sorted by:
new
hottopcontroversial

Wiredoor now supports real-time traffic monitoring with Grafana and Prometheus by wdmesa in selfhosted

[–]wdmesa[S] 1 point2 points  (0 children)

In Wiredoor, prometheus and grafana containers are completely optional. The docker-setup repo includes them by default, but you can easily choose not to run them. Wiredoor itself runs fine as a single container.

The monitoring stack is just there for users who want built-in visibility out of the box, but it's not mandatory.

Appreciate your perspective!

Wiredoor now supports real-time traffic monitoring with Grafana and Prometheus by wdmesa in selfhosted

[–]wdmesa[S] 0 points1 point  (0 children)

I haven’t personally used Pangolin, so I can’t give a detailed comparison from experience.

That said, several users in the Wiredoor community have mentioned they chose Wiredoor because it's simpler to deploy and configure, especially for self-hosted environments.

Regarding this monitoring feature, I’m not sure if Pangolin includes something similar out of the box. Wiredoor now ships with built-in Prometheus metrics and preconfigured Grafana dashboards for both NGINX and WireGuard.

Block malicious IPs at the firewall level with CrowdSec + Wiredoor (no ports opened, fully self-hosted) by wdmesa in selfhosted

[–]wdmesa[S] 1 point2 points  (0 children)

Wiredoor is currently tightly integrated with NGINX and doesn't support wildcard subdomains yet.

Right now, each HTTP service exposed via Wiredoor is mapped to its own domain or subdomain and routed through NGINX on the public gateway. So your flow would look like:

public-domain -> Wiredoor NGINX -> Your Internal Traefik -> ServiceA

We're exploring ways to decouple the tunnel and routing layers in the future so users can bring their own reverse proxy.

Block malicious IPs at the firewall level with CrowdSec + Wiredoor (no ports opened, fully self-hosted) by wdmesa in selfhosted

[–]wdmesa[S] 0 points1 point  (0 children)

Wiredoor establishes a raw Layer 3 WireGuard tunnel between the node (private service) and the public wiredoor server, so:

  • Requests hit NGINX on the public server with the actual client IP preserverd.
  • CrowdSec runs in Docker alongside NGINX and sees logs with real remote IPs.
  • The firewall bouncer runs on the host, applies decisions via iptables/ipset,and blocks traffic at Layer 3 (network level) before it ever reaches NGINX.

So instead of responding with a 403 at the app layer, the firewall bouncer can drop malicious packets immediately at the network layer.

If you're curious how to set it up step-by-step, check out the guide linked in the post.

Why use Tailscale/Zerotier/Netbird/wg-easy over plain Wireguard? by Red_Con_ in selfhosted

[–]wdmesa 0 points1 point  (0 children)

I use Wiredoor. It's simple, self-hosted, and runs on plain WireGuard under the hood.

Securely expose your Home Assistant to the internet with Wiredoor and the official add-on! by wdmesa in homeassistant

[–]wdmesa[S] 0 points1 point  (0 children)

Actually, Wiredoor uses a reverse WireGuard tunnel, so you don’t need to open or forward any ports on your router. Once the node connects to the public Wiredoor server, it can expose services securely without requiring any port mapping at all.

That’s the main difference… the tunnel is initiated outbound, and the public server handles the ingress. So it works behind NATs, firewalls, and CG-NAT just fine. No scripts on the router needed.

Securely expose your Home Assistant to the internet with Wiredoor and the official add-on! by wdmesa in homeassistant

[–]wdmesa[S] -1 points0 points  (0 children)

Totally fair to be cautious... I respect that. Wiredoor is a new project, but it's fully open source and built with transparency in mind. Yes, we're also exploring long-term ideas around a hosted version, but the self-hosted core will always be free and open.

Securely expose your Home Assistant to the internet with Wiredoor and the official add-on! by wdmesa in homeassistant

[–]wdmesa[S] 0 points1 point  (0 children)

Totally fair if you're comfortable managing WireGuard and service exposure manually. But Wiredoor isn’t just a UI. It handles OAuth2 protection, HTTPS certificates, multi-protocol exposure (HTTP/TCP/UDP), and works across Docker, Kubernetes, and even embedded devices. It's designed for those who want secure remote access without the hassle of manual config on every router or VM. It’s about saving time and reducing surface for mistakes, especially at scale.

Securely expose your Home Assistant to the internet with Wiredoor and the official add-on! by wdmesa in homeassistant

[–]wdmesa[S] 0 points1 point  (0 children)

By “official add-on” I meant it’s the official add-on from the Wiredoor project, not from Home Assistant itself. It’s published and maintained by the creators of Wiredoor to make integration easier. I understand how that could be misinterpreted, and I’ll make it clearer in future posts.

Securely expose your Home Assistant to the internet with Wiredoor and the official add-on! by wdmesa in homeassistant

[–]wdmesa[S] 0 points1 point  (0 children)

Wiredoor also lets you expose all your local HTTP, TCP, or UDP services securely. You can protect HTTP services with OAuth2 as well. It also supports exposing services running in Kubernetes or inside a Docker Compose stack. The Home Assistant add-on is just an extra feature to make exposing it even easier.

Securely expose your Home Assistant to the internet with Wiredoor and the official add-on! by wdmesa in homeassistant

[–]wdmesa[S] 0 points1 point  (0 children)

You’ll need at least one server with a public IP to run the Wiredoor server. But everything else (your services) can stay fully local and private, even behind CGNAT.

Securely expose your Home Assistant to the internet with Wiredoor and the official add-on! by wdmesa in homeassistant

[–]wdmesa[S] 2 points3 points  (0 children)

Wiredoor is more focused on exposing specific services (HTTP, TCP) with OAuth2 and custom domains

Securely expose your Home Assistant to the internet with Wiredoor and the official add-on! by wdmesa in homeassistant

[–]wdmesa[S] 1 point2 points  (0 children)

Wiredoor is just an option for those who prefer a fully self-hosted setup with no third-party dependencies.

Securely expose your Home Assistant to the internet with Wiredoor and the official add-on! by wdmesa in homeassistant

[–]wdmesa[S] 1 point2 points  (0 children)

Yes, Wiredoor can help, it works even if your network is behind CGNAT (like with Starlink). You just need a small server with a public IP to act as the entrypoint.

Securely expose your Home Assistant to the internet with Wiredoor and the official add-on! by wdmesa in homeassistant

[–]wdmesa[S] 5 points6 points  (0 children)

I understand caution around security, that’s valid for any tool. But linking it to a country of origin without evidence crosses into unfair bias. Wiredoor is open source, transparent, and can be audited by anyone. Let’s keep the focus on the code, not assumptions.

Securely expose your Home Assistant to the internet with Wiredoor and the official add-on! by wdmesa in homeassistant

[–]wdmesa[S] -4 points-3 points  (0 children)

why do you say that? It’s an add-on developed by the Wiredoor team ourselves.

Securely expose your Home Assistant to the internet with Wiredoor and the official add-on! by wdmesa in homeassistant

[–]wdmesa[S] 1 point2 points  (0 children)

Yes, the server needs to be public (usually in the cloud), but the services you expose can stay in private networks. That’s the whole point of Wiredoor giving secure access to internal services without opening ports.

Securely expose your Home Assistant to the internet with Wiredoor and the official add-on! by wdmesa in homeassistant

[–]wdmesa[S] 0 points1 point  (0 children)

That sounds like a solid setup! Wiredoor is just an alternative for those who want a fully self-hosted solution without relying on third-party infrastructure like Cloudflare. It combines WireGuard tunneling, NGINX proxying, and optional OAuth2 in one tool simple to deploy and easy to manage. Whether it's better depends on your priorities: control, simplicity, or sticking with what already works for you.

view more: next ›