I’m looking into replacing cloudflare with a VPS running a reverse proxy over a VPN, however, every solution I see so far assumes you’re running Docker, either for the external reverse proxy host or the services you’re self hosting.
The VPS is already virtualized (perhaps actually containerized given how cheap I am) so I don’t want to put Docker on top of that. The stuff I’m self hosting is running in Proxmox containers on a 15 year old laptop, so again, don’t want to make a virtual turducken.
Besides, Docker just seems like a pain to manage. I don’t think it was designed for use as a way to distribute turnkey appliances to end users. It was made for creating reproducible ephemeral development environments. Why else would you have to specify that you want a storage volume to persist across reboots? But I digress.
Anyway, I want to reverse proxy arbitrary IP traffic, not just HTTP/S Is that possible? If so, how?
My initial naive assumption is that you set up a VPN tunnel between the VPS and the various proxmox containers, with the local containers initiating the connection so port forwarding isn’t necessary. You then set up the reverse proxy on the VPS to funnel traffic through the tunnel to the correct self-hosted container based on domain name and/or port.
There is really nothing wrong with Docker on a VPS. It’s not a VM there is no overhead.
I also run a VPS which is connected to my Honelab using Tailscale. I run Nginx Proxy Manager using Docker on the VPS and it’s proxy’ing all incoming connections to my Honelab.
Could you explain your setup a bit more? Because my understanding is:
Let’s say you have a blog website in your homelab. To access the blog you have to: you go to your VPS’s hostname/IP, from there the VPS forwards your request over tailscale to your homelab which then responds with your blog website?
If that’s the case, why even have the VPS and instead just use tailscale to access your homelab directly?
Unless you intend to have the VPS be a load balancer in some way? Or a filter/firewall? Or you can’t do a static IP for your homelab but you want it to be publicly accessible?
Just trying to understand why you’re doing it this way. I love seeing all the crazy ways people can set things up like this lol