Linux

12676 readers

294 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

How do I pass traffic on some port to a wireguard peer (lemmy.ml)

submitted 21 hours ago by lonesomeCat@lemmy.ml to c/linux@programming.dev

6 comments fedilink hide all child comments

So I have an http server on node A, and a VPS on node B. Both are connected through wireguard on a VPN which consists only of these two nodes. I'm trying to make all the requests that arrive on http/s on node B to be forwarded to A and processed there. Then of course the response must return to the original sender. I've seen a million ways to do it online and I'm hitting a brick wall so how would you do it properly on a fresh install (assuming my firewall, ufw in my case, is disabled. I'll figure it out once routing works as intended)

you are viewing a single comment's thread
view the rest of the comments

[–] forestbeasts@pawb.social 2 points 13 hours ago* (last edited 13 hours ago)

We use nginx for that! It can proxy TCP/UDP in general. You can also have it be your TLS endpoint and then pass stuff back to the backend over plain HTTP, if you trust your VPS, but you don't have to.

nginx can preserve the source IP with its "proxy_protocol" feature, somewhat (might only work for HTTPS; with proxy_protocol, nginx on server A will then set the appropriate header with the IP it gets from server B). Or if you decrypt on the VPS, it can set the appropriate header for you before sending it back to server A.

I've got a guide on how we have ours set up: https://frost.brightfur.net/blog/selfhosting-with-a-bounce-vps-part-1/

-- Frost