this post was submitted on 09 Jan 2024
40 points (95.5% liked)

Selfhosted

40394 readers
325 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I read a comment on here some time ago where the person said they were using cloudflared to expose some of their self-hosted stuff to the Internet so they can access it remotely.

I am currently using it to expose my RSS feed reader, and it works out fine. I also like the simplicity of Cloudflare's other offerings.

Any thoughts on why cloudflared is not a good idea? What alternatives would you suggest? How easy/difficult are they to setup?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 10 months ago (1 children)

I have a cloudflare tunnel setup for 1 service in my homelab and have it connecting to my reverse proxy so the data between cloudflare and my backend is encrypted separately. I get no malformed requests and no issues from cloudflare, even remote public IP data in the headers.

Everyone mentions this as an issue, and I am sure doing the default of pointing cloudflared at a http local service but it's not the ONLY option.

[–] [email protected] 3 points 10 months ago (1 children)

I'm not quite sure I get what you're getting at. If you're using Cloudflare (for more than just a nameserver), then the client's browser is connecting to Cloudflare via a Cloudflare SSL certificate. Any password (or other data) submitted will be readable by Cloudflare because the encryption is only between the browser and Cloudflare. They then connect to your reverse proxy, which might have SSL or it might be unencrypted. That's a second jump done by re-encrypting the data.

How does the reverse proxy help, when the browser is connecting to Cloudflare not to the reverse proxy?

[–] [email protected] 2 points 10 months ago

Fair, I was more thinking from the server side not the client side where cloudflare certs are the ones seen first.