I’m looking into replacing cloudflare with a VPS running a reverse proxy over a VPN, however, every solution I see so far assumes you’re running Docker, either for the external reverse proxy host or the services you’re self hosting.

The VPS is already virtualized (perhaps actually containerized given how cheap I am) so I don’t want to put Docker on top of that. The stuff I’m self hosting is running in Proxmox containers on a 15 year old laptop, so again, don’t want to make a virtual turducken.

Besides, Docker just seems like a pain to manage. I don’t think it was designed for use as a way to distribute turnkey appliances to end users. It was made for creating reproducible ephemeral development environments. Why else would you have to specify that you want a storage volume to persist across reboots? But I digress.

Anyway, I want to reverse proxy arbitrary IP traffic, not just HTTP/S Is that possible? If so, how?

My initial naive assumption is that you set up a VPN tunnel between the VPS and the various proxmox containers, with the local containers initiating the connection so port forwarding isn’t necessary. You then set up the reverse proxy on the VPS to funnel traffic through the tunnel to the correct self-hosted container based on domain name and/or port.

  • couch1potato@lemmy.dbzer0.comEnglish
    1·
    11 hours ago

    Install tailscale on your vps. Install tailscale on your router. Use tailscale option (on your router) to expose subnet to the tailnet, the subnet being whatever you’re trying to reverse proxy.

    Replace tailscale with headscale if you’re paranoid, can run headscale on the vps too if you want to. I had this sort of working, my issue i ran into was manually setting up outbound rules for tailscale traffic in pfsense. Manual because the pfsense tailscale plugin didn’t let you specify a headscale server, it only plays with the official tailacale backplane. Installing tailacale on the pfsense command line works and gets around this and your router will show up on your headscale tailnet, but the outbound rules wont automatically be created… so… twas a rabbit hole I didn’t feeling like exploring at the time.