Hello
Trying to see if there is an easier way or if is secure.
I have a VPS. I want to use for web services (docker) only accessible internal and not exposed to interent e.g. ZorAxy/ngnix manager.
I don’t want to use Tailscale as the VPS is headscale and feel not secure.
Don’t want to use VPN as I don’t want my device to connect to it, forward my traffic from VPS IP. Also I use android a lot and that uses a commerical VPN.
So I thought ssh tunnel, make tun device on vps, and make docker compose port to the tun ip. Can then use a proxy on android to connect to my internal web servers. As for Linux, I have to make another tunnel and proxy my browser - problem is that everything from the browser goes through my vps, so like a VPN.
Just wondered if there was an easier solution and is this way secure?
Thanks
Split tunneling with wireguard is probably the best way for this.
There are many tutorials, here’s an example: https://ssh.sshslowdns.com/wireguard-split-tunnel-config/
This will let you have some things on wiregusard and some not