Hello

Trying to see if there is an easier way or if is secure.

I have a VPS. I want to use for web services (docker) only accessible internal and not exposed to interent e.g. ZorAxy/ngnix manager.

I don’t want to use Tailscale as the VPS is headscale and feel not secure.

Don’t want to use VPN as I don’t want my device to connect to it, forward my traffic from VPS IP. Also I use android a lot and that uses a commerical VPN.

So I thought ssh tunnel, make tun device on vps, and make docker compose port to the tun ip. Can then use a proxy on android to connect to my internal web servers. As for Linux, I have to make another tunnel and proxy my browser - problem is that everything from the browser goes through my vps, so like a VPN.

Just wondered if there was an easier solution and is this way secure?

Thanks

  • @macattack
    link
    English
    14 days ago

    Keep us posted. I am using tailscale, but plan on transitioning to a VPS running a VPN and/or headscale on it. Your scenarios isn’t something I’m familiar w/ but might be a good option

  • hendrik
    link
    fedilink
    English
    4
    edit-2
    6 days ago

    I think you can set up a VPN in a way that it doesn’t forward all traffic, just specific traffic to one IP or a certain network, and everything else goes out the default route. That would leave you with your regular connection, except if you’re talking to your VPS, then it’ll go through the tunnel. But that won’t help you with the android and multiple VPN apps at the same time.

    Maybe you could configure the firewall on the VPS to drop all traffic from the internet, but just accept packets from your home IP address? I mean with most providers your IP is going to change regularly. You’d need some additional logic or write some script. Your VPS would add an exception to its firewall so you can access it, while dropping all other internet traffic by default. That’d be a solution completely without VPNs.

    Or if it’s just a few simple services… Lock them with some login screen and people would have to log in with username+password to your services.

  • originalucifer
    link
    fedilink
    26 days ago

    check out gluetun

    might help. i use it for setting a torrent container to use an openvpn container as its only outbound