Fly.io as a VPN tunnel/proxy: Updating config?

Questions / Help
1

Right now, I am using a small VPS to handle this, but my current provider is … not so good, let’s put it that way. But what I have managed to do is to set up a neat infra where I use Softether VPN to link my home server to my remote server, use Caddy to reverse proxy to where requests need to go - be it on the remote server itself or on my home server, in which case the VPN IP is used to send requests. I even managed to synchronize the TLS state via Redis!

But, as I mentioned, my current provider is not so good… So I want to move to home-hosting, entirely, but keep using my Softether setup as a makeshift/selfmade cloudflared or ngrok. So far, so good; just making a docker image that starts Softether and Caddy is pretty trivial.

However, I would like to know how I can best work with config files. I am not used to deploy containers - I have been using VPSes for a long, long time. Fly.io’s free tier is perfect; neither Softether nor Caddy need more than 250MB, ever. So that should be super sufficient to just host effectively a “frontend”.

How do I handle config updates - and file storage in general? I am currently using Wasabi’s S3 API to store encrypted off-site backups (via rclone and the crypt layer). Would that be an option, and if so how do you guys do it?

Thanks and kind regards!

1 Like
2

Hello.
I found this post as part of looking to do something similar with SoftEther and Fly.

To answer your questions,

  1. To deploy containers, you want to package your application into a Docker Image by making a Dockerfile like you said.
  2. Then configuration of your server can be stored in a persistent file on a Fly Volume, or provided via Fly Secrets. To update files in a volume is the same as modifying any other file on Linux. That can be performed by your server, or by a user over SSH (using flyctl ssh console). To update secrets can be done via the Fly CLI (using fly secrets set), then your app can consume them via accessing environment variables.
  3. There should be nothing to stop you from doing backups to Wasabi S3 from the Fly server.

Additional concerns:

  • Make sure you expose all the necessary ports in your Dockerfile.
  • Unless your VPN supports connections over TCP, or your ISP supports IPv6, you will likely need to allocate a dedicated IPv4 address for your application if it expects connections over UDP.

If you have any open source code I could reference, let me know!