Ask HN: How do you self-host WireGuard and expose services to public internet?
I'm self hosting wireguard and have several services inside my network I want to expose to the outside world.
My needs are that I would like it to be:
Generally these are low traffic, so I don't need load balancing, but I'm interested in hearing if there are easy options.
- low maintenance: I can set it and forget it, maybe it even reboots itself? Maybe it can tell me when the back-end service is down. - CLI and browser-GUI available. I like to use tools that have a simple configuration I can do with an SSH client on my phone. And, I like to be able to scan quickly a list of services and see what's happening and I feel like you can see that best in a browser window. - prefer to self-host, but if there are good free tiers, I'm interested in that. - consistent DNS, so I can easily put a CNAME in front of it if I need to. - I'm happy to run a low cost VM on vultr as my egress point if I need an extra machine. - Secure: obviously I would like this to be so simple and easy to setup that I avoid accidentally exposing the rest of my wireguard network.
For the record, I love tailscale and what they are doing, but I really prefer to self-host. I've not played with funnel, but this looks really powerful and perhaps the sheer ease of use of that pushes me to put a few machines on tailscale when I need this.
I've been playing with headscale and netmaker. I don't immediately see that either of these provide this feature, am I wrong?
Just got easy-wg running as a container with a port opening in my gw.
This looks great, thanks!