Wireguard Reverse Proxy

Generate key

1
wg genkey | tee azure_privatekey | wg pubkey > azure_publickey

Install Wg Client side on all servers

Create config file in /etc/wireguard. For example cone.conf

1
2
3
4
5
6
7
8
9
10
11
[Interface]
# Name = ray
Address = 192.168.168.2/32
PrivateKey = `SERVER_PRIVATE_KEY`
[Peer]
# Name = cone
PublicKey = `HOST_PUBLIC_KEY`
Endpoint = `HOST_IP`:`HOST_PORT`
# Allow IPs from WG
AllowedIPs = 192.168.168.0/24
PersistentKeepalive = 25

Notice: 192.168.168.2/32 should be set to a specific IP for machine in wg network.

Host side config

For example: cone.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[Interface]
# Name = conf
Address = 192.168.168.1/24
ListenPort = `HOST_PORT`
PrivateKey = `HOST_PRIVATE_KEY`
[Peer]
# Name = ray
PublicKey = `SERVER_PUBLIC_KEY`
AllowedIPs = 192.168.168.2/32
# If have multiple machines
[Peer]
# Name = jazz
PublicKey = ...
AllowedIPs = 192.168.168.3/32
[Peer]
# Name = gala
PublicKey = ...
AllowedIPs = 192.168.168.4/32

Start Instructions

  1. Genrate keys
  2. Start host on host-side: wg-quick up cone
  3. Start clients on client-side: wg-quick up cone
Skill
Wireguard Reverse Proxy
http://blog.chivier.site/2024-04-28/2024/Wireguard-Reverse-Proxy/
Author
Chivier Humber
Posted on
April 28, 2024
Licensed under