this post was submitted on 13 Jul 2023
40 points (91.7% liked)

Selfhosted

39435 readers
4 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

So everyone is talking about cloudflare tunnels and I decided to give it a shot.

However, I find the learning curve quite hard and would really appreciate a short introduction into how they work and how do I set them up…

In my current infrastructure I am running a reverse proxy with SSL and Authentik, but nothing is exposed outside. I access my network via a VPN but would like to try out and consider CF. Might be easier for the family.

How does authentication work? Is it really a secure way to expose internal services?

Thanks!

you are viewing a single comment's thread
view the rest of the comments
[–] lchapman 4 points 1 year ago* (last edited 1 year ago) (1 children)

Here’s how I do it: https://blog.lchapman.dev/self-hosting-foundations/

Note: blog isn’t monetised, I just write things up to make them easier to share with people.

Basically, I use a cloud VM as a gateway and reverse proxy to my services which are accessible via VPN. It’s not free, but it’s pretty cheap.

I have a friend who is using Cloudflare for this. He has a domain and he can access his services at domain.tld:port. Not bad, and it’s free. He could have his tunnel pointed at Caddy like I do and use subdomains, but he hasn’t got that far yet.

I prefer my method but both seem to get the basic functionality working.

[–] [email protected] 1 points 1 year ago (1 children)

Thanks for the write up! I’ll definately check out your blog as well. A cloud gateway is something I’ve considered as well (especially when the costs are around $5 monthly). How do you handle authentication?

[–] lchapman 1 points 1 year ago

Currently I don’t have an auth service sitting in front of my other services, it’s just whatever auth is built into each app and saved passwords.

That said, I’ve deployed Authentik at a workplace and really enjoyed working with it, using it for SSO for a variety of services. I’ll implement it on my own platform soon.