Hello
Trying to see if there is an easier way or if is secure.
I have a VPS. I want to use for web services (docker) only accessible internal and not exposed to interent e.g. ZorAxy/ngnix manager.
I don’t want to use Tailscale as the VPS is headscale and feel not secure.
Don’t want to use VPN as I don’t want my device to connect to it, forward my traffic from VPS IP. Also I use android a lot and that uses a commerical VPN.
So I thought ssh tunnel, make tun device on vps, and make docker compose port to the tun ip. Can then use a proxy on android to connect to my internal web servers. As for Linux, I have to make another tunnel and proxy my browser - problem is that everything from the browser goes through my vps, so like a VPN.
Just wondered if there was an easier solution and is this way secure?
Thanks
What are you asking?
Keep us posted. I am using tailscale, but plan on transitioning to a VPS running a VPN and/or headscale on it. Your scenarios isn’t something I’m familiar w/ but might be a good option
I think you can set up a VPN in a way that it doesn’t forward all traffic, just specific traffic to one IP or a certain network, and everything else goes out the default route. That would leave you with your regular connection, except if you’re talking to your VPS, then it’ll go through the tunnel. But that won’t help you with the android and multiple VPN apps at the same time.
Maybe you could configure the firewall on the VPS to drop all traffic from the internet, but just accept packets from your home IP address? I mean with most providers your IP is going to change regularly. You’d need some additional logic or write some script. Your VPS would add an exception to its firewall so you can access it, while dropping all other internet traffic by default. That’d be a solution completely without VPNs.
Or if it’s just a few simple services… Lock them with some login screen and people would have to log in with username+password to your services.
Split tunneling with wireguard is probably the best way for this.
There are many tutorials, here’s an example: https://ssh.sshslowdns.com/wireguard-split-tunnel-config/
This will let you have some things on wiregusard and some not
check out gluetun
might help. i use it for setting a torrent container to use an openvpn container as its only outbound
Thanks for all your tips
