Zerotier/Tailscale/VPN Gateway?

I have a few different yunohost servers in different locations, behind routers. I would like to have one cloud VPS which acts as a gateway, to route traffic to these different yunohost servers.

I would like to do this in such a way that:

  • I don’t have to make any modifications to the routers (no router port forwarding)
  • requests for different domains route to different servers (so I can’t use iptables or anything that operates beneath layer 7)
  • UDP forwarding is supported (one of the ynh servers is running peertube, which requires udp)
  • https certificate renewal is handled as seamlessly as possible

it seems like the best way to achieve this is with a reverse proxy, like caddy, nginx or socat, which forwards traffic by domain to a virtual IP address of the correct server, as provided by Zerotier, Tailscale or a VPN.

caddy handles https automatically.
nginx can forward udp via streams. socat can also forward udp.

so maybe the best way would be to run caddy and nginx on the vps to do the forwarding. and use zerotier or wireguard to make tunnels from the server to the vps?

is there a different or recommended way to do this?

are there any graphical applications that could be installed on the VPS to handle configuring of the routing without going in to terminal to manually modify configs?

are there any hosted services that offer forwarding like this?

I also see that it’s possible to use an OpenVPN access server to forward all the traffic (like in this video), but its my understanding this could only be used to route all the traffic to the VPS to one server, not to route traffic to different domains to different servers from the same VPS?

I also could run yunohost on the VPS, and then use the Reverse Proxy app for each domain being forwarded, and forward the traffic to the tunneled IP address, but I guess this does not support UDP?

__

this setup also has the added benefit of hiding the IP addresses of the local servers

I learned about boringproxy, rathole and frp via this forum thread, but haven’t tried them yet

I got things somewhat working by having the homeserver and vps both join the same zerotier network, and then using the ynh redirector app on the vps as a reverse proxy pointing to the zerotier ip of the homeserver. I have this working for routing a domain to a docker service running on a particular port on the homeserver, but haven’t figured it out yet for connecting with yunohost services on the homeserver without going into an infinite redirect loop or having a bad gateway error

managed to get the redirecter reverse proxy working with proxying to yunohost services as well by manually changing the line in redirect.conf

from
proxy_set_header Host $host;
to actually hardcoding the host for that particular domain, e.g.
proxy_set_header Host myservice.domain.net;

kind of awkward and not sure what is the correct way to do this, but its working :slight_smile:

other than not sure what other tweaks would be needed to also handle udp

1 Like

for my docker containers on my homeserver, using a reverse proxy on the cloud vps through the zerotier ip to the port exposed by the docker container on the home server worked for the first day, and then inexplicably stopped working. I fixed it by adding another redirector-app/reverse-proxy on the homeserver, which redirects the domain to the docker port on the homeserver, and then having the cloud vps just reverse proxy to the zerotier ip without any specified port. Kind of weird having yunohost reverse proxy (cloud vps) → yunohost reverse proxy (home server) → to docker container (home server), but it works so im happy lol.

more references for anyone on this rabbit hole:

https://greenhouse.server.garden/

this also looks very promising! https://narrowlink.com/