I wrote a tunneling service called Packetriot that is similar. It's probably slightly older than inlets. However, it's not an opensource project. The tunnels are assigned static hostnames and the servers you connect to are static as well, so setting up CNAME and A records for custom sites are simple. You can host any number of websites or services behind a single tunnel.

Let's Encrypt is built-in and can manage all of your certs automatically. The client can serve static assets and upstream to app servers, so you can eliminate the need for an extra web server running in your environment.

There are packages for Deb, RPM, containers, mac and windows, and for almost all architectures (x86/amd64/arm32/arm64).

I designed the service for 24/7 operation so uptimes for tunnels are weeks at a time. They auto-reconnect if there's a connection drop. You can find it here: https://packetriot.com

Do you have anything written up about your wireguard setup?

Very soon. You can always email me at hn@sdan.cc if you want immediate help (although I'll probably go over every point in the blog posts).

But as a summary:

Small GCP instance as "hub"

Server #1 connects to the "hub" redirecting all traffic binded to 0.0.0.0 on ports 80 and other specific ports

Server #2 connects to the "hub" redirecting exactly the same as server #1 but on different ports for different reasons...

Then Traefik(loadbalancer) basically tunnels all traffic for the numerous websites I have running through port 80 on server #1 (note that all my websites are running on server #1, server #2 is just for other non-external tasks).

I set it up such that there's only a single TCP connection from the user to the server (instead of user ->gcp->my server).

Anyways, it's super cool, super efficient, super easy, and best of all, free. I'll update you on when I make that blog post.

Thanks, that'd be great and very much appreciated. I was about to look into that direction, because it seems to make a lot of sense, but haven't gotten around to it...