I have two machines running docker. A (powerful) and B (tiny vps).
All my services are hosted at home on machine A. All dns records point to A. I want to point them to B and implement split horizon dns in my local network to still directly access A. Ideally A is no longer reachable from outside without going over B.
How can I forward requests on machine B to A over a tunnel like wireguard without loosing the source ip addresses?
I tried to get this working by creating two wireguard containers. I think I only need iptable rules on the WG container A but I am not sure. I am a bit confused about the iptable rules needed to get wireguard to properly forward the request through the tunnel.
What are your solutions for such a setup? Is there a better way to do this? I would also be glad for some keywords/existing solutions.
Additional info:
- Ideally I would like to not leave docker.
- Split horizon dns is no problem.
- I have a static ipv6 and ipv4 on both machines.
- I also have spare ipv6 subnets that I can use for intermediate routing.
- I would like to avoid cloudflare.
Tailscale maybe? They have a mode where you can configure a site to site links, you could route the docker networks. https://tailscale.com/kb/1019/subnets
I have heard of it seems like a good option. If you use it please tell me if it can fullfil my requirements.
Mhh I didn’t know headscale exists. Tailscale being proprietary was the main thing keeping me from using it.
I haven’t used Tailscale myself, but it seems like it’s basically just a Wireguard frontend.
Although correct, there feature set is amazing and expanding. Tailscale is my number one tool of choice, these days, it’s so simple and so handy.
“Technically correct” is the best form of correct. Though having tried setting up Wireguard in the past, having a dead-simple solution like Tailscale might be worth trying it out, especially with the 100 device free tier