Linux

12733 readers

198 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

How do I pass traffic on some port to a wireguard peer (lemmy.ml)

submitted 5 days ago by lonesomeCat@lemmy.ml to c/linux@programming.dev

8 comments fedilink hide all child comments

So I have an http server on node A, and a VPS on node B. Both are connected through wireguard on a VPN which consists only of these two nodes. I'm trying to make all the requests that arrive on http/s on node B to be forwarded to A and processed there. Then of course the response must return to the original sender. I've seen a million ways to do it online and I'm hitting a brick wall so how would you do it properly on a fresh install (assuming my firewall, ufw in my case, is disabled. I'll figure it out once routing works as intended)

you are viewing a single comment's thread
view the rest of the comments

[–] dgdft@lemmy.world 1 points 5 days ago* (last edited 5 days ago) (1 children)

SSH tunneling is the term for what you need here. You can set it up on either end, and it’ll transparently pipe data from a port on the VPS to your TLS box. Configure the web server to reverse-proxy that port, and you’re up and running.

[–] possiblylinux127@lemmy.zip 1 points 5 days ago (1 children)

SSH tunneling is really slow and doesn't preserve the source IP

[–] dgdft@lemmy.world 0 points 5 days ago* (last edited 5 days ago)

SSH tunnels suffer from TCP over TCP, but it's not too much worse than OpenVPN or wg over TCP on the whole. E.g. https://asciinema.org/a/347146.

Nothing OP mentioned in the post required preserving the source IP, but as your root comment alludes to, standard practice is to set an X- header on the reverse proxy to keep source IP.