Wiredoor

Wiredoor is a self-hosted ingress-as-a-service platform for securely exposing applications and services running in private networks to the public internet. It creates reverse VPN tunnels using WireGuard and routes inbound traffic through a built-in NGINX reverse proxy.

Key Features

• Reverse VPN tunneling powered by WireGuard for connecting private nodes to a public entrypoint
• Built-in NGINX reverse proxy to publish HTTP services and route traffic by domain
• Expose both HTTP and TCP services, including support for WebSocket connections
• Automatic TLS certificates via Let’s Encrypt, with self-signed fallback for internal/local domains
• Web UI to manage nodes, domains, and exposed services
• CLI-driven setup for registering nodes and creating/revoking exposures
• Optional OAuth2-based authentication per domain/service via an OAuth2 proxy
• Designed to work across environments (Kubernetes, Docker/Compose, VMs, legacy servers, and IoT)

Use Cases

• Publish internal dashboards (for example monitoring tools) without opening inbound firewall ports
• Provide temporary external access to a private service for support, maintenance, or demos
• Expose services running inside Kubernetes clusters, Docker hosts, or on-prem networks through a single public gateway

Wiredoor fits teams and homelabs that want cloud-like ingress control while keeping networking and access fully under their own infrastructure. It provides a consistent way to connect private nodes, map domains, and expose services securely with minimal operational overhead.