Tuesday, July 15, 2025
support@conference.yunohost.org
July
Mon Tue Wed Thu Fri Sat Sun
  1
 2
 3
 4
 5
 6
7
 8
 9
 10
 11
 12
 13
14
 15
 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
             

[00:34:28] <tcfx> Hey there. I have bought a VPS, and setup a Wireguard connection between my Yunohost home server and the VPS, to bypass port forwarding limitations. I have also setup Nginx on the VPS for it to forward traffic to the home server. This is the current `nginx.conf` of the VPS:

```
user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf;

events {
worker_connections 768;
}

http {
server {
listen 80;
server_name [my site];

location / {
proxy_pass http://10.0.0.2:80;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
}

stream {
server {
listen 443;
proxy_pass 10.0.0.2:443;
proxy_timeout 3s;
proxy_connect_timeout 1s;
}

server {
listen 25;
proxy_pass 10.0.0.2:25;
proxy_timeout 3s;
proxy_connect_timeout 1s;
}

server {
listen 587;
proxy_pass 10.0.0.2:587;
proxy_timeout 3s;
proxy_connect_timeout 1s;
}

server {
listen 993;
proxy_pass 10.0.0.2:993;
proxy_timeout 3s;
proxy_connect_timeout 1s;
}
}

```

Now I have a few issues on the side of the home server.

I think most are just errors from Diagnosis that can be ignored, like "Domain [domain] appears unreachable through HTTP from outside the local network.", which I assume comes from the home server not knowing about the VPS.

***HOWEVER***, I believe the configuration is not complete yet. First, I should forward 25 and 587 *to* the VPS and not from, right? Second, and most importantly: I am now unable to access some of the internet from the home server. If I try to install an application through the admin panel, it will not fetch the information of the application. If I try to ping some site from the home server via SSH, it also doesn't work. What other port connections should I be taking into account?
[12:11:10] <tcfx> 12b: You did something similar, right?
[12:15:48] <12b> I'm not using nginx on the VPS side. I'm just using iptables rules
[12:20:09] <12b> Are you using the yunohst app wireguard client on yunhost side?
[12:24:07] <12b> What I have done is inspired by this forum thread : https://forum.yunohost.org/t/homemade-wireguard-vpn-on-a-vps-server/15662
But I had to do some things differently to make things working for my use case. I need to document my setup but I have not taken the time to do it yet.
[12:30:56] <12b> tcfx: how did you setup the wireguard on the VPS side? Have you added any iptables rules for SNAT / MASQUERADE ?