this post was submitted on 09 Jan 2024
40 points (95.5% liked)

Selfhosted

40394 readers
325 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I read a comment on here some time ago where the person said they were using cloudflared to expose some of their self-hosted stuff to the Internet so they can access it remotely.

I am currently using it to expose my RSS feed reader, and it works out fine. I also like the simplicity of Cloudflare's other offerings.

Any thoughts on why cloudflared is not a good idea? What alternatives would you suggest? How easy/difficult are they to setup?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 10 months ago* (last edited 10 months ago) (1 children)

Using CloudFlare and using the cloudflared tunnel service aren't necessarily the same thing.

For instance, I used cloudflared to proxy my Pihole servers' requests to CF's DNSoHTTPS servers, for maximum DNS privacy. Yes, I'm trusting CF's DNS servers, but I need to trust an upstream DNS somewhere, and it's not going to be Google's or my ISP's.

I used CloudFlare to proxy access to my private li'l Lemmy instance, as I don't want to expose the IP address I host it on. That's more about privacy than security.

For the few self-hosted services I expose on the internet (Home Assistant being a good example), I don't even both with CF at all. use Nginx Proxy Manager and Authelia, providing SSL I control, enforcing a 2FA policy I administer.

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago) (1 children)

Actually you dont need to trust a upstream DNS server. Checkout dnscrypt-proxy in github. You can use dnscrypt with Anonymized DNS relays. You can use the IP of this dnscrypt-proxy as your DNS resolver.

[–] [email protected] 1 points 10 months ago

Yeah, I cam across this project a few months ago, and got distracted before wrapping my head around the architecture. Another weekend project to try out!