I think it was… Cyberwar/crime is the new kind of war, it can be deadly and put a whole country/system on halt with a lot of consequences (human and resources).

Most people would call out conspiracy theory, but I do firmly believe that those higher ups are doing WAY more bad things behind our backs than we can imagine.

But hey we have no proofs, except those lost trails left by good people who need to hide their own asses because the government are looking for them for crime against the government?

That’s exactly why I value privacy and doing everyday my best to leave as less information about me as possible. Sure they have the mean/money to find where I live in seconds but they won’t get that information without a fight ! F#CK big corporations !

Hi there ! Sorry my English is not that good, but I’m doing the best I can !

Actually, I do not have a VPS. I use an old spare laptop as server which handles everything.

I have Wireguard barebone installed with a a second external wireguard interface and some iptables to send all traffic to ProtonVPN.

All my containers,on the same laptop, are directly reachable via this configuration and HTTPS is handle by Treafik with my self-signed local certificates (root CA with intermediate CA).

Eg: From my mobile over WiFi or 4G I can access all my containers where ever I’m. My endpoint in my Wireguard’s confirguration (on my phone) being my home’s public IP.

I hope I answered your question? If not I’m willing to give you a diagram of my setup, this will probably clear up the confusion/question? And will probably be way more explicit than my broken English 😄.

Probably what you’re looking for is the following setup:

docker <-> services <-> reverse proxy <-> VPN <-> Internet

1. Your next step is to chose a reverse proxy to handle your requests and serve your services on port 80 and port 443. There are several choice and you have to somehow stick with it, because each reverse proxy has it’s up and downsides and learning curve:

• Treafik (that’s the one I use and is specifically made for containers)
• Caddy (Never used it but heard only good things about it)
• Nginx (this one is a beast to tame, however I heard it’s easier to setup with nginx proxy manager)

Those are the 3 big players I’m aware of.

2. You reverse proxy ready and functional you need something to access them outside your LAN. There are also several ways to achieve the same goal. The one I use and are happy with is to configure Wireguard on your server and only open the port needed to connect to it.

This is also a big part and probably this is the route of a tinkerer and have lot of personal time to spare… There are easier AIO routes that will probably save you time and energy. (Others will point you to the right direction)

3. Bonus tip

You will rapidly understand the necessity of DNS. Reaching out to your services by IP:PORT will annoy you over time, even if you save them as bookmarks. Also if you don’t assign a static IP to your containers they will change every time you restart them or reboot your server. Not very practical !!

Here you have 2 choices:

• personal mini certificate authority (totally free and personal local domains but harder to setup)
• cheap domain name with automatic certificate generation.

I personally chose the tinkerer route and learning process. But I have time to spare and while I prefer this route… It’s very time consuming and involves a lot of web crawling and books reading.

If you are interested I can recommend you a good ebook on how to setup your own mini-CA :).

Hope it helps, you are halfway through !