# Wireguard and Nginx

The purpose of this test is to check if we can restrict access to a service provided through NGINX to only be accessible for clients connecting through a Wireguard VPN.

This would allow for having internal webpages that can only be reached by users that have access through the VPN. These provides some cool stuff:
- An additional layer of security on top of application/service credentials.
- Perfect protection against sniffing between our member devices and all our services.
- The possibility to fully unplug any user at will by simply removing his keys from the Wireguard VPN config.

## Test plan

- [ ] Get a VPS in 1984.hosting
- [ ] Install Ubuntu Server
- [ ] Install Wireguard
  - https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-22-04
- [ ] Install client and check that VPN is working fine
- [ ] Deploy silly webpage with containerized Nginx and open access in the same VPS
- [ ] Validate that Nginx is reachable through clearnet without VPN
- [ ] Modify Nginx config to only listen to requests coming from the VPS localhost
- [ ] Validate that Nginx is not reachable through clearnet without VPN
- [ ] Validate that Nginx is reachable through clearnet without VPN

## Test logs

Drop notes here as we try stuff