Self Hosting Gateway with a VPS

Over the past month or so, I’ve migrated my self hosted setup from having DNS entries point directly to my IP address to using a VPS front followed by a WireGuard connection into the network. It’s very similar to what something like a CloudFlare Tunnel does, but just hacked together myself. Here’s roughly what the diagram looks like:

A network diagram showing a connection from the internet to an internal network. It uses a VPS host and WireGuard to achieve this.

There are a variety of reasons to use a setup like this:

Getting a static IP address.

It may be possible to ask your ISP for a static IP address, but I’m not sure how quite honestly. Using an existing VPS to get one is really simple and works fantastic. This let me shut down my hacked-together script to dynamically update DNS when my IP address changed. This alone makes it worth the while.

It makes my home IP address not as easily known.

The method I’m using now isn’t a perfect privacy magic trick. It does make it slightly harder to know what it is though, instead of it being literally a DNS/ping check away. So that’s kinda nice, though not a big deal to me.

An additional shut-off valve earlier in the pipe.

This is a bit more important to me than #2. If it turns out I need to shut down my series due to some kind of random bot attack or something like that, I have an easy way to do that. So worst case my services go offline, but at least my home connection should stay in-tact.

Can be used as a jump box.

I’m not really using it this way (although I did the other day!) but this method can be used as a jump box from outside your home network into it. That can be handy in some situations.

Can terminate HTTPS here.

Since it uses Wireguard to get into the network itself, we don’t strictly need HTTPS at each hop beyond the VPS. It’s nice and easy to terminate HTTPS in a single spot, though it may be worthwhile to use self-signed certs in other spots.

Eventually I plan on setting it up as a caching endpoint as well, though I haven’t worked through that yet.

There’s a lot more details to share, but I primarily modeled my setup from this blog: https://blog.fuzzymistborn.com/vps-reverse-proxy-tunnel/. Check it out!