Secure access
Follow this live
https://blog.thym.at/glt24
Who am I?
Student at Graz University of Technology 🎓
DevOps Engineer/Automation Specialist at
smaXtec
🐄
Linux Advocate and Avid User of FOSS 🐧
Daily Driving NixOS since 2020 ❄️
Conventional Setup
Issues with Conventional Setup
Dynamic DNS not the most reliable
Exposed port(s) on home network
👀
Improved setup
Issues with Conventional Setup
WireGuard can be difficult to setup and manage
Key distribution for all nodes
NAT Traversal and Firewall Exceptions
Proposed Setup
Small rented VPS with public IP
WireGuard data plane
Tailscale clients (most platforms)
Headscale coordination server on VPS
Reverse proxy on VPS
Rented VPS with public IP
WireGuard data plane
WireGuard data plane
Tailscale clients
Headscale coordination server
Reverse Proxy
Reverse Proxy Options
Caddy
Træfik
Nginx
Nginx Proxy Manager
frp
Mentioned Resources
Blog post from Paritosh Bhatia
WireGuard
- Fast, Modern, Secure VPN Tunnel
Tailscale Blog
- Blog post “How Tailscale works”
Tailscale Client
- Tailscale GitHub repository
Headscale
- Open source, self-hosted implementation of the Tailscale control server
Attributions
Network diagrams from Paritosh Bhatia -
Blog post
Port-forwarding diagram -
Blog post
Reverse proxy diagram -
Blog post
Thanks!
curl -sL
https://matthias.thym.at
/card
https://blog.thym.at/p/glt24
