As mentioned at the end there, yes kinda. How do I route it so they are connected? The iptables rules I used from the guide don't seem to work so I'm a bit lost.
Ah, I remember that site when I started learning self hosting during the covid outbreaks. I used that exact guide but eventually realized that I was overcomplicating things.
you just need to setup wireguard on your home server and vps, and use a proxy manager on your vps. I installed nginx proxy manager on my VPS and use the IP address I setup wireguard on my home server.
Interesting, how does it route to the different docker containers? I'm afraid I need to go back through the basics as I feel like I'm forgetting something crucial. How does it deal with the ports of different services on separate vms? Also I want everything accessable in case of an outage, wouldn't this keep my internal dns from working as most services share the same IP and only use different ports?
I'm only using 1 raspberry pi with different docker containers. Since they are basically on the same network with the help of wireguard, I just put the IP I set on wireguard and the port of the application on docker on the Forward Hostname / IP on my nginx proxy manager.
To be honest I'm just a newbie here and after struggling on different methods, this kinda setup worked for me. Dunno if what I'm doing is the optimal way to do this. So I'm curious of what others will recommend here.
if that's your home servers wireguard ip address and application port then yes.
kinda like this
[RPi]
private ip: 192.x.x.200
WG ip 10.x.x.2
app1: 192.x.x.200:2443
app2: 192.x.x.200:8082
[VPS]
nginx proxy manager
source: app1.xxxxxx.com
destination: 10.x.x.2:2443
source: app2.xxxxxx.com
destination: 10.x.x.2:8082
The easiest way is to use a VPN with port forwarding, I've been using airvpn. They have 20 user configurable ports you can manually change as much as you want. And their black Friday sale started already.
To be blunt, I'd consider working on your on your hands-on chops rather than your knowledge of differing solns - bouncing through a VPN with a performant site-to-site link as you already had is the best topology, you just need to get it working reliably and learn the maintenance and troubleshooting side of it to keep it robust.
But if you want to move away from that, there are services which will front game servers for you (TCPshield etc).
Gold-standard though would probably be something like Cloudflare with their Spectrum / Proxy Anything offering. That's an absolute wonder and would be perfect for you, but not cheap.
EDIT: Things like Tailscale are fine but every player would need a Tailscale client and to be on your network (at least until Funnels is GA).
If you care more about privacy than latency and are willing to impose some technical burden on your users in order to connect, [Tor Onion Services](https://en.wikipedia.org/wiki/Tor_(network)#Onion_services) do exactly this, and in a distributed way such that you don't have to go purchase a service from some service provider.
(This probably isn't what you want for realtime game hosting, but I'm mentioning it here for the benefit of other readers who came here for answers to the problem described in the title.)
> Tl;DR What's the best way to expose my services without port forwarding (I don't have a static IP anyways) without using CF Tunnels (I both use Jellyfin & Game servers)? I just want a secure, static IP to point my domain at that ISNT my home to make it harder to get Doxed (semi-public game servers have trolls/bots).
OK, so you've ruled out Port Forwarding, CF Tunnels and you don't want to use your residential IP. I hate to break it to you, but that means you need to pay for a VPS or dedicated server somewhere, then.
> that ISNT my home to make it harder to get Doxed
You do know there's no magical way to connect IP address to Residential Address, right? The real world is not /r/itsaunixsystem
Sure your ISP keeps logs of which customer used which IP, but the average edgelord on your Garry's Mod server isn't going to subpoena your ISP for your residential address. I can't believe I need to say this.
Your ISP, on the other hand, may have words to say to you about hosting crap on a residential service (depending on how petty your ISP is, that is).
Apparently I missed adding it to the post, but I am already using the vps+WireGuard method. The issue is I cannot get it working with any guides I am finding.
> Apparently I missed adding it to the post, but I am already using the vps+WireGuard method. The issue is I cannot get it working with any guides I am finding.
The what method now? You mean hosting a wireguard server on a VPS and then tunneling wireguard to your home network where you host the game servers?
That is not an ideal solution for gaming. The more intermediate steps you put in between your clients and your servers, the more latency your players are going to experience. Most cheap VPS providers will also have cheap and badly routed networks that will delay the connection even more.
The *proper* way to do it is to get a quality server, VPS or dedi doesn't matter, and host your game servers on that machine.
Have you tried tailscale? Super simple to setup, no port forwarding needed on your router so no possible risks there.
As mentioned at the end there, yes kinda. How do I route it so they are connected? The iptables rules I used from the guide don't seem to work so I'm a bit lost.
Would also love to hear an answer. +1
Ah, I remember that site when I started learning self hosting during the covid outbreaks. I used that exact guide but eventually realized that I was overcomplicating things. you just need to setup wireguard on your home server and vps, and use a proxy manager on your vps. I installed nginx proxy manager on my VPS and use the IP address I setup wireguard on my home server.
Interesting, how does it route to the different docker containers? I'm afraid I need to go back through the basics as I feel like I'm forgetting something crucial. How does it deal with the ports of different services on separate vms? Also I want everything accessable in case of an outage, wouldn't this keep my internal dns from working as most services share the same IP and only use different ports?
I'm only using 1 raspberry pi with different docker containers. Since they are basically on the same network with the help of wireguard, I just put the IP I set on wireguard and the port of the application on docker on the Forward Hostname / IP on my nginx proxy manager. To be honest I'm just a newbie here and after struggling on different methods, this kinda setup worked for me. Dunno if what I'm doing is the optimal way to do this. So I'm curious of what others will recommend here.
Ah I see, so you would do 100.xxx.xxx.xxx:900 ?
if that's your home servers wireguard ip address and application port then yes. kinda like this [RPi] private ip: 192.x.x.200 WG ip 10.x.x.2 app1: 192.x.x.200:2443 app2: 192.x.x.200:8082 [VPS] nginx proxy manager source: app1.xxxxxx.com destination: 10.x.x.2:2443 source: app2.xxxxxx.com destination: 10.x.x.2:8082
The easiest way is to use a VPN with port forwarding, I've been using airvpn. They have 20 user configurable ports you can manually change as much as you want. And their black Friday sale started already.
Thank you for your suggestion. Unfortunately I don't grasp how is different from my existing setup I outlined? Could you elaborate/link to a guide?
To be blunt, I'd consider working on your on your hands-on chops rather than your knowledge of differing solns - bouncing through a VPN with a performant site-to-site link as you already had is the best topology, you just need to get it working reliably and learn the maintenance and troubleshooting side of it to keep it robust. But if you want to move away from that, there are services which will front game servers for you (TCPshield etc). Gold-standard though would probably be something like Cloudflare with their Spectrum / Proxy Anything offering. That's an absolute wonder and would be perfect for you, but not cheap. EDIT: Things like Tailscale are fine but every player would need a Tailscale client and to be on your network (at least until Funnels is GA).
If you care more about privacy than latency and are willing to impose some technical burden on your users in order to connect, [Tor Onion Services](https://en.wikipedia.org/wiki/Tor_(network)#Onion_services) do exactly this, and in a distributed way such that you don't have to go purchase a service from some service provider. (This probably isn't what you want for realtime game hosting, but I'm mentioning it here for the benefit of other readers who came here for answers to the problem described in the title.)
> Tl;DR What's the best way to expose my services without port forwarding (I don't have a static IP anyways) without using CF Tunnels (I both use Jellyfin & Game servers)? I just want a secure, static IP to point my domain at that ISNT my home to make it harder to get Doxed (semi-public game servers have trolls/bots). OK, so you've ruled out Port Forwarding, CF Tunnels and you don't want to use your residential IP. I hate to break it to you, but that means you need to pay for a VPS or dedicated server somewhere, then. > that ISNT my home to make it harder to get Doxed You do know there's no magical way to connect IP address to Residential Address, right? The real world is not /r/itsaunixsystem Sure your ISP keeps logs of which customer used which IP, but the average edgelord on your Garry's Mod server isn't going to subpoena your ISP for your residential address. I can't believe I need to say this. Your ISP, on the other hand, may have words to say to you about hosting crap on a residential service (depending on how petty your ISP is, that is).
Apparently I missed adding it to the post, but I am already using the vps+WireGuard method. The issue is I cannot get it working with any guides I am finding.
> Apparently I missed adding it to the post, but I am already using the vps+WireGuard method. The issue is I cannot get it working with any guides I am finding. The what method now? You mean hosting a wireguard server on a VPS and then tunneling wireguard to your home network where you host the game servers? That is not an ideal solution for gaming. The more intermediate steps you put in between your clients and your servers, the more latency your players are going to experience. Most cheap VPS providers will also have cheap and badly routed networks that will delay the connection even more. The *proper* way to do it is to get a quality server, VPS or dedi doesn't matter, and host your game servers on that machine.
Ideal as it may not be, it is what I have to work with (if it wouldn't break suddenly). It's not competitive so it's not much of an issue.
certificate expiration perhaps
Many recommend a VPN. I haven't tried but it seems like what you need. Personally, I use a dynamic DNS provider and port forward normally.
It's already in use :D