I have a few things that I host from my house. I have read that it’s better practice to route stuff through a VPS to not expose your home IP.
Here’s what I’ve done so far: VPN setup on VPS with successful routing of containers. Confirmed by using a CLI IP check within the container which returned the VPS IP. I used PiVPN because I know it and it’s easy to set up.
Where I got stuck: I pointed Nginx to the supposed IP:port of the connection, but couldn’t get it to load.
What should I do next?
Se this link: https://wiki.gardiol.org/doku.php?id=router%3Aproxy_chain
Hope helps
This part always confuses me, so I won’t be able to give specifics; just a general direction. Most guides explain how to route traffic from a vpn client to the lan of the vpn host. You need to route traffic from the vpn host/lan to a client of the vpn.
You need to change the routing table on the VPS, adding a static route to route traffic heading for your VPNs subnet to the VPN host instead of out the default gateway.
How exactly to do that I’ll have to leave to someone else unfortunately. Network config confuses the hell out of me.
Network config confuses the hell out of me.
haha same 🥲
May or may not be applicable to your case, but often applications need additional configuration to work with a reverse proxy. Usually setting from what IPs it will accept forward headers from (your reverse proxy) and what the original requested host was (externally requested domain, eg: yourservice.yourdomain.com)
If your new setup has resulted in changes to either of those things, the issue might be a now-incorrect config of your apps behind the reverse proxy.
VPN setup on VPS with successful routing of containers. Confirmed by using a CLI IP check within the container which returned the VPS IP
If you want to route traffic from the VPS over the VPN, and the check returned the IP address of the VPS, this confirms it is not working. You need to configure your VPS to route traffic over the VPN. Personally, I’ve done this in the reverse direction (routing local qbittorrent to a public VPN) with gluetun.
I think you got it reversed. I want the container traffic to go through the VPN to the VPS and I want the reverse proxy on the VPS to point to that container.
I want the website (hosted at my house) to be accessible through the VPS so my IP isn’t directly exposed.
You’ve confirmed I’ve understood it correctly. Someone on the Internet requests your site. They reach your VPS with nginx. So far so good. Now, how does nginx know how to reach the upstream service?
The goal is to route the services through the VPN and point Nginx to them… but it doesn’t work.
Right. How are you routing traffic from nginx?
For the services already hosted by the VPS, I just point service.web.site to the appropriate localhost:port.
My hiccup is that the VPN software (pivpn) gives me an internal IP for the clients but pointing Nginx to that IP doesn’t work.
The nginx host is the VPN client in this case, so it’d be connecting to itself. You need to point it to the host on the VPN server side network.
deleted by creator
I’m assuming that you are trying to proxy an http web server. If not, you’re going to have a hard time with nginx. Can you post your nginx config? Are you getting any response from nginx at all?
Nginx was already set up and working before. I have some sites hosted directly on the VPS as well.
I’m just not sure how to make a http request go to a VPN client
By using its ip:port
If you have homeserver1 running stuff and that’s connected to the vps through vpn you make sure your homeserver1 service that you want to proxy runs on the homeserver1’s vpn ip.
For docker this is done by specifying that ip when you expose ports or use 0.0.0.0
I assume you can already ping homeserver1 from the vps by using the vpn address of homeserver1
Assuming your local service is accessible from the nginx server, you can proxy the request to it:
server { listen 80; location / { proxy_pass http://10.100.100.2:3000/; } }…where
10.100.100.2is your local IP on the VPN and3000is the local port your service is listening on, and80is the public port your nginx server listens on. Everything that hits your nginx server athttp://yourserver.com/will proxy back to your local service athttp://10.100.100.2:3000/. Depending on what you’re hosting, you may need to add some things to the config.
Unless your VPN provider supports static port mapping, this is not going to work.
The VPN is hosted on the VPS, which I rent and have full control of. It’s my own VPN between my devices.
The intent is to put my VPS between my services and the outside world so that it doesn’t expose my home IP.
Okay…back up a bit.
You have a VPS server hosted somewhere…so which IP are you trying to obfuscate with a VPN?
Why don’t you just host your public services on the VPS, and whatever else private on your home equipment.
which IP are you trying to obfuscate with a VPN?
My goal was to hide my home IP by routing everything through the VPS. The VPN is hosted on the VPS.
Why don’t you just host your public services on the VPS, and whatever else private on your home equipment.
The VPS is 1 core and 35 GB of storage. I host several websites and some game serves on my home server.
