So everyone is talking about cloudflare tunnels and I decided to give it a shot.
However, I find the learning curve quite hard and would really appreciate a short introduction into how they work and how do I set them up…
In my current infrastructure I am running a reverse proxy with SSL and Authentik, but nothing is exposed outside. I access my network via a VPN but would like to try out and consider CF. Might be easier for the family.
How does authentication work? Is it really a secure way to expose internal services?
Note: blog isn’t monetised, I just write things up to make them easier to share with people.
Basically, I use a cloud VM as a gateway and reverse proxy to my services which are accessible via VPN. It’s not free, but it’s pretty cheap.
I have a friend who is using Cloudflare for this. He has a domain and he can access his services at domain.tld:port. Not bad, and it’s free. He could have his tunnel pointed at Caddy like I do and use subdomains, but he hasn’t got that far yet.
I prefer my method but both seem to get the basic functionality working.
Thanks for the write up! I’ll definately check out your blog as well. A cloud gateway is something I’ve considered as well (especially when the costs are around $5 monthly). How do you handle authentication?
Currently I don’t have an auth service sitting in front of my other services, it’s just whatever auth is built into each app and saved passwords.
That said, I’ve deployed Authentik at a workplace and really enjoyed working with it, using it for SSO for a variety of services. I’ll implement it on my own platform soon.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
Here’s how I do it: https://blog.lchapman.dev/self-hosting-foundations/
Note: blog isn’t monetised, I just write things up to make them easier to share with people.
Basically, I use a cloud VM as a gateway and reverse proxy to my services which are accessible via VPN. It’s not free, but it’s pretty cheap.
I have a friend who is using Cloudflare for this. He has a domain and he can access his services at domain.tld:port. Not bad, and it’s free. He could have his tunnel pointed at Caddy like I do and use subdomains, but he hasn’t got that far yet.
I prefer my method but both seem to get the basic functionality working.
Thanks for the write up! I’ll definately check out your blog as well. A cloud gateway is something I’ve considered as well (especially when the costs are around $5 monthly). How do you handle authentication?
Currently I don’t have an auth service sitting in front of my other services, it’s just whatever auth is built into each app and saved passwords.
That said, I’ve deployed Authentik at a workplace and really enjoyed working with it, using it for SSO for a variety of services. I’ll implement it on my own platform soon.