I’m setting up a self-hosted stack with a bunch of services running on a home device. I’m also tunneling all the traffic through a VPS in order to expose the services without exposing my home IP or opening ports on my local network. Currently all my traffic is HTTP, and its path looks like this:
- Caddy proxy on remote VPS (HTTPS, :80 & :443)
- Wireguard tunnel
- Caddy proxy in Docker on homeserver (HTTP, :80)
- app containers in separate isolated subnets, shared with Caddy
I want to set up qBittorrent and other torrent apps, and I want all their traffic to pass through the proxies. Proxying traffic to the WebUI is easy, there’s plenty of tutorials; what I’m struggling with is proxying the torrent leeching and seeding traffic, which is the most important part since I live in a country that’s not cool with piracy.
Unless I’m misunderstanding, BitTorrent traffic is TCP or UDP, so I’d need Caddy to act as a Layer 4 proxy. There’s a community-maintained plugin that should support this. How would I configure it though? Do I need both instances to listen on a new port? Or can I open a new port on the VPS only, and forward traffic to the homeserver Caddy over the same port as the HTTP traffic (:80)? Are there nuances in proxying TCP traffic that I should be aware of?
Nooooo…that’s not what I’m saying.
I’m seriously not trying to be rude here, but I went and read the rest of the thread just now. Your understanding of processes, networks and VPNs is wildly misinformed. I think you need to spend some time learning about each before you go and dismiss what everyone is telling you here, which is that you’re trying to make an overcomplicated and very inefficient VPN right now.
Running a torrent client through a proxy doesn’t isolated a process. Especially not when you’re pushing the traffic through a local proxy. You also don’t need to forward any ports.
Connect to the VPN, make sure your traffic is routing there properly, and you’re done. OR, you really want a proxy, you setup a proxy. You don’t need both, and neither gains you any security. If you’re concerned about process isolation, that’s a whole other thing you should read up on.
Resetting the “time since last being told I don’t know shit on the internet” back to 0 once again…
I already have an existing and working setup used for other apps, it’s close to the one described in this blogpost. Yes, it’s complicated and inefficient, but it has reasons to be. I want to keep my qBittorrent configuration as close to this setup as reasonably possible for consistency. If your point is that it’s counterproductive to follow this setup then… fair enough. I can just route traffic from the VPS to an exposed port on the local qBittorrent container over Wireguard, but that wasn’t my preferred solution.
Running a torrent client through a proxy doesn’t isolated a process.
I was talking about network isolation, not process isolation.
make sure your traffic is routing there properly
That was pretty much what I was asking for help with.
Well everyone here is telling you what the problem is. If you’re trying to go by every step in that blog post you linked, that’s wrong for what you’re trying to do. That’s a reverse proxy for HTTP requests.