I know that I can use 3rd party services to set up a tunnel, like Cloudflare, but I’d like to implement this myself.

I feel like every time I research this question I find all kinds of blogs / form posts across the timescape on the topic, and I’m just looking for whatever might be the most current or recommended best method of configuring a VPS tunnel. I’m behind a CG-Nat which is why I want to set one up.

If you’ve done this recently yourself, where did you get your info from?

Thanks!

  • ThorrJo@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    There isn’t a guide yet that I’ve found. I slowly & painfully assembled all the info and beat my head against the task until I had something working & stable.

    I’m currently building a comprehensive one, but due to circumstances beyond my control, it’s taking forever.

    I think civilization just hasn’t gotten there yet, but I suspect I’m not the only one working on this, so I bet the reverse proxy tunnel HOWTO situation will be way better in a year or two…

    FWIW I use nginx on the front end, and rathole for my tunnels - the latter is a very straightforward way to set up the tunnels.

  • RxBrad@lemmings.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I’m very slowly typing up a blog post on how I did it, but I had success tunneling my Plex through T-Mobile’s CGNAT by running this Docker container on my local machine and on a free (technically PAYGo using always-free services) Oracle Cloud account.

    Much like Cloudflare, this is for sending specific-port traffic through the tunnel.

    https://github.com/DigitallyRefined/docker-wireguard-tunnel

    • Red Wizard 🪄@lemmygrad.mlOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I saw this and I think it’s what I’m going to do too. I figure I can just configure it with my existing nginx information and go from there.

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    CGNAT Carrier-Grade NAT
    DNS Domain Name Service/System
    HTTP Hypertext Transfer Protocol, the Web
    IP Internet Protocol
    NAT Network Address Translation
    Plex Brand of media server package
    VPN Virtual Private Network
    VPS Virtual Private Server (opposed to shared hosting)
    nginx Popular HTTP server

    7 acronyms in this thread; the most compressed thread commented on today has 20 acronyms.

    [Thread #50 for this sub, first seen 16th Aug 2023, 06:05] [FAQ] [Full list] [Contact] [Source code]

  • tvcvt@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    I don’t have a particular guide to reocmmend, but assuming you have a VPS already, you’ll basically need just a few components:

    • A VPN (I’d use wireguard) tunnel between your network at home and the VPS
    • A reverse proxy on your VPS (nginx-reverse-proxy is a pretty user-friendly implementation) to forward traffic to the correct host on your local network
    • A DNS record for your subdomain that points to your VPS’s public IP address.

    That should basically do what you need. The reverse proxy will see the domain (https://whatever.example.com) and pass it on to the machine on your local network (e.g. 192.168.1.111:8888) via a VPN connection (which will push the routes so the VPS knows how to get to your local network).

    • Red Wizard 🪄@lemmygrad.mlOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      So here is a question: does it need to be a sub domain? Can’t I redirect all traffic to the VPS? If I wanted to host a HTML website at my root domain and have it served by nginx for example, couldn’t I do that?

      I just see subdomain mentioned in the guides / tools I see but I don’t understand why exactly.

      • tvcvt@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Hey, it definitely doesn’t have to be just a subdomain. You can have a record for example.com point to your VPS’s IP at the same time you have www.example.com, nextcloud.example.com, and jellyfin.example.com. Have as many services and domains as you like and the reverse proxy will direct the traffic to the correct local server based on the domain name.

        One way you can do this flexibly is to have two records in your DNS: an A record pointing example.com to your VPS and a CNAME pointing *.example.com to example.com. That way, any subdomain will go to your VPS and you only have to add new services in the reverse proxy.

      • chiisana@lemmy.chiisana.net
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Doesn’t have to be a subdomain, but just good practice for hostnames to be a subdomain because hostnames generally represents a named server (subdomain) within an organization (domain). Also it makes things easier if you add additional servers in the future to just assign another hostname to the new server.

        I usually do:

        domain.ext - leave open, not used. servername.domain.ext - A records in DNS pointing to servers’ public addresses; (i.e. servera.domain.ext. A 10.0.0.123; serverb.domain.ext. A 10.0.0.234; etc.) service.domain.ext - CNAME to the server it is on (i.e. auth.domain.ext. CNAME servera.domain.ext

        This way it is super quick for me to move entire server to different provider (update A record) or move service to another server (update CNAME record) when I need to shuffle things around.

        If you’re running a public facing website, you could always CNAME your www and @ (or whatever your DNS provider uses to represent root domain) to your server specific A record entry.

        • Red Wizard 🪄@lemmygrad.mlOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          It’s funny, when you explain it, my IT hat goes on and I totally get it lol. I guess the context felt different enough that I didn’t get it. But I work with Windows domains all day and that’s exactly how DNS operates in that environment.

          Ultimately I think for a tunnel you’ll end up with your records pointing to your VPS. So you’ll have a *.domain.tld CNAME record and maybe a @ CNAME record and your nginx server on the other end of the tunnel would handle the routing.