setting a torrent container to use an openvpn container as its only outbound

[–] [email protected] 1 points 5 days ago

Thanks for all your tips