ten million explosions

For people who know about networking, if I setup lesbian.solutions to run in my home and set it up to connect to a reverse proxy somewhere else, I'd point the domain name to that second server's IP right? Would it connect to the fedi from that point or from my house?

1
:garfield:‍fuchsiaaaaaaaaaaaaaaaaa

@dragon with just a reverse proxy the outgoing fedi connections would happen from your house

1+
:garfield:‍fuchsiaaaaaaaaaaaaaaaaa

@dragon as i run pixie.town to a setup like that, here's what I do to prevent that:

- wireguard (vpn software) to make a tunnel between vps and server at home
- server has all outgoing traffic going through that vpn
- nginx runs on vps, reverse proxy to the internal wireguard interface IP for the homeserver (something like 10.0.0.2)

1
ten million explosions

@f0x I think that's about the setup I want, can I ask why you use the reverse proxy and the vpn? It feels like just the VPN would work but I think I'm missing something

1
MOVED TO @haskal@types.pl

@dragon @f0x yeah i have a similar setup but with iptables rules rather than nginx on the vps

mainly i don't want ssl terminated until it reaches my physical server

1+
:garfield:‍fuchsiaaaaaaaaaaaaaaaaa

@haskal @dragon without the reverse proxy you would have to port-forward to the homeserver's port 80/443 and uhh that sucks (fuck iptables) :p
also that way you can have the vps nginx itself listen on 80/443 so some sites/paths are handled by the vps and some reverse proxied onto the homeserver

but as haskal mentions that's the tradeoff, with a setup like that all traffic has to be decrypted on the vps

1
ten million explosions

@f0x @haskal right okay so if I just want the second server to act as a proxy both ways I can have the VPN and the reverse proxy setup so that everything that goes in or out of my home server goes through it?

1
:garfield:‍fuchsiaaaaaaaaaaaaaaaaa
Follow

@dragon @haskal if you really just want it to push traffic both ways, you only need wireguard + (iptables) portforward

· · 2 · 0 · 1
ten million explosions

@f0x @haskal oh great!! Will that also grab the incoming traffic and relay it back? I'll look into wireguard thanks a lot

1
:garfield:‍fuchsiaaaaaaaaaaaaaaaaa

@dragon @haskal yes, incoming would be handled by the iptables portforward rule in that case, directing all incoming traffic on 80/443 to your homeserver, over the tunnel

1
ten million explosions

@f0x @haskal oh that's perfect thanks :) plus that'd mean I'd be able to connect directly to my home server locally and still have it post to fedi through the VPN, thanks a lot

0
MOVED TO @haskal@types.pl

@f0x @dragon yeah so here's how to do the thing
you set up a VPN between your cloud gateway vps and your actual server. say the gateway is 10.0.0.1 and the server is 10.0.0.2
on the server you set the default gateway to 10.0.0.1 (or, use policy based routing i can tell you about that too)
on the gateway you do (assuming the interface is eth0)

sysctl -w net.ipv4.ip_forward=1
iptables -A FORWARD -i eth0 --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.0.0.2 -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 10.0.0.2

1
ten million explosions

@haskal @f0x I think I'm getting this, gonna do more research thank u!!

0
Sign in to participate in the conversation
Pixietown

Small server part of the pixie.town infrastructure. Registration is closed.

Resources

Developers

What is Mastodon?

pixie.town

  • About
  • v3.5.19patch-2024-07-04

More…

v3.5.19patch-2024-07-04 · Privacy policy