Port forwarding workaround using wireguard (Requires VPS) - D31TO/VPS-Experiments GitHub Wiki

Requirements

Any VPS that can support being a Wireguard server. Running an OS that supports Wireguard.

A domain

A basic knowledge in Linux shell

For this tutorial I am using Ubuntu LTS 24.04.

Step 1

Install Wireguard server and configure it as needed.

For this tutorial we will be using this script to install Wireguard.

For all of the settings, default works fine.

When setting up the first client, make sure to make note of the internal IP dedicated to them (Eg. "10.66.66.2".) As well as where said client file gets stored.

Step 2

Install docker on the VPS system with this.

Then follow this to install docker compose too.

Next, make a directory called whatever you like, and CD to it. Then create a file called "docker-compose.yml" Inside of the file paste in this

Quick note: In the "Ports" section, you can add any other ports that you want to be "port forwarded" so for example for a minecraft server you would want to add 25565. You can also specify whether you want UDP or TCP by adding a /tcp or /udp after the IP.

Examples: '25565:25565/tcp' '25565:25565/udp'

You should then enter docker-compose up -d to launch NPM at the servers IP at port 81. Here you should log in with the credentials below and then change the username and password to something more secure.

Email: [email protected] Password: changeme

Step 3

Next we will create a systemctl system so that Nginx Proxy Manager starts at server launch. This can be done by creating a new file at /etc/systemd/system/ called npm.service and paste in the contents of this. There is a part of the .service that needs to be edited to the path of where your NPM's docker-compose.yml is located.

Then enter systemctl enable npm

Step 4

Now we are going to configure the client device, which will host the service that require the port forwarding. We will be doing this as if said client is a linux server device.

if on a Debian based distribution, type in apt install wireguard and wait for that to complete.

Step 5

Using your favorite SFTP/FTP client. Download the client config file that you created during the installation in step 1. And then upload it somewhere available in your clients system.

Nano into the client file on the client system and copy the contents and then go to /etc/wireguard/wg0.conf and paste it in.

Step 6

Then make the device connect to the vpn with systemctl enable --now wg-quick@wg0. This will make the device always connect to the VPN, even after restart.

Step 7

With your domain, make it so that it has an A record pointing to the IP address of the VPN server. This can then be used with NPM.

Step 8

Go onto NPM and then configure either a proxy host if you want to forward http/s traffic or a Stream if you wish to configure TCP/UDP traffic.

REMINDER: PORTS NEED TO BE OPENED IN THE docker-compose.yml FILE.

For streams, set the forward host to your "10.66.66.2" IP (Or whatever it was that you noted down earlier. Then set the incoming and forwarded port to the same. This will then configure on IP requests at that port correctly.

For proxy hosts it is similar to above where the forwarded host needs to be the 10.66.... ip. Make it so that the scheme is http, and then request SSL in the SSL tab if that is something you want. SSL requires a domain. Forwarded port needs to be whatever port you wish for it to forward. The Domain name is whatever your domain is.

Conclusion

That should now work and allow for both game servers and web apps to be hosted without the need for port forwarding on a local device.

Thanks for reading :)