Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
I have never used it, so take this with a grain of salt, but last I read, with the free tier, you could not secure traffic between yourself and Cloudflare with your own certs which implies they can decrypt and read that traffic. What, if anything, they do with that capability I do not know. I just do not trust my hosted assets to be secured with certs/keys I do not control.
There are other things CF can do (bot detection, DDoS protection, etc), but if you just want to avoid exposing your home IP, a cheap VPS running Nginx can work the same way as a CF tunnel. Setup Wireguard on the VPS and have your backend servers in Nginx connect to your home assets via that. If the VPS is the "server" side of the WG tunnel, you don't have to open any local ports in your router at all. I've been doing that, originally with OpenVPN, since before CF tunnels were ever offered as a service.
Edit: You don't even need WG, really. If you setup a persistent SSH tunnel and forward / bind a port to your VPS, you can tunnel the traffic over that.
I have the same setup but using frp which stands for fast reverse proxy.
The term VPN is pure marketing bs. What is called VPN today used to be called Proxy Server.
I've also heard good things about using Pangolin for the same setup.
I used to use HAProxy but switched to Nginx so I could add the modsecurity module and run WAF services. I still use HAProxy for some things, though.
Oh I forgot to say: I have crowdsec on the VPS in front of frp and traefik on the server at my home, where I add all the modules I want.
frp just pipes all the packets through transparently.
But yeah, same thing, should work the same and there are dozens of ways to set that all up.
I've been looking into crowdsec for ages now and still haven't gotten around to even a test deployment. One of these days, lol, and I'll get around to it.
It's pretty neat and I feel like there is a clear value exchange for both parties in the free tier, so less shady than cloudflare.
Don't see an issue yet even though they are crowdsourcing their list generation. At least they are giving you something for it or you can take it. But if you do you get smaller lists.