Expose Docker Containers to Public with Self-hosted Gateway

Self-hosted Gateway is a free and open-source self-hosted Docker native tunneling to localhost.

It enables developers to expose local docker containers to the public Internet via a simple docker compose interface.

This project automates the provisioning of Reverse Proxy-over-VPN (RPoVPN) WireGuard tunnels with Caddy and NGINX. It is particularly well suited for exposing docker compose services defined in a docker-compose file to the public Internet.

There's no code or APIs, just an ultra generic NGINX config and some short provisioning bash script. TLS certs are provisioned automatically with Caddy's Automatic HTTPS feature via Let's Encrypt or ZeroSSL.

Features

  • Docker native self-hosted alternative to Cloudflare Tunnels, Tailscale Funnel, ngrok and others.
  • Entirely self-hosted and self-managed, includes local and remote tunneling components.
  • No custom code, this project leverages existing battled tested FOSS components:
    • WireGuard
    • Nginx (Gateway)
    • Caddy (Client)
  • Automatic client side HTTPS cert provisioning thanks to Caddy's automatic https.
  • Remote client IPs passed to local container via proxy protocol
  • Enable basic authentication by specifying env variable containing username and password
  • Proxy generic TCP/UDP traffic to localhost with socat

Use-cases

  1. RPoVPN is a common strategy for remotely accessing applications self-hosted at home. It solves problems such as:
  • Self-hosting behind double-NAT or via an ISP that does CGNAT (Starlink, Mobile Internet).
  • Inability to portforward on your local network due to insufficient access.
  • Having a dynamically allocated IP that may change frequently.
  1. Using RPoVPN is ideal for self-hosting from both a network security and privacy perspective:
  • Obviates the need for a static IP or expose your home's public IP address to the world.
  • Utilizes advanced network isolation capabilities of Docker (thanks to Linux network namespaces) in order to isolate locally exposed services from your home network and other local docker services.
  • Built on open-source technologies (WireGuard, Caddy and NGINX).

License

  • AGPL-3.0

Resources & Downloads

GitHub - fractalnetworksco/selfhosted-gateway: Self-hosted Docker native tunneling to localhost. Expose local docker containers to the public Internet via a simple docker compose interface.
Self-hosted Docker native tunneling to localhost. Expose local docker containers to the public Internet via a simple docker compose interface. - fractalnetworksco/selfhosted-gateway







Open-source Apps

9,500+

Medical Apps

500+

Lists

450+

Dev. Resources

900+