Yes, exactly. While this is handy, you want to be cautious about transfer limitations, particularly if serving up media content for when you're on the road, etc.

What bandwith would you say is necessary if I want to stream my media collection if I am on the go somewhere or at a friends house for example?

It's a bit unbelievable, but very cool that so many people like long-form content about Open Source!

Thanks for the tip!

I installed this on a fresh VPS on the server side, and just followed their instructions. Maybe I accidentally cut it during editing. I'm glad you found it, and thank you for sharing.

Very nice!

My pleasure.

I'm learning about it, and I'm hoping to start making more on IPv6 soon. Scott over at the Scottibyte channel does a good bit on IPv6 stuff, and Marc over at @Onemarcfifity also has a great starter video on it. I feel like with IPv6 you wouldn't need a wireguard gateway as you can just route directly to your server's public IPV6 address, right? Maybe I'm not thinking of this correctly. But, if you want IPV6 on this project, then you could always make an update and do a pull request, or just make a request on their issues page to have it added.

It supports IPv6 if the gateway has an IPv6 address

Hope it works. Let me knwo how it goes.

I only set it up myself with subdomains, but no reason it should work with a domain name too. May depend on which application you are trying to expose. You might ask the project team. I recall them being very helpful when I was going through and testing to get things setup initially.

I appreciate the feedback. I'll try to keep this in mind for future content along these lines.

Was wondering the same as I use this exact same setup you mention and is also very easy to setup.

No real difference, except this sets up a docker container with wireguard, and does the nginx-setup for you through the scripts. Really no difference at all I imagine.

I see. Thank you for making this clear! Also generally thanks for sharing all of these different ideas etc. I find them very inspiring. You're doing great job! 👍

The difference is in the details. This approach adheres to ZeroTrust network architecture. Thanks to Docker (network namespaces) each service gets its own isolated network. While it may be easy to set this up manually for a single service the benefit with this approach is that you can add many isolated services quickly via the make link command demonstrated in the video. No changes to nginx or Wireguard configuration necessary. This simplifies the configuration hassle and makes your setup much more reproducible.

@@mobalaa9995 Make sense. Thanks!

Best I can tell you is to check the logs with ‘docker compose logs’ and see if anything jumps out. If not, post an issue to their GitHub or chat space. They were super helpful with me when I did this setup. It definitely may have changed since then.

@@AwesomeOpenSource Oh hey, thanks for responding! Didn't expect that.. I actually got it to work shortly after commenting this! I can't seem to get it to work with seafile though.. Oddly enough nextcloud works. I run into issues adding the generated snippet to my seafile docker compose. Any suggestions?

I don't see it there, so maybe they removed the repository. Not sure why it's not there. Post an issue on their github, in case they don't realize it's been removed.

@@AwesomeOpenSource Thanks for the prompt reply. I'll see if it opens to continue. If it works it will be the best bro. I have set up pfsense behind a modem-router from my provider and I cannot make it just a modem and set pfsense to PPPoE because I won't have a phone. All phone settings are locked inside my provider's modem-router

Hmmm. Yes, if they have hardcoded the SSH, it may fail I suppose. Haven't tried that, but the team (at least at the time of the making of the video was quite responsive and helpful. You might shoot them a message and see if they can help.

@@AwesomeOpenSource I opened an issue 2 weeks ago, unfortunately without reaction till now...

I would suggest NetMaker (I made a couple of videos on it, and one was to specifically route traffic through Wireguard).

@@AwesomeOpenSource ok what i try to do is i have a prxmox server an i I am in us and i went to remote in to a pc in the uk with out opening ports

You'd have to modify it a bit I imagine, the idea behind this is to make your applications accessible from outside. You could just run a proxy container, and put this in it, then proxy traffic from there perhaps. I'd have to think through it a bit. Also, make sure to ask at the project site in their issues section and see if they can provide help on running it outside a container.

@@AwesomeOpenSource I read the Git code and instructions, but I was really lost. I have two cloud hosts and subdomains set up, no problem. I have an Icecast server for a radio scanner feed inside my house in a Debian VM. I have the idea of using Wireguard on one of cloud endpoints and a reverse proxy like caddy or nginx. I don't want to be handheld, but I am lost at this point. Thanks.

Take a look at my recent Netmaker tutorials. I did one where I show how to install and setup egress and ingress, and one where I setup a reverse proxy on my cloud node and use it to forward traffic into my home network without having to open any ports. I think this may be what you need.

For this application as it was setup at the time, it seemed like the least path of resistance to have a domain ready. If you are just wanting to have an IP, maybe check out something like straight wireguard, possibly Tailscale / Headscale.

@@AwesomeOpenSource using wireguard stand alone is not a problem, i deploy a test on digital ocean. My problem is how to provided access to my home network by vpn created. Is missing the last pieces of the puzzle. How to address the single node on Home network? Thanks a lot for your suggestions

@@AwesomeOpenSource very interesting headscale tailscale probably is what i need

I would have to think about it, but I think you could set the tunnel up on the compose file for your NGinX Proxy manager, so all requests are pushed to it, then let it handle your traffic around your network.

@@AwesomeOpenSource I tried this, however I am stuck. I 'published' the Nginx Proxy Manager like I publish any app, established the tunnel, tunnel is UP. but traffic does not flow BEYOND NPM. So I can reach NPM from outside, but not hosts present in NPM

I would definitely consider a tunneling solution given the hinderances your ISP is putting in place. Mail servers may not be possible, but you should really never run a mail server from home anyway if you don't have a static IP and open ports.

Without seeing your setup it's hard to know what you have set.

I think the idea, is that the server needs to tell the client (or vice-versa) how to generate parts of the code that links them together, so they want you to have the SSH keys in place. The keys (I don't believe) don't have to be the same on each machine, but the machines should be able to communicate over SSH using keys.

Should be able to.

I've not personally ome across anything, but that doesn't mean it doesn't exist. You might ask on the self hosted sub-reddit (reddit.com/r/selfhosted)

is use pdfsam

I have seen what cloudflare and Argo have to offer, and indeed they are some great services. I just like to provide options for folks to know what's available out there in the open source world.

@@AwesomeOpenSource I forgot to mention rport and teleport

This solution is closer to true ZeroTrust architecture because you control both sides of the tunnel. Another benefit to this approach is that each service has complete network isolation from other services and the underlying host. Not to mention this is effectively a no code solution relying only on Docker, nginx, WireGuard.

@@mobalaa9995 That's correct, but I wouldn't call the applications, systems and methods used (docker, nginx, authelia, etc.) "my control", since there can also be errors and vulnerabilities in the code here. Nevertheless, I believe that we are on a fairly high level of safety here, so everything is fine. I see the advantage of CF in the fact that on the one hand I neither need a dedicated cloud server ("Deutsche Glasfaser" > CGNAT), nor that I have to open ports to the outside and on top of that I can define further application rules to protect my services (e.g. country of origin , login method, mail domain etc.). That gives me an even better feeling of security, even if that's partly due to CF. Incidentally, the traffic from Cloudflare ends up on a dedicated server in my DMZ, from which only the required traffic (port, protocol) to the relevant internal server is allowed - so here's another security aspect.

Those are all fair points. I think it depends mostly on how “independent “ you want to be of 3rd party providers. With CF if they raise prices or change their terms of use you will be stuck looking for another solution. With this selfhosted-gateway you can deploy anywhere with a public IP address. I agree that CF has many more features for now but we hope to add the same capabilities to this open source solution. Thanks for the reply.

I remember seeing that as well, but I think maybe they meant the server doesn’t require it. Not sure though. Ask on their GitHub and see what they say.

@@AwesomeOpenSource Thank you for the reply. I asked directly on the CEOs twitter (he usually comments here too) and I'm waiting for a reply. The server definitely requires docker.

It will depend on how many sites you wan to forward. I woudl guess that 512 will handle several sites without issue. Keep in mind, that there are also transfer limits on droplets. So, if you're using something like streaming movies, that limit could potentially be reached. I'm guessing the traffic is proxied all the way, and there's not a peer connection made to the server from your local device.

CPU load will depend on traffic. For low traffic services the concern is not CPU but RAM. Each link takes approximately 5mb of RAM so there is a limit on the number of links a system can support. You can route many services through a single link but then you lose the benefit of the ZeroTrust network architecture this project provides.

@@mobalaa9995 Another question, if I get a load balancer or an option with multiple IP addresses, can I allocate each IP to a given tunnel ?

@@DamjanDimitrioski that should be possible but it would be helpful to have more context on what you want to achieve. Drop by our Matrix channel and we can discuss further: matrix.to/#/%23fractal:ether.ai

Definitely give it a try, it's really great stuff.

Tailscale is a freemium product.

I have. I haven't done Tailscale yet, but want to in the future, more around Headscale though. Teleport, I need to tackle as well, just haven't gotten there yet.

This just runs on Docker and Docker-compose... not sure how you would get it going with native. I'm working on another video for Wireguard that may help with your specific setup.

@@AwesomeOpenSource that would be awesome as, as much as I love Linux I can't always run it on ever application/use case

So, in theory this should work. If you don't have a VPS provider, and you just want to try it out, you can use the Digital ocean link in the description to get a $50 credit, then cancel if it's not working for you.

@@AwesomeOpenSource thank you then I will give it a try this weekend. Until last year I had 6mbit down, 0.5mbit upload but my own ipv4. I could use one of my computer as server, but it was slow as hell. Now I have fiber with 600/300mbit and only dslite and can't use my server anyway. Things changed but did not get any better... Hopefully your tool will help:)

If you are trying to just get into your network, then you can use the same concept, but use the Pritunl VPN open source option. I use it for that purpose, and it's great, easy to setup, and has easy to use clients for all the OSes. kzbin.info/www/bejne/aX_VmZunid2XrKM

I'll see if I can work on it in the future.

You might look at the docker containers for your registrar if you have a domain you want to use, and see if there's is a DDNS container for them. I use one for Cloudflare, so I get an updated IP, same for GoDaddy.

@@AwesomeOpenSource so the ip updater docker runs on the server to monitor ip change? i don't think duckdns supports wildcard dns etc so i'm guessing for each service i would like to point to a url i would need to create a specific url

DuckDNS doesn't as far as I know, but if you had your own domain, like my-super-great-domain.org, then you could use CloudFlare DNS, and a cloudflare dynamic updater to keep your IP up to date. Was just throwing that out there.

@@AwesomeOpenSource can you recommend a good service for getting a domain pls?

I like Hover. I've used them for a lot of domains, their DNS controls are great, and their chat support is tops as well. I have a code in the contact section of my video descriptions that can give you a discount with them as well. There are plenty of good registrars out there though.

I can't say specifically, as "better" is often objective. But I prefer to control the mechanism behind the tunnel, even if I don't own the physical hardware. If Cloudflare tunnels work for you, then by all means use them. I'm just providing options.

I'm not following what this issue is. You can reach things by IP and by domain, so what is it you are asking for?

@@AwesomeOpenSource How to access the devices/services using my domain name (reverse proxy)and encrypted thru the vpn. I hopes that this clarify my question. 😀

Thank you.

Indeed, Cloudflare is an option, but if you want to control both sides of the tunnel (more control anyway), then this, to me is the better option. IF Cloudflare works for you, by all means, use the tool that works best for you.

Interesting that you can't. but maybe do an outgoing portscan and see if there are certain ports being blocked?

open source + ingenuity = freedom

Running "make docker" should resolve this

@@thebalaa Thank You!