My ISP provide me with good IPv6 connection with support of opening ports how I like. But IPv4 is behind a CGNAT and makes me unable to host a service on the legacy Internet.
Unfortunetely some of my friends I want to host (Jellyfin and Nextcloud) for does not have modern Internet connection, so I have to put some proxy.
Now I need suggestions of a solution. VPN on some VPS they would need to connection to is one of them, but it should be as simple for them to use as possible.
Fair enough yeah. :)
The OP can solve that potential security issue with this option: https://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from on the local server nginx:
http { (...) real_ip_header X-Real-IP; set_real_ip_from [2a03::aaaac::1]; # Replace with the VPS IPv6 address. }This will make sure only the VPS is allowed to override the real IP.