Hi, I am investigating Traefik to achieve the following one-off goal. A couple of websites are banned in my country so the idea is to proxy all traffic from our local network to a limited list of hosts in internet through VPN without installing a VPN client to all devices and having a pretty dumb router unable of complicated tuning.
I have a server running Docker with the following containers that mostly do their job:
- Gluetun allows the containers access sites though VPN
- AdGuard Home, being set up by DHCP as a primary DNS server can rewrite domain names for any app that chooses to respect this DNS setting
- Nginx Proxy Manager that I've failed to do what I wanted so I'm looking into Traefik.
The idea is to
- provide Traefik container with the tunnel created by gluetun (
network_mode: "container:gluetun") and open the ports 80 and 443 (probably others) by the means of Docker to the local network - make AdGuard provide a Traefik local ip address for the list of the banned websites with a wildcard in case the apps request some random subdomain (say,
*.youtube.com) - when Traefik gets a request, say, of port 443, make it get the host name and make its own request into the VPN tunnel with the same URL, copying all the request and response bytes between the client and the remote host without any amendments, including all the certificates negotiations etc.
I have already learned about this tls: passthrough: true, but I am failing to word a google question for that "dynamic template for forwarded host name" part, the Deepseek can't get me so if I made myself somewhat clear, would appreciate any help or critics (including "install openwrt")