Do you have any guides on the same level as simplicity as this one? It seems while we always bring up wireguard, its a big topic with few good places to get hand hold on.
I can't share the code since it's internal but here's the broad strokes.
* Start with a "gateway" managing your WireGuard "PKI". Basically a group of Wireguard servers with an API that have synced configs.
/proxies - Your frontend servers.
/endpoints - Your backend servers.
/gateways - WireGuard servers that your frontend and backend can reach.
* Gateway authenticates your proxies and endpoints and they both hit a /config endpoint to pull something that can be shoved into wg-quick. AllowedIPs restricts what the proxy is allowed to reach.
* Proxies handle user-auth like any web service and then act as a reverse proxy to the endpoints using the Wireguard internal address.
Nothing at all fancy except that in a normal deployment your frontend and backend would be live in the same datacenter and so you don't need any WireGuard BS.
This provides a model where our devs can hit a public endpoint that reverse proxies to their laptops.
