Thanks a lot! This is kind of the configuration that I have converged to, with nginx and WireGuard. The last thing I need to set up correctly is for the SSL handshake to occur between the client and my home server, and not between the client and the internet-facing VPS, such that the information remains encrypted and unreadable to the VPS. The two strategies that I have seen can do this is SNI routing with nginx or to use stunnel. I still have not been able to set up either!
That’s the next topic then. Thank you
Oh, cool! I have managed to do it with the Wireguard tunnel! I set up a tunnel and use the nginx proxy_pass to redirect through the tunnel. It is pretty nifty that I don’t even need to port-forward!
My next step is: in my current configuration, the SSL handshake occurs between the VPS and connecting client. So the VPS has access to everything that goes through… I need to figure out how to hand-shake through the tunnel such that the VPS does not get the SSL keys.
Thanks a lot for your suggestion!
Thanks! Wireguard was suggested as a VPN, and I am currently playing with that.
From what I have learned today, I think that Wireguard Tunnel is what I want!
First I was able to use nginx as a reverse proxy to route the information from my home network through the VPS. But with this approach the client would do the SSL handshake with the VPS, and then the VPS fetches information from my home network via HTTP. Since there is no encryption layer between my VPS and my home network, I suppose that the flow of information between my home server and the VPS is insecure.
Then, I need to establish some form of encrypted connection between my home server and the VPS… And that is where the Wireguard Tunnel comes in! This tunnel allows me to transfer the information with encryption.
I am still reading and setting it up, but yeah, I’m liking this, thanks!
I asked midjourney to generate a few using prompts such as “minimalistic turtle turquoise green --aspect 3:2”:
https://i.imgur.com/HZVtevO.png
https://i.imgur.com/rXMFvzi.png
https://i.imgur.com/Rac2YHu.png
https://i.imgur.com/BZm5onQ.png
https://i.imgur.com/5TVssVP.png
This is what I would like to do! I was trying to handle the SSL termination ‘automatically’ by simply forwarding the connections to 443 of my machine’s wireguard IP using nginx, but I did not manage to get it to work. That’s when I found that I need to use something like ‘stunnel’ to handle the SSL termination. But I think that you may be suggesting an even simpler method of using port-forwarding instead of the reverse proxy. I am not sure how to achieve that, I will look into it using these terms.