Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
I have never used it, so take this with a grain of salt, but last I read, with the free tier, you could not secure traffic between yourself and Cloudflare with your own certs which implies they can decrypt and read that traffic. What, if anything, they do with that capability I do not know. I just do not trust my hosted assets to be secured with certs/keys I do not control.
There are other things CF can do (bot detection, DDoS protection, etc), but if you just want to avoid exposing your home IP, a cheap VPS running Nginx can work the same way as a CF tunnel. Setup Wireguard on the VPS and have your backend servers in Nginx connect to your home assets via that. If the VPS is the "server" side of the WG tunnel, you don't have to open any local ports in your router at all. I've been doing that, originally with OpenVPN, since before CF tunnels were ever offered as a service.
Edit: You don't even need WG, really. If you setup a persistent SSH tunnel and forward / bind a port to your VPS, you can tunnel the traffic over that.
I have the same setup but using frp which stands for fast reverse proxy.
The term VPN is pure marketing bs. What is called VPN today used to be called Proxy Server.
I've also heard good things about using Pangolin for the same setup.
Perhaps if you are only talking about the consumer level stuff advertised on TV. Otherwise I can assure you that "Virtual Private Networks" are a real thing that have absolutely nothing to do with Proxy Servers.
On down the comment chain you mention "...our computers would not see each other and would not be able to connect to each other via that service. " as some kind of test of whether a thing is a VPN or Proxy Service but what you're missing is that this is a completely common and advisable configuration for companies. In fact Zero Trust essentially demands configurations like this. When Bob from Marketing fires up his VPN to the Corporate Office he doesn't need access to every server and desktop there nor does his laptop need to be able to access the laptops of other VPN users. They get access to what they need and nothing more.
Hell the ability to access the internet via the tunnel, called Split Tunneling, is also controllable.
It's that ability to control where the tunnel terminates that allows consumer VPNs, like Proton, to be used the way they are.
So while private individuals absolutely do use VPNs as an ersatz replacement for Proxy Servers they are nowhere near the whole use case for VPNs.
you can do the same split tunneling via proxy servers
I agree. That also means that for certain usecases they are equivalent. It's sometimes worth checking all options to find the best one for that specific case.