I need help figuring out where I am going wrong or being an idiot, if people could point out where…

I have a server running Debian 12 and various docker images (Jellyfin, Home Assistant, etc…) controlled by portainer.

A consumer router assigns static Ip addresses by MAC address. The router lets me define the IP address of a primary/secondary DNS. The router registers itself with DynDNS.

I want to make this remotely accessible.

From what I have read I need to setup a reverse proxy, I have tried to follow various guides to give my server a cert for the reverse proxy but it always fails.

I figure the server needs the dyndns address to point at it but I the scripts pick up the internal IP.

How are people solving this?

  • ѕєχυαℓ ρσℓутσρєEnglish
    22 months ago

    My setup looks like the following:

    /etc/wireguard/wg-vps.conf on the VPS
-----------------------------------------------------
[Interface]
Address = 10.8.0.2/24
ListenPort = 51820
PrivateKey = ********************************************

# packet forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1

# port forwarding 80 and 443
PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.8.0.1:80
PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.8.0.1:443
PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.8.0.1:80
PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.8.0.1:443

# packet masquerading
PreUp = iptables -t nat -A POSTROUTING -o wg-vps -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o wg-vps -j MASQUERADE

[Peer]
PublicKey = ********************************************
AllowedIPs = 10.8.0.1

    /etc/wireguard/wg-vps.conf on my home-server
---------------------------------------------------------------
[Interface]
Address = 10.8.0.1/24
PrivateKey = ********************************************

[Peer]
PublicKey = ********************************************
AllowedIPs = 10.8.0.2
Endpoint = <VPS-DDNS>:51820
PersistentKeepAlive = 25

    Now, just enable the tunnel using sudo systemctl enable --now wg-quick@wg-vps. Make sure that the port 51820, 80, and 443 are open on the VPS. Now, allow 80, 443 through the firewall on the home-server (not on the router, just allow it locally), and it should work.