Wireguard Docker on a VPS: accessing other containers / services on VPS server


I have a VPS with Docker set up to install various applications / services via containers. For example, I have Portainer set up as a service via a container, and I access the web ui via the address mydomain:9000. To make the server more secure, I would like to leverage the firewall service offered by the VPS provider: block everything except ports 22 (SSH), 80 (http), 443 (https), and 51820 (VPN). That way, the URL mydomain:9000 is no longer accessible by the public. Now, in order for me to access portainer, I was able to set up Wireguard provided by linuxserver.io. My setup is pretty standard, and I was able to connect to the VPN via a Wireguard client after setup.

My question is this: what do I need to do in order to access the VPS server at 9000 behind VPN? I know if the server was on my LAN, I could leverage site-to-site VPN to add the LAN IP list via the SERVER_ALLOWEDIPS_PEER_<peer name or number> environment variable in the docker yaml file. However, this is a VPS, so I’m unsure what I have to do. I did try this with the VPS’s public IP, but it didn’t work, probably because the VPS Firewall is blocking it.

I know an alternative to get access to the Portainer service is to set up an nginx server with reverse proxy pointing to port 9000. However, my goal is to only allow access if I VPN into the VPS.

Thank you for any help or suggestions you may be able to provide.