Selfhosted

46677 readers

500 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

[email protected]

Cloudflare Tunnel Alternatives (piefed.social)

submitted 4 days ago by [email protected] to c/[email protected]

16 comments fedilink hide all child comments

I am currently self hosting multiple services with Docker containers. A file server, Kiwix with Wikipedia and a PieFed instance sitting behind a Caddy reverse proxy. The PieFed instance is not federated and is more acting like a forum which is meant for a local community within a city. If I do federate in the future, it would be to whitelisted instances from within my physical local community. I am also hosting from behind a Cloudflare Tunnel since my ISP blocks incoming data on lower ports.

I was hesitant to use Cloudflare originally but decided to use it since it was the most suggested recommendation. Now that America and American companies are losing trust world wide, I'd like to explore some other options for tunneling.

Since what I am hosting isn't really meant for a large user base, I am okay with losing some of the security offered by Cloudflare's free tier services. I'll probably look into setting up Fail2Ban and rate limiting to stop a single petty person but that would be something I can do at a later time.

What would be some options to look into when it comes to tunneling behind an ISP with blocked lower ports?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 20 points 4 days ago (3 children)

I recommend it every time this question pops up and I'm surprised more people aren't privy to it:

Rent a VPS as your public gateway. Connect the VPS to your server with a simple wireguard tunnel.

The only thing on the VPS should be a reverse proxy with SSL/TLS pass through.

Send the traffic at the VPS reverse proxy to a reverse proxy on the main server. Configure this proxy to use letsencrypt certs.

The benefit and importance of the SSL pass through reverse proxy, is that it allows all data in transit to remain encrypted until it reaches your physical server. Traditionally, most would suggest the one and only reverse proxy exist on the VPS but all traffic would then be decrypted on the VPS. This could obviously compromise your traffic if the VPS provider snoops or your VPS is compromised.

Cloudflare tunnels decrypt on their hardware as well, which is why I always recommend avoiding their services.

[–] [email protected] 7 points 4 days ago (2 children)

A question I have about this setup, because I've been contemplating out myself: If all the traffic flows through the VPS, I presume that will count against any usage limits / cost per GB with the VPS, right? Have you found that to be a problem with large file transfers or video streaming?

[–] [email protected] 1 points 3 days ago

Yes, it will count towards your bandwidth.

I typically don't get anywhere close to this though.

The few times I did were due to initiating large backups between devices, upwards of 2TB. But I've since moved my backup system to a mesh network and haven't hit bandwidth overages since.

load more comments (1 replies)