This is a cool idea:

Instead of port forwarding to self-hosted services, he runs a Cloudflare Tunnel that opens in a quarantined network.

More resilient than DDNS, obscures your IP, safe against DDOS attacks, and doesn't open your entire LAN to the internet.

@PsychoLlama don't you end up placing a lot of trust in Cloudflare with this approach? It seems like a great solution that solves a few big problems, but I believe Cloudflare is remotely decrypting (if its leaving your hardware encrypted) and re-encrypting the contents. If that's true, Cloudflare could MITM attack or read/collect/share your data. May not matter too much if its only serving up a public blog, but I'm hesitant to serve anything private/sensitive over this solution.

@deriver Great point. I think you're right, they control the certificates so they have a dangerous amount of power. I hadn't thought about that... 😦

@PsychoLlama @deriver I read the post and I liked the idea too except the cloudfare part in the same way as @deriver said. So I was looking for an alternative and there are a lot, this is one I am reading and I found it interesting.

@jrballesteros05 @PsychoLlama hadn't heard of this before - it looks interesting. It seems conceptually similar to setting up a VPN on a VPS (including the amount of work/maintenance). Any reason to do this over using a VPN?

@deriver @PsychoLlama I haven't used these kind of services, I actually rather the VPN but I find it interesting in case you have to expose a service to non-secure networks. With the VPN you have to connect to the VPN first before accessing to the service. Sometimes you need a service exposed directly without the need to configure a VPN access.

These kind of tools sound interesting for people who normally self host their applications.

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.