What's the best way to forward a local port to a port on a remote machine that minimizes latency?

Question

For this question, assume all computers involved are running the most-recent Ubuntu LTS release (or similar, such as Ubuntu Server).

I have a computer on my LAN. Let's call it "Local Server", and we'll say it has an IP of 192.168.1.2. I also have a cloud VPS, called "Public Server" Let's also say we have a DNS A record that says that server.example.com goes to the public IP address of my VPS. For simplicity's sake, we'll assume there isn't a firewall on it, even though there would be in reality.

I'm going to put a web server onto Local Server:

$ sudo apt update && sudo apt install nginx
...
$ sudo systemctl start nginx
...

From another computer on 192.168.1.0/24, I'll do curl 192.168.1.2:80 to ensure it works:

$ curl 'http://192.168.1.2:80'
[The HTML for the welcome to NGINX page]

It works, great. However, I want to make it so that port 8080 on Public Server (a.k.a. the VPS) is 'mapped' to port 80 on Local Server. I.e., I want a third computer called "Client Machine" to be able to curl http://server.example.com:8080, and then the VPS gets that request, passes it back to Local Server, gets the response from Local Server, and gives the response to "Client Machine". But, I want it to appear to Client Machine as if Public Server had just handled the request directly.

There's a few caveats, though:

• The service isn't really a web server, despite me using it as an example. So it actually needs to deal with the traffic - an HTTP reverse-proxy won't work
• Local Server cannot be port-forwarded at all
• Other ports on the cloud VPS can be used, for example, Local Server might connect to one for communication between Local Server and the VPS
• Running my app on the VPS directly is not an option here
• I care first and foremost about latency for responses - I'm running a game server, so latency is more important than raw throughput

Here's some options that I've found:

• rathole
• SSH port forwarding (ssh cocomac@server.example.com -R 0.0.0.0:8080:localhost:80, GatewayPorts also needs to be yes in sshd_config)

What's the best way to do this that minimizes latency as much as possible?

Answer 1

Generally answering your general question i.e. "What are my options?" ... You can later choose and ask a new question about one specific method to get a specific detailed answer if you wish.

No Firewall/NAT required (ordered by least latency first)

• Domain masking (AKA "DNS framed forwarding" or "URL frame"):

  This will redirect the visitor to an alternate URL that you choose while keeping your domain name in the title/address field ... It depends on your domain name service provider ... However, most service providers have it ... See for example:

  Examole #1

  Example #2

• SSH(or alternatives) tunneling:

  This will create a tunnel between a source and a destination machine to send/forward requests from the source to the destination machine and receive replies in the background ... See for example Secure Shell tunneling.

• Remote fetching by means of a local service:

  This method requires that you configure a service(can also rely on common services like a script file on a web server) on a certain port/URL that will process the incoming request, fetch response from the remote machine/URL and display it after processing to the visitor.

Firewall/NAT required

• DNAT(Destination NAT):

  This will forward the request sent to one machine on a certain port to another machine in the background without the visitor noticing or knowing ... Obviously, if the other machine is also behind a Firewall/NAT, popper ordinary port forwarding will be required as well on its end ... See for example Destination NAT with netfilter (DNAT).