So I have an http server on node A, and a VPS on node B. Both are connected through wireguard on a VPN which consists only of these two nodes. I’m trying to make all the requests that arrive on http/s on node B to be forwarded to A and processed there. Then of course the response must return to the original sender. I’ve seen a million ways to do it online and I’m hitting a brick wall so how would you do it properly on a fresh install (assuming my firewall, ufw in my case, is disabled. I’ll figure it out once routing works as intended)
We use nginx for that! It can proxy TCP/UDP in general. You can also have it be your TLS endpoint and then pass stuff back to the backend over plain HTTP, if you trust your VPS, but you don’t have to.
nginx can preserve the source IP with its “proxy_protocol” feature, somewhat (might only work for HTTPS; with proxy_protocol, nginx on server A will then set the appropriate header with the IP it gets from server B). Or if you decrypt on the VPS, it can set the appropriate header for you before sending it back to server A.
I’ve got a guide on how we have ours set up: https://frost.brightfur.net/blog/selfhosting-with-a-bounce-vps-part-1/
– Frost