I am trying to set up a VPS off-network with boringproxy to connect to a server on the network. I could set up the DNS with boringproxy and connect both the server and the client. But, after I created a tunnel for a program, I get this error on the client for every connection, and the connection resulted in a browser SSL Protocol error.
TLS handshake error from **.***.**.***:*****: no certificate available for '**.**.duckdns.org'
Followed both video guides, nothing very different from them except for domain and ports.
I was also wondering how to make this work with Nginx Proxy Manager. Do I need to open a tunnel to NPM’s port (81) or leave it working on 80 and 443?
Can you try different values of TLS Termination? Server HTTPS is probably the most reliable, but you give up e2ee. If that works though we can move forward from there.
I tried out Server HTTPS, and now the client side of the connection is trying and failing to create a new certificate. It might be because I created and removed the tunnel a few too many times. Still, the few times I tried it, the connection would now, instead of producing an SSL Protocol error and claiming there is no certificate, it does not recognize connections. Let me try again in a bit, and I’ll get back to you to see if something has changed or is still reporting the same errors.
Ok, after trying Client HTTPS again, one more time just in case, and then trying Server HTTPS, it still will not cooperate. I removed and created a new domain with a similar name, but it still has the same subdomain names. It’s just a fresh domain to see if that could have been an issue. No luck.
Client HTTPS does not recognize any connections, while Server HTTPS does now, when it feels like it, recognize connections but report the same no certificate error. Sometimes, it gets a connection, sometimes it doesn’t. I hope my removing the tunnel to then make the tunnel again with different settings isn’t screwing with anything too much.
At one point I did receive a TLS Handshake error EOF, but that disappeared, and also one for the domain itself not having a certificate instead of the subdomain, but that also disappeared. It’s acting really inconsistent now. I’m getting more confused and lost with this thing.
If you are using Server HTTPS, and are 100% sure you have A and AAAA DNS records pointed at the correct IPv4 and IPv6 addresses, and you’re 100% sure your firewall is open, it should work.
If it’s not working I’d recommend using Cloudflare Tunnel, frp, or another more production-ready solution.
I’ll be releasing the beta of my replacement for boringproxy soon, which you might have more luck with.
I am going to check everything again, but from what I read, your new replacement seems to be up to more of the task than currently what boringproxy has, although it in itself is already pretty handy as it is presently quick and easy to set up.
Maybe overall, it is something on my end, or maybe my router is doing something screwy. Ports are correctly open on the router, even though I don’t have full access due to the service limiting ports I can use, and I believe but have not fully confirmed I am stuck behind NAT, hence why I am trying to use something like boringproxy and rathole in the first place.
I have used stuff like Tailscale, which works and is secure, except it isn’t designed for what I am trying to do, and I am trying to expose my service publically. There is also playit.gg, which works, except they give weird random domains. The domains get flagged by antivirus because some people decided to do malicious stuff with their service, getting them flagged, or it’s because of the weird naming scheme.
I tried out Rathole, another tunnel proxy, before boringproxy, but it did not cooperate either. I have heard of frp, and was going to try that out next. As for Cloudflare, I know it’s a good solution out there, but I want to see if I can self-host as much as I can without needing another separate service, as I already have DigitalOcean for the VPS.
Anyway, thank you for all your help. I will probably give this up for now and either wait until I can use a service I do have complete control over or use another alternative and see how it handles what I am trying to accomplish.