Selfhosted

This one works , I myself have done it cause my shitty isp needs a huge payment for a static public ip. A 5$ VPS was much cheaper . Server behind NAT I can help if you got any doubts

Yeah you probably need a second IP address on the VPS though.

I open a wire guard tunnel from home to the VPS and then tunnel an Nginx ingress down the VPS.

I did this. Works flawlessly for half year now. I have x86 thin client at home running all my stuff, it creates tunnel to my VPS (I use Free tier Oracle VPS - yes, it is a shit company, I know, no need to let me know again in the comments). Works like a charm. This GitHub repo has automated installer for Oracle, Amazon,... https://github.com/mochman/Bypass_CGNAT/wiki/Oracle-Cloud-(Automatic-Installer-Script) - it installs and configures Wireguard on both server (VPS) and client (your home machine).

I had a similar problem like you. My provider only gives me a public IPv6 but no public IPv4. Im using a VPS with an IPv4 with jool to set up SIIT-DC https://nicmx.github.io/Jool/en/siit-dc.html

This converts all IPv4 traffic arriving at the VPS to IPv6 traffic which gets then directly routed to my homeserver.

Not sure if this setup would work for you. This is not a viable solution if you are completly behind a CGNAT without even a public IPv6.

Pro:

• Works without any sensitive Data on the VPS (SSl certificates/passwords...)
• Works for all IP based traffic (TCP,UDP,ICMP)
• The original source IPv4 can be restored by the homeserver Contra:
• AFAIK you cannot choose to only forward some TCP ports. Everything gets redirected.
• You cannot access the VPS via IPv4 anymore since it gets redirected to your homeserver. (I only access my VPS via IPv6)
• No (additional) encryption. (This is no problem for me since all my traffic is already e2e encrypted)

Here https://wiki.gardiol.org/doku.php?id=router:ssh_tunnel

Not sure exactly how good this would work for your use case of all traffic, but I use autossh and ssh reverse tunneling to forward a few local ports/services from my local machine to my VPS, where I can then proxy those ports in nginx or apache on the VPS. It might take a bit of extra configuration to go this route, but it's been reliable for years for me. Wireguard is probably the "newer, right way" to do what I'm doing, but personally I find using ssh tunnels a bit simpler to wrap my head around and manage.

Technically wireguard would have a touch less latency, but most of the latency will be due to the round trip distance between you and your VPS and the difference in protocols is comparatively negligible.

I managed this by using tailscale, with a kind of weird setup I think, but it just works.

I have tailscale on the VPS and my local server, let's say its tailscale name is potatoserver

Then with Caddy on the VPS i have something like:

mywebsite.com { reverse_proxy potatoserver:port }

And so mywebsite.com is accessible on the clearnet through the VPS

Though given you're getting rid of cloudflare tunnles I don't know if you'd want to get into Tailscale. There's Headscale too but I haven't worked with it so I can't comment

I use rathole https://github.com/rapiz1/rathole
Its been solid.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

[Thread #635 for this sub, first seen 27th Mar 2024, 18:15] [FAQ] [Full list] [Contact] [Source code]