I set up a wireguard tunnel between an AWS instance (acting as server) and a personal computer acting as client. Wireguard is installed on both in a docker container (using linuxserver image). On the local computer I have a website that I would like to access from the server using a proxy with Nginx. Basically I want to connect to the ip of the AWS instance and be redirected through the Wireguard tunnel to the website on my local machine. I can curl my website from the docker container of Nginx on the AWS instance but the proxy doesn't work. How can I solve this problem?
AWS instance (Wireguard server and Nginx proxy)
version: "3"
services:
reverseproxy:
container_name: reverseproxy
build: .
restart: unless-stopped
network_mode: service:wireguard
wireguard:
image: lscr.io/linuxserver/wireguard:latest
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Rome
- SERVERURL=107.22.140.0 #optional
- SERVERPORT=51820 #optional
- PEERS=1 #optional
- PEERDNS=auto #optional
- INTERNAL_SUBNET=10.0.0.0 #optional
- ALLOWEDIPS=0.0.0.0/0 #optional
- LOG_CONFS=true #optional
volumes:
- /home/ubuntu/wireguard/config:/config
- /lib/modules:/lib/modules
ports:
- 51820:51820/udp
- 80:80
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: unless-stopped
Nginx configuration of the proxy:
worker_processes 1;
events { worker_connections 1024; }
http {
sendfile on;
upstream docker-proxy {
server 10.0.1.2:80;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
server {
listen 80;
resolver 127.0.0.11 ipv6=off;
location / {
proxy_pass http://docker-proxy/;
proxy_redirect off;
}
}
}
Local machine with Wireguard and local website:
version: '3'
services:
nginx:
container_name: nginx
#depends_on:
#- reverseproxy
image: nginx:alpine
restart: unless-stopped
ports:
- 80:80
networks:
vpn:
ipv4_address: 10.0.1.2
wireguard:
image: lscr.io/linuxserver/wireguard:latest
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Rome
- SERVERURL=wireguard.domain.com #optional
- SERVERPORT=51820 #optional
- PEERS= #optional
- PEERDNS=auto #optional
- INTERNAL_SUBNET=10.0.0.0 #optional
- ALLOWEDIPS=0.0.0.0/0 #optional
- LOG_CONFS=true #optional
volumes:
- /home/user/dev/nginx-proxy/config:/config
- /lib/modules:/lib/modules
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: unless-stopped
networks:
vpn:
ipv4_address: 10.0.1.5
networks:
vpn:
ipam:
config:
- subnet: 10.0.1.0/8