mosskoi/easy-docker-VPS-reverse-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
mk
2026-01-01 11:51:43 -03:00
commit cf9f166d6b
8 changed files with 552 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

208
vps/ports.sh Normal file
View File

@@ -0,0 +1,208 @@
#!/bin/bash
# Manage port forwarding from VPS to home server via WireGuard
set -e
INTERFACE=$(ip route | grep default | awk '{print $5}' | head -n1)
HOME_SERVER="10.0.0.2"
show_help() {
echo "Port Forwarding Manager"
echo "========================"
echo "Forward ports from VPS to home server via WireGuard tunnel."
echo ""
echo "Usage: $0 <command> [options]"
echo ""
echo "Commands:"
echo " list Show all currently forwarded ports"
echo " add <port> [protocol] Forward a port to home server"
echo " remove <port> [protocol] Stop forwarding a port"
echo " help Show this help message"
echo ""
echo "Protocol options:"
echo " tcp - TCP only (default)"
echo " udp - UDP only"
echo " both - TCP and UDP"
echo ""
echo "Examples:"
echo " $0 list # Show all forwarded ports"
echo " $0 add 25565 # Forward Minecraft server (TCP)"
echo " $0 add 7777 udp # Forward UDP port 7777"
echo " $0 add 27015 both # Forward game server (TCP+UDP)"
echo " $0 remove 25565 # Stop forwarding port 25565"
echo " $0 remove 7777 udp # Stop forwarding UDP port 7777"
echo ""
echo "Notes:"
echo " - Ports 80 and 443 are reserved for Traefik (HTTP/HTTPS)"
echo " - Changes are saved automatically and persist after reboot"
echo " - Run as root (sudo)"
}
show_add_usage() {
echo "Error: Missing port number"
echo ""
echo "Usage: $0 add <port> [protocol]"
echo ""
echo "Arguments:"
echo " port Port number to forward (required)"
echo " protocol tcp (default), udp, or both"
echo ""
echo "Examples:"
echo " $0 add 25565 # Forward TCP port 25565"
echo " $0 add 7777 udp # Forward UDP port 7777"
echo " $0 add 27015 both # Forward both TCP and UDP"
}
show_remove_usage() {
echo "Error: Missing port number"
echo ""
echo "Usage: $0 remove <port> [protocol]"
echo ""
echo "Arguments:"
echo " port Port number to stop forwarding (required)"
echo " protocol tcp (default), udp, or both"
echo ""
echo "Examples:"
echo " $0 remove 25565 # Stop forwarding TCP port 25565"
echo " $0 remove 7777 udp # Stop forwarding UDP port 7777"
echo " $0 remove 27015 both # Stop forwarding both TCP and UDP"
}
show_invalid_protocol() {
echo "Error: Invalid protocol '$1'"
echo ""
echo "Valid protocols:"
echo " tcp - TCP only (default)"
echo " udp - UDP only"
echo " both - TCP and UDP"
}
list_ports() {
echo "=== Forwarded Ports ==="
echo ""
local found=0
iptables -t nat -L PREROUTING -n 2>/dev/null | grep -E "dpt:" | grep "10.0.0.2" | \
awk '{for(i=1;i<=NF;i++) if($i ~ /dpt:/) print $2, $i}' | \
sed 's/dpt://' | \
while read proto port; do
echo " $port ($proto)"
found=1
done
if [ $found -eq 0 ]; then
# Check again since subshell doesn't preserve variable
if ! iptables -t nat -L PREROUTING -n 2>/dev/null | grep -q "10.0.0.2.*dpt:"; then
echo " No ports currently forwarded (besides 80/443 for Traefik)"
fi
fi
echo ""
}
add_port() {
local port=$1
local proto=$2
echo "Adding $proto port $port -> $HOME_SERVER:$port"
iptables -t nat -A PREROUTING -i $INTERFACE -p $proto --dport $port -j DNAT --to-destination $HOME_SERVER:$port
iptables -A FORWARD -i $INTERFACE -o wg0 -p $proto --dport $port -j ACCEPT
}
remove_port() {
local port=$1
local proto=$2
echo "Removing $proto port $port"
iptables -t nat -D PREROUTING -i $INTERFACE -p $proto --dport $port -j DNAT --to-destination $HOME_SERVER:$port 2>/dev/null || echo " NAT rule not found"
iptables -D FORWARD -i $INTERFACE -o wg0 -p $proto --dport $port -j ACCEPT 2>/dev/null || echo " FORWARD rule not found"
}
save_rules() {
echo ""
echo "Saving iptables rules..."
netfilter-persistent save >/dev/null 2>&1
echo "Done! Changes will persist after reboot."
}
# Main
case ${1:-} in
help|--help|-h)
show_help
;;
list)
list_ports
;;
add)
if [ -z "${2:-}" ]; then
show_add_usage
exit 1
fi
PORT=$2
PROTOCOL=${3:-tcp}
case $PROTOCOL in
tcp)
add_port $PORT tcp
;;
udp)
add_port $PORT udp
;;
both)
add_port $PORT tcp
add_port $PORT udp
;;
*)
show_invalid_protocol $PROTOCOL
exit 1
;;
esac
save_rules
;;
remove)
if [ -z "${2:-}" ]; then
show_remove_usage
exit 1
fi
PORT=$2
PROTOCOL=${3:-tcp}
case $PROTOCOL in
tcp)
remove_port $PORT tcp
;;
udp)
remove_port $PORT udp
;;
both)
remove_port $PORT tcp
remove_port $PORT udp
;;
*)
show_invalid_protocol $PROTOCOL
exit 1
;;
esac
save_rules
;;
"")
echo "Error: No command specified"
echo ""
echo "Usage: $0 <command> [options]"
echo ""
echo "Commands:"
echo " list Show all forwarded ports"
echo " add <port> [protocol] Forward a port"
echo " remove <port> [protocol] Stop forwarding a port"
echo " help Show detailed help"
echo ""
echo "Run '$0 help' for more information."
exit 1
;;
*)
echo "Error: Unknown command '$1'"
echo ""
echo "Valid commands: list, add, remove, help"
echo ""
echo "Run '$0 help' for more information."
exit 1
;;
esac

57
vps/setup.sh Normal file
View File

@@ -0,0 +1,57 @@
#!/bin/bash
# VPS Setup Script - Run on your Debian VPS as root
set -e
echo "=== Installing WireGuard ==="
apt update
apt install -y wireguard
echo "=== Generating Keys ==="
cd /etc/wireguard
umask 077
wg genkey | tee privatekey | wg pubkey > publickey
echo ""
echo "========================================"
echo "VPS Private Key (put in wg0.conf):"
cat privatekey
echo ""
echo "VPS Public Key (put in home server config):"
cat publickey
echo "========================================"
echo ""
echo "=== Copy your wg0.conf to /etc/wireguard/wg0.conf ==="
echo "=== Then replace VPS_PRIVATE_KEY with the private key above ==="
echo "=== And replace HOME_PUBLIC_KEY with your home server's public key ==="
echo ""
echo "=== Enabling IP Forwarding ==="
echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/99-wireguard.conf
sysctl -p /etc/sysctl.d/99-wireguard.conf
echo "=== Setting up iptables rules ==="
# Get the main network interface (usually eth0 or ens3)
INTERFACE=$(ip route | grep default | awk '{print $5}' | head -n1)
echo "Detected interface: $INTERFACE"
# Forward ports 80 and 443 to home server via WireGuard
iptables -t nat -A PREROUTING -i $INTERFACE -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2:80
iptables -t nat -A PREROUTING -i $INTERFACE -p tcp --dport 443 -j DNAT --to-destination 10.0.0.2:443
iptables -A FORWARD -i $INTERFACE -o wg0 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -i $INTERFACE -o wg0 -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -i wg0 -o $INTERFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
echo "=== Making iptables persistent ==="
apt install -y iptables-persistent
netfilter-persistent save
echo "=== Enabling WireGuard service ==="
systemctl enable wg-quick@wg0
echo ""
echo "=== After you update wg0.conf with keys, run: ==="
echo "systemctl start wg-quick@wg0"
echo ""
echo "=== Done! ==="

8
vps/wg0.conf Normal file
View File

@@ -0,0 +1,8 @@
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = VPS_PRIVATE_KEY
[Peer]
PublicKey = HOMELAB_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32