I’m setting up a self-hosted stack with a bunch of services running on a home device. I’m also tunneling all the traffic through a VPS in order to expose the services without exposing my home IP or opening ports on my local network. Currently all my traffic is HTTP, and its path looks like this:

  • Caddy proxy on remote VPS (HTTPS, :80 & :443)
  • Wireguard tunnel
  • Caddy proxy in Docker on homeserver (HTTP, :80)
  • app containers in separate isolated subnets, shared with Caddy

I want to set up qBittorrent and other torrent apps, and I want all their traffic to pass through the proxies. Proxying traffic to the WebUI is easy, there’s plenty of tutorials; what I’m struggling with is proxying the torrent leeching and seeding traffic, which is the most important part since I live in a country that’s not cool with piracy.

Unless I’m misunderstanding, BitTorrent traffic is TCP or UDP, so I’d need Caddy to act as a Layer 4 proxy. There’s a community-maintained plugin that should support this. How would I configure it though? Do I need both instances to listen on a new port? Or can I open a new port on the VPS only, and forward traffic to the homeserver Caddy over the same port as the HTTP traffic (:80)? Are there nuances in proxying TCP traffic that I should be aware of?

  • HappyTimeHarry@lemm.ee
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    2 months ago

    What you describe doesnt really make sense so ill suggest what i think you really want;

    You want your vps to be the wireguard server, the local PC connects as a client this “proxies” your connection so torrent swarms see the IP of your vps.

    If you want port forwarding it gets a bit complicated because you need to forward the vps port over wireguard, but this is optional so you dont have to worry if you can’t figure it out.

    Caddy doesn’t really seem relevant unless you want to have a domain name that forwards to your home network.

    • andscapeOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      I indeed have a domain name pointing to the VPS IP, with Caddy managing TLS. Other apps are exposed this way, and I will do the same for the qBittorrent WebUI as well. I like having Caddy as a single gateway where I can apply security configs and monitor all traffic, I was hoping I would be able to pass torrent traffic through it as well but everybody seems very much against it.

      I already have wireguard setup as you describe so I guess I’ll just give up on passing torrent traffic through the proxies and just open a localhost port on the qBittorrent container…