Egregoros

Signal feed

API Docs
Timeline

Post

Remote status

Context

4
:VD15_0::VD15_1::VD15_2::VD15_3::VD15_4::VD15_5::VD15_6::VD15_7:

:VD15_0::VD15_1::VD15_2::VD15_3::VD15_4::VD15_5::VD15_6::VD15_7:

@VD15@pl.valkyrie.world remote
Open link

Want to self-host a lot more of my stuff. Might even move pleroma to my NAS and use my VPS an an endpoint I tunnel everything to.

IDK shit about networks but I think I could just point a bunch of subdomains to a single IP and have nginx figure out what tunnel to point it to?

:VD15_0::VD15_1::VD15_2::VD15_3::VD15_4::VD15_5::VD15_6::VD15_7:

:VD15_0::VD15_1::VD15_2::VD15_3::VD15_4::VD15_5::VD15_6::VD15_7:

@VD15@pl.valkyrie.world remote
Open link

@tezoatlipoca Well, I guess how do you have it configured? I have pleroma and media proxy running on two different subdomains pointed to the same VPS, but looking at my nginx pleroma config I still have no idea how it works lol

I was planning on using ngrok or that thing lain vibecoded a few days ago to tunnel to the VPS but even then, I wouldn't know how tell nginx to point traffic bound to abc[dot]valkyrie[dot]world to a specific tunnel. A couple of people in the thread have said they use caddy instead (and apparently you can just VPN with wireguard?)

Replying to @phnt@fluffytail.org

Replies

4
Replying to @feld@friedcheese.us
Phantasm

Phantasm

@phnt@fluffytail.org remote
Open link
@feld @tezoatlipoca @VD15 Yeah, that's certainly one of the ways to do this and somewhat similar to what I do for making services like a local Minecraft server available to the public while I'm behind NAT. My solution involves almost the same wireguard tunnel configuration on the actual host and a simple OpenBSD pf/relayd config on the remote VPS to transparently forward TCP traffic and masquerade on the way out. I might write a post on this, since the only known documentation of how to set this up is a decade old archive from a mailing list and documentation is most unhelpful in this case.

Also a note on VPS providers that lock you only into Linux distros. If you can get into a recovery mode where you have access to the boot disk, it is trivial to install OpenBSD and probably also FreeBSD on these. Grab a copy of the miniroot.img file, write it onto the main disk and reboot out of recovery. Install kernel will load into memory along with the installer (it lives in initrd) and you can safely overwrite the disk during the install. Only possible issue would be if the provider uses crap like cloud-init for network autoconfig.

pf.conf:
pass in quick on wg0 proto tcp from 10.0.80.2

pass out on egress from wg0:network to any nat-to (egress)
# OR
pass out on egress from 10.0.80.2 to any nat-to (egress)
relayd.conf:
ext_inet = IP_OF_VPS
table <mc_server> { 10.0.80.2 }

relay "mc" {
	listen on $ext_inet port your_favorite_port_here
	
	# relayd on OpenBSD 7.6 dropped sessions that were still
	# active with traffic for some reason. Might be fixed...
	session timeout 28800
	
	transparent forward to <mc_server> port 25565
}
Replying to @phnt@fluffytail.org
Phantasm

Phantasm

@phnt@fluffytail.org remote
Open link
@feld @VD15 @tezoatlipoca I did the same setups also on Linux using HAProxy, but ultimately OpenBSD is what became my favorite tool for this since everything needed is already preinstalled and it's a way smaller base that barely needs updates. Also HAProxy can be dumb when upstreams go down and it tries to check connectivity. It spins a thread for a couple seconds at 100% in the default config, which can be annoying depending on what also runs on the VPS.
Replying to @phnt@fluffytail.org
Replying to @feld@friedcheese.us