I read a comment on here some time ago where the person said they were using cloudflared to expose some of their self-hosted stuff to the Internet so they can access it remotely.

I am currently using it to expose my RSS feed reader, and it works out fine. I also like the simplicity of Cloudflare’s other offerings.

Any thoughts on why cloudflared is not a good idea? What alternatives would you suggest? How easy/difficult are they to setup?

  • DeltaTangoLima@reddrefuge.com
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    10 months ago

    Using CloudFlare and using the cloudflared tunnel service aren’t necessarily the same thing.

    For instance, I used cloudflared to proxy my Pihole servers’ requests to CF’s DNSoHTTPS servers, for maximum DNS privacy. Yes, I’m trusting CF’s DNS servers, but I need to trust an upstream DNS somewhere, and it’s not going to be Google’s or my ISP’s.

    I used CloudFlare to proxy access to my private li’l Lemmy instance, as I don’t want to expose the IP address I host it on. That’s more about privacy than security.

    For the few self-hosted services I expose on the internet (Home Assistant being a good example), I don’t even both with CF at all. use Nginx Proxy Manager and Authelia, providing SSL I control, enforcing a 2FA policy I administer.

    • cryptix@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      10 months ago

      Actually you dont need to trust a upstream DNS server. Checkout dnscrypt-proxy in github. You can use dnscrypt with Anonymized DNS relays. You can use the IP of this dnscrypt-proxy as your DNS resolver.

      • DeltaTangoLima@reddrefuge.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        Yeah, I cam across this project a few months ago, and got distracted before wrapping my head around the architecture. Another weekend project to try out!