Self-Hosted Gateway

Self-Hosted Gateway automates provisioning of Reverse Proxy-over-VPN (RPoVPN) WireGuard tunnels to expose local Docker Compose services to the public Internet. It combines Caddy, Nginx and WireGuard to provide per-link tunnels, automatic TLS and a minimal docker-compose workflow.

Key Features

• Automates provisioning of WireGuard-based RPoVPN tunnels that forward traffic from a public gateway to local docker-compose projects. (github.com)
• Uses Caddy on the client side and NGINX on the gateway to handle HTTPS termination, proxying and automatic TLS certificate provisioning. (github.com)
• Docker-native workflow: generate a small "link" docker-compose snippet and run a client container that establishes the tunnel and exposes specified services. (github.com)
• Per-link network isolation via Docker Compose private networks and dedicated WireGuard tunnels, reducing cross-service exposure. (github.com)
• Supports passing remote client IPs to local containers via proxy protocol, basic-auth via env variables, and proxying generic TCP/UDP traffic (socat). (github.com)

Use Cases

• Expose self-hosted web apps, dashboards or development services running in docker-compose to the public Internet without manual port forwarding. (github.com)
• Enable remote access to services from behind CGNAT or double-NAT by terminating traffic on a public VPS gateway and routing it over WireGuard tunnels. (github.com)
• Provide isolated, per-service tunnels for teams who want reproducible, auditable exposure of containerized services. (github.com)

Limitations and Considerations

• Requires a publicly addressable Linux gateway (VPS) with SSH and open ports 80/443 and an open UDP port range; a domain with A records is needed for TLS. (github.com)
• Installation and operation expect familiarity with Docker, docker-compose, Makefiles and basic Linux network/SSH administration; not a turnkey SaaS. (github.com)
• Relies on third-party components (WireGuard, Caddy, NGINX); diagnosis may require troubleshooting across those layers. (github.com)

Self-Hosted Gateway is focused on a reproducible, self-managed pattern for exposing containerized services using reverse-proxy-over-VPN. It is intended for operators comfortable with Docker and VPS administration who want an open-source alternative to commercial tunneling services. (github.com)