# How to Use Netmaker with a Reverse Proxy {% embed url="" %} ### Overview If you would like to publicly expose a service in your local network, you likely need a reverse proxy. You want the local service to be reachable over the public internet, but you want to do it securely. This article shows you how to use Netmaker to help reverse proxy traffic with WireGuard tunnels, and expose your local services to the world. In this example, we assume you already have: 1. a Netmaker server 2. a local service (in this example, a web server) With these in mind, you simply need to: a. Join the Netmaker network from the local resource or b. set up a forwarding node in the local network (Egress) After that, you will 1. deploy a reverse proxy server in the cloud 2. deploy a Netmaker node on that server. After this is completed, your service will now be accessible to the internet, using a secure tunnel over the web. ### 1. Make the Service Accessible from Netmaker To make the service accessible from Netmaker, you need to either deploy the Netclient on the local server, or set up forwarding to the local server using the Netclient and Egress from a co-located server. See the documentation on deploying the Netclient [here](/getting-started/operations-field-guide/deploying-the-netclient.md). If you've done this on the same server as your service, you can move on to the next step.
#### Join the Network from a co-located device and forward traffic Using a forwarding node (Egress) allows you to easily forward traffic to the target service. This is also a great approach if you have multiple services in the local environment you would like to expose. To deploy egress, check out the documentation [here](/features/egress.md).
### 2. Deploy a Reverse Proxy and Netclient Node in the Cloud Next, we need a public service running in the cloud to forward our traffic. You will need to deploy a server to use for this purpose, which should have a public IP. Once that is deployed, you will need a reverse proxy. For this example, we'll use [Caddy](https://caddyserver.com/). On your node that will run the proxy: 1. Install docker if it’s not installed. 2. Install the Netclient and join the network, as in Step 1. 3. Create a file /root/Caddyfile as follows: ``` http://yyy.yyy.yyy.yyy { reverse_proxy http://xxx.xxx.xxx.xxx:8090 } ``` xxx.xxx.xxx.xxx is replaced by: a. The private IP address of the Netclient in the local (if Netclient is deployed on the same server as the webserver) or b. The local address of the webserver (if Netclient has been set up as Egress) yyy.yyy.yyy.yyy is replaces by: * the public IP address of the server hosting the proxy. Create a file /root/docker-compose.yml as follows: ``` version: "3.4"services: caddy: image: caddy:latest container_name: caddy restart: unless-stopped network_mode: host # Wants ports 80 and 443! volumes: - /root/Caddyfile:/etc/caddy/Caddyfile - caddy_data:/data - caddy_conf:/config volumes: caddy_data: {} caddy_conf: {} ``` Run `docker-compose up -d` and confirm that the container starts as shown by a message like this ``` Creating caddy ... done ``` Run `docker ps` and confirm that `caddy`is in the list ### 3. Test Reaching Your Service from Another PC From your browser, try reaching the public IP by visiting this URL from a browser ``` http://yyy.yyy.yyy.yyy:8090 ``` ### Conclusion You’ve been able to reach your local service from a machine on another physical network via the secure Netmaker network indirectly (via the reverse proxy). Congratulations! You’ll want to clean up by urning off the service: close the main.go process on your web server which you can do by killing the process after getting the PID via ``` ps -eaf | grep main.go ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://learn.netmaker.io/how-to-guides/how-to-use-netmaker-with-a-reverse-proxy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.