So I have an http server on node A, and a VPS on node B. Both are connected through wireguard on a VPN which consists only of these two nodes. I’m trying to make all the requests that arrive on http/s on node B to be forwarded to A and processed there. Then of course the response must return to the original sender. I’ve seen a million ways to do it online and I’m hitting a brick wall so how would you do it properly on a fresh install (assuming my firewall, ufw in my case, is disabled. I’ll figure it out once routing works as intended)
SSH tunneling is the term for what you need here. You can set it up on either end, and it’ll transparently pipe data from a port on the VPS to your TLS box. Configure the web server to reverse-proxy that port, and you’re up and running.
SSH tunneling is really slow and doesn’t preserve the source IP
SSH tunnels suffer from TCP over TCP, but it’s not too much worse than OpenVPN or wg over TCP on the whole. E.g. https://asciinema.org/a/347146.
Nothing OP mentioned in the post required preserving the source IP, but as your root comment alludes to, standard practice is to set an X- header on the reverse proxy to keep source IP.