Wiredoor: Securely Expose Private Services with Reverse VPN Magic

Exposing private services to the internet is traditionally a messy affair — it usually involves port forwarding, firewalls, VPNs, or jumping through hoops with third-party tunnels and ingress controllers.

But what if there was a secure, self-hosted way to do it all — using just WireGuard and NGINX — without giving up control?

Meet Wiredoor.


🌐 What Is Wiredoor?

Wiredoor is an open-source ingress-as-a-service platform designed for securely exposing services from private networks to the internet. It uses a reverse VPN tunnel (powered by WireGuard) and a built-in NGINX reverse proxy to forward requests to your local services — no matter where they are.

Whether you’re a developer, sysadmin, or just privacy-conscious, Wiredoor gives you complete control of how your internal services become externally available — without relying on a public cloud provider.


🔐 Why Wiredoor?

Here’s what makes Wiredoor stand out:

  • Reverse VPN with WireGuard: Secure, high-performance tunneling from internal nodes to the internet-facing gateway.
  • NGINX Reverse Proxy: Routes traffic efficiently and supports HTTPS, WebSockets, and subdomain mapping.
  • OAuth2 Authentication: Restrict access with Google, GitHub, or any OIDC provider using OAuth2-Proxy.
  • Automatic SSL: Built-in Let’s Encrypt integration for public domains, or use self-signed certs for internal use.
  • Web UI: Manage nodes, services, and domains from a sleek, browser-based interface.
  • Flexible Deployments: Works in Docker, Kubernetes, bare-metal servers, IoT devices — anything with Linux.
  • CLI Client: Register and expose services easily from the terminal with wiredoor-cli.

And of course, it’s fully open source and 100% self-hosted.


⚡ Quickstart: Get Wiredoor Running in Minutes

You’ll need:

  • A Linux VPS with Docker
  • Open ports: 80, 443, and 51820/UDP (VPN)
  • A domain (optional but recommended)

Step 1: Deploy the Wiredoor Server

git clone https://github.com/wiredoor/docker-setup.git
cd docker-setup
cp .env.example .env
nano .env   # Edit admin email, password, hostname/IP, and ports
docker compose up -d

Step 2: Log in to the Web UI

Go to https://your-server-domain-or-ip in your browser, and log in with the credentials you set in .env.

Now you’ve got the control panel to manage everything — nodes, domains, and services.


🖥️ Expose Your First Private Service

Now, install the Wiredoor CLI on your local device (or any internal machine):

curl -s https://www.wiredoor.net/install-wiredoor-cli.sh | sh

Then connect it to your server:

wiredoor login --url=https://your-server-domain-or-ip

And expose a service running on port 3000:

wiredoor http myapp --domain app.yourdomain.com --port 3000

Make sure app.yourdomain.com points to your Wiredoor server’s public IP. Wiredoor will handle SSL, tunneling, and routing for you.


🔧 Advanced Use Cases

Wiredoor works great in more complex environments too:

  • Docker Gateway: Drop-in sidecar container to expose services in Compose stacks.
  • Kubernetes: Use the Helm chart to expose services from inside your cluster.
  • IoT Networks: Expose dashboards, logs, or remote device control panels from isolated networks.
  • Site-to-Site VPN: Use gateway nodes to bridge entire networks, not just individual services.

🔒 Designed with Security in Mind

Wiredoor doesn’t compromise on security. You get:

  • Encrypted VPN connections (WireGuard)
  • Fine-grained OAuth2 access controls
  • Secure session handling
  • Automatic certificate renewal
  • Brute-force resistant login with admin PIN/password

You control your ingress — not some third-party SaaS provider.


✅ Ideal Use Cases

  • Share a dev or staging app with your client — securely
  • Access internal dashboards (like Prometheus, Grafana, etc.) from anywhere
  • Replace complex OpenVPN/ZeroTier setups with a simple alternative
  • Expose IoT devices, edge services, or legacy systems with minimal configuration

📦 100% Open Source, Self-Hosted

Wiredoor is maintained by developers who care about privacy, control, and simplicity. You can inspect, modify, or host it yourself — no vendor lock-in.

Check out the source code, contribute, or just star the repo to support the project:

👉 GitHub: wiredoor/docker-setup


Final Thoughts

Wiredoor offers a refreshing take on secure service exposure. If you’re tired of fragile SSH tunnels, overpriced third-party solutions, or clunky VPN setups — give Wiredoor a try.

It’s simple, self-hosted, and made for people who want to control their own infrastructure.

Post Comment

You May Have Missed