this post was submitted on 14 Jun 2023
13 points (93.3% liked)
Selfhosted
60281 readers
558 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil.
-
No spam.
-
Posts are to be related to self-hosting.
-
Don't duplicate the full text of your blog or readme if you're providing a link.
-
Submission headline should match the article title.
-
No trolling.
-
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That's sounds so much simpler than what I am doing right now. Right now I have a digital ocean droplet server running openvpn and I have any servers I want open to the internet connecting to that openvpn server as a client. I then NAT all incoming traffic to the servers I have with iptables as if the droplet is a router. Is it much easier to setup a cloudflare tunnel? Or am I basically accomplishing the same thing? Will I be able to run all the other services I have because I'm not just web hosting? I also do not have a static IP.
Since I didn't want to use cloudflare I use a free oracle vps with tailscale and a reverse proxy on it. Then thru tailscale all services from home can go to the proxy without forwarding any ports and services can be accessible
Cloudflare tunnels or a reverse proxy with Cloudflare DNS would be much easier to manage IMO. What you're doing will work but it seems like you have a lot of moving parts in your setup which can lead to errors creeping in.
With both proposed setups you should be able to pass non web-based traffic to their respective backends. In nginx that would look something like the following:
With Cloudflare tunnels you can setup a VM as your tunnel termination point and configure ingress rules to pass traffic where it needs to go, similar to this:
One thing you can do for your public IP is use something like inadyn to update cloudflare with your public IP when it changes. Inadyn is super lightweight and will make sure, +/- 5 minutes, that your public IP is up-to-date with Cloudflare.