Ask HN: How do you self-host WireGuard and expose services to public internet?

I'm self hosting wireguard and have several services inside my network I want to expose to the outside world.

My needs are that I would like it to be:

  - low maintenance: I can set it and forget it, maybe it even reboots itself? Maybe it can tell me when the back-end service is down.
  - CLI and browser-GUI available. I like to use tools that have a simple configuration I can do with an SSH client on my phone. And, I like to be able to scan quickly a list of services and see what's happening and I feel like you can see that best in a browser window.
  - prefer to self-host, but if there are good free tiers, I'm interested in that.
  - consistent DNS, so I can easily put a CNAME in front of it if I need to.
  - I'm happy to run a low cost VM on vultr as my egress point if I need an extra machine.
  - Secure: obviously I would like this to be so simple and easy to setup that I avoid accidentally exposing the rest of my wireguard network.
Generally these are low traffic, so I don't need load balancing, but I'm interested in hearing if there are easy options.

For the record, I love tailscale and what they are doing, but I really prefer to self-host. I've not played with funnel, but this looks really powerful and perhaps the sheer ease of use of that pushes me to put a few machines on tailscale when I need this.

I've been playing with headscale and netmaker. I don't immediately see that either of these provide this feature, am I wrong?

8 points | by xrd 368 days ago


  • hxugufjfjf 368 days ago
    Just got easy-wg running as a container with a port opening in my gw.
    • xrd 368 days ago
      This looks great, thanks!