azorius.aria.company

connect to vps
from jammy@lemmy.ml to selfhosted@lemmy.world on 29 Nov 12:18
https://lemmy.ml/post/23031265

Hello

Trying to see if there is an easier way or if is secure.

I have a VPS. I want to use for web services (docker) only accessible internal and not exposed to interent e.g. ZorAxy/ngnix manager.

I don’t want to use Tailscale as the VPS is headscale and feel not secure.

Don’t want to use VPN as I don’t want my device to connect to it, forward my traffic from VPS IP. Also I use android a lot and that uses a commerical VPN.

So I thought ssh tunnel, make tun device on vps, and make docker compose port to the tun ip. Can then use a proxy on android to connect to my internal web servers. As for Linux, I have to make another tunnel and proxy my browser - problem is that everything from the browser goes through my vps, so like a VPN.

Just wondered if there was an easier solution and is this way secure?

Thanks

#selfhosted

threaded - newest

originalucifer@moist.catsweat.com on 29 Nov 12:23 next collapse

check out gluetun

might help. i use it for setting a torrent container to use an openvpn container as its only outbound

hendrik@palaver.p3x.de on 29 Nov 12:32 next collapse

I think you can set up a VPN in a way that it doesn't forward all traffic, just specific traffic to one IP or a certain network, and everything else goes out the default route. That would leave you with your regular connection, except if you're talking to your VPS, then it'll go through the tunnel. But that won't help you with the android and multiple VPN apps at the same time.

Maybe you could configure the firewall on the VPS to drop all traffic from the internet, but just accept packets from your home IP address? I mean with most providers your IP is going to change regularly. You'd need some additional logic or write some script. Your VPS would add an exception to its firewall so you can access it, while dropping all other internet traffic by default. That'd be a solution completely without VPNs.

Or if it's just a few simple services... Lock them with some login screen and people would have to log in with username+password to your services.

Lem453@lemmy.ca on 29 Nov 12:43 collapse

Split tunneling with wireguard is probably the best way for this.

There are many tutorials, here’s an example: ssh.sshslowdns.com/wireguard-split-tunnel-config/

This will let you have some things on wiregusard and some not

jammy@lemmy.ml on 29 Nov 14:14 next collapse

Thanks for all your tips

macattack@lemmy.world on 01 Dec 02:01 next collapse

Keep us posted. I am using tailscale, but plan on transitioning to a VPS running a VPN and/or headscale on it. Your scenarios isn’t something I’m familiar w/ but might be a good option

possiblylinux127@lemmy.zip on 02 Dec 04:49 collapse

What are you asking?