<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Tunnel on marktaguiad.dev</title>
    <link>https://marktaguiad.dev/tags/tunnel/</link>
    <description>Recent content in Tunnel on marktaguiad.dev</description>
    <generator>Hugo</generator>
    <language>en-us</language>
    <managingEditor>marktaguiad@marktaguiad.dev (Mark Taguiad)</managingEditor>
    <webMaster>marktaguiad@marktaguiad.dev (Mark Taguiad)</webMaster>
    <copyright>marktaguiad.dev</copyright>
    <lastBuildDate>Sun, 17 May 2026 00:00:00 +0000</lastBuildDate>
    <atom:link href="https://marktaguiad.dev/tags/tunnel/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>Secure Reverse Proxying Behind NAT Using WireGuard and Caddy</title>
      <link>https://marktaguiad.dev/post/tun-wg-cad-cf/</link>
      <pubDate>Sun, 17 May 2026 00:00:00 +0000</pubDate><author>marktaguiad@marktaguiad.dev (Mark Taguiad)</author>
      <guid>https://marktaguiad.dev/post/tun-wg-cad-cf/</guid>
      <description>&lt;p&gt;I’m migrating my existing reverse proxy and TLS termination setup from Pangolin to a simpler and more flexible architecture using Caddy and WireGuard.&lt;/p&gt;&#xA;&lt;h1 id=&#34;table-of-contents&#34;&gt;Table of Contents&lt;/h1&gt;&#xA;&lt;nav id=&#34;TableOfContents&#34;&gt;&#xA;  &lt;ol&gt;&#xA;    &lt;li&gt;&lt;a href=&#34;#prerequisite&#34;&gt;Prerequisite&lt;/a&gt;&lt;/li&gt;&#xA;    &lt;li&gt;&lt;a href=&#34;#vps-public-ip&#34;&gt;VPS (Public IP)&lt;/a&gt;&lt;/li&gt;&#xA;    &lt;li&gt;&lt;a href=&#34;#wireguard-peer-local-server&#34;&gt;Wireguard Peer (Local Server)&lt;/a&gt;&lt;/li&gt;&#xA;    &lt;li&gt;&lt;a href=&#34;#caddy-vps&#34;&gt;Caddy (VPS)&lt;/a&gt;&lt;/li&gt;&#xA;    &lt;li&gt;&lt;a href=&#34;#docker-network&#34;&gt;Docker Network&lt;/a&gt;&lt;/li&gt;&#xA;  &lt;/ol&gt;&#xA;&lt;/nav&gt;&#xA;&lt;h3 id=&#34;prerequisite&#34;&gt;Prerequisite&lt;/h3&gt;&#xA;&lt;ul&gt;&#xA;&lt;li&gt;Server with public IP&lt;/li&gt;&#xA;&lt;li&gt;Local Server (NAT or CGNAT)&lt;/li&gt;&#xA;&lt;li&gt;Domain from Cloudflare&lt;/li&gt;&#xA;&lt;/ul&gt;&#xA;&lt;h3 id=&#34;vps-public-ip&#34;&gt;VPS (Public IP)&lt;/h3&gt;&#xA;&lt;p&gt;Install Wireguard.&lt;/p&gt;&#xA;&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;ln&#34;&gt;1&lt;/span&gt;&lt;span class=&#34;cl&#34;&gt;sudo apt update&#xA;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;ln&#34;&gt;2&lt;/span&gt;&lt;span class=&#34;cl&#34;&gt;sudo apt install wireguard resolvconf -y&#xA;&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;Create private key, public key and remove unnecessary permissions from the keys.&lt;/p&gt;</description>
    </item>
  </channel>
</rss>
