So glad my router supports WireGuard/OVPN server hosting, doing it this way also relieves resources off your homelab and for whatever reason your homelab shuts off or loses network access you can at least rely on your router to re-establish the VPN server without further intervention.
While i appreciate the detailed response here i did make another comment letting OP know i'm in a similiar situation as them, i use Docker Engine & Docker Compose for my self-hosting needs on a 13th Gen Asus Nuc (i7 model) running Proxmox with a Debian 12 VM. My reverse proxy is traefik and i am able to receive SSL certificates on port :80/:443 (also have Fail2Ban setup) however, i can't for the life of me figure out how to expose my containers to the internet.
On my iPhone over LTE/5G trying my domain leads to an "NSURLErrorDomain" and my research of this error doesn't give me much clarity. Edit appears to be a 503 error.
Image of my port-forwarding rules (note; the 3000 internal/external port was me "testing")
Port Forwarding only works within the internal network/intranet(LAN) but cannot be accessed from Internet(WAN).
(1) First, make sure that Port Forwarding function is set up properly. You can try not to fill in the [ Internal Port ] and [ Source IP ], please refer to the Step 3.
(2) Please check that the device you need to port forward on the LAN has opened the port.
For example, if you want to set up a HTTP server for a device (PC) on your LAN, make sure you have opened HTTP port 80 on that device.
(3) Please note that if the router is using a private WAN IP address (such as connected behind another router/switch/modem with built-in router/Wi-Fi feature), could potentially place the router under a multi-layer NAT network. Port Forwarding will not function properly under such environment.
Private IPv4 network ranges:
Class A: 10.0.0.0 – 10.255.255.255
Class B: 172.16.0.0 – 172.31.255.255
Class C: 192.168.0.0 – 192.168.255.255
CGNAT IP network ranges:
The allocated address block is 100.64.0.0/10, i.e. IP addresses from 100.64.0.0 to 100.127.255.255.
I want to highlight the fact that i may be under a multi-layered NAT, the folks in my household demand the ISP router given that i have PiHole running DNS blocking and my Asus Router routes all outbound connections through a VPN tunnel, besides DDNS obviously which my router also handles, i have to run these routers in bridged-mode so that they share the same WAN IP but, if I am able to receive SSL/TLS certificates from LetsEncrypt on port :80/:443 that means port-forwarding is working as intended right?
Follow up question, did you have trouble exposing port :80 & :443 to the internet? Also are you also using Swarm or Kubernetes?
I have the docker engine setup on a machine along side Traefik (have tried Nginx in the past) primarily using Docker Compose and it works beautifully on LAN however I can’t seem to figure out why I can’t connect over the internet, I’m forced to WireGuard/VPN into my home network to access my site.
No need to provide troubleshooting advice, just curious on your experience.
I suppose you didn’t hear about the new EULA for Take-Two/2K/Rockstar games eh?
Long story short they have explicit permission to install a root kit on your system which is a popular type of malware. If the developers knowingly install a root kit on your system and someone who is savvy enough decides to abuse it, well… let’s just say the outcome isn’t pretty for the end-user.
I love BL1 & BL2 but this is justification to put those games to rest or run them offline or in LAN, having a back door to people’s systems on any online game will backfire.
Unpopular opinion, if you’re going to use a Debian based distro you should just use Debian.
Yes, it is command-line/BASH heavy however, once you learn it it’ll make all the other Debian based distro’s even easier to manage. Only real difference is system directories are in different locations distro-to-distro.
Yewtube Is a third party front end for YouTube using Invidious, more private, no ads and if you pair it with Freetube you can even skip in video advertisements/sponsors.
So glad my router supports WireGuard/OVPN server hosting, doing it this way also relieves resources off your homelab and for whatever reason your homelab shuts off or loses network access you can at least rely on your router to re-establish the VPN server without further intervention.