lets just start with my use case / problem I like to solve.
My situation is as follows:
- My home-network is 'living' behind an isp-provided dslite tunnel
- I am unable to route to my home-network directly, but would like to use some self-hosted services etc.
- Thats why I am using WireGuard and a VPS to establish a direct connection (tunneled).
- This works very well, and I am already using Traefik as a reverse proxy to connect to services-at-home through my domain.
- What bugs me, is that data intensive services like Nextcloud, Jellyfin etc. always need to tunnel their traffic through my VPS, when their domain (name) is resolved from within my home network.
- I could just set up Treafik on my home-server and connect a direct TCP route coming from all exposed VPS ports.
- I would also like to serve a static portfolio-page directly from the VPS and
- I would like to serve error-pages if something happens to the WG tunnel or my home-internet-connection in general (which is quite common).
That's why I had the following idea:
- Have two Treafik instances (Traefik_Home & Traefik_VPS)
- Let them both hold domain certificates.
- Let Traefik_VPS route all TCP but Host(
domain.example) to Traefik_Home (TLS pass-through).
- Let Traefik_VPS serve error Pages for unreachable Subdomains in case of a broken tunnel / unreachable TCP connection to Traefik_Home
- In my home-network point all traffic that targets my domain to my Traefik_Home Instance (local DNS overwrite).
Is this even possible?
I have a setup similar like described above, with the difference, that Treafik_VPS is currently routing to my local services through WG. A TCP router to HostSNI(
test.domain.example) has been set up in Treafik_VPS as well as an HTTP router Host(
test.domain.example) on Treafik_Home.
It seems to me that Traefik_Home cannot register the test.example.com to route through Traefic_VPS with my DNS Service. I always run into
ERR_NAME_NOT_RESOLVED. Both Traefik instances seem to hold correct certificates.
Given the configuration below, what am I doing wrong?
# TCP Route on Traefik_VPS tcp: routers: rt_test: tls: passthrough: true entryPoints: - websecure - web rule: "HostSNI(`test.domain.example`)" service: srv_test priority: 1 services: srv_test: loadBalancer: servers: - address: "10.0.0.n" # WG client IP
# HTTP Route on Traefik_Home http: routers: rt_dns: tls: certResolver: main entryPoints: - websecure rule: "Host(`test.domain.example`)" service: srv_test services: srv_test: loadBalancer: servers: - url: "http://127.0.0.1:port"
Any better plan?
I am looking forward to any kind of input or direction for troubleshooting this mess.