this post was submitted on 02 Jul 2026
108 points (95.0% liked)
Selfhosted
60366 readers
705 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil.
-
No spam.
-
Posts are to be related to self-hosting.
-
Don't duplicate the full text of your blog or readme if you're providing a link.
-
Submission headline should match the article title.
-
No trolling.
-
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Thank you for this tip
I have just set it up and holy shit it worked straight away! This is so exciting!
My question, now that my apps are exposed to the internet, aside from having strong passwords is there anything else I should be doing to keep safe?
I just read no media servers on free tunnels so I'll have to use nginx for jellyfin
Using cloudflare tunnels means that the TLS is terminated at cloudflare. This means that cloudflare has the capability to snoop on your traffic, so you have trust cloudflare not to do that, especially if your traffic contains sensitive information.
Also, the 'no media in free tunnels' is outdated information as far as I know, so be sure to check up to date information on that.
Keep your software up to date
Yes in zero trust > access controls > applications you can specify a web site and then tell it how you want it protected. In its most basic form you can have it email you a login code, but if you link it to either google or Microsoft you can have users of those services use them allowing you to sso straight through.
You can also specify a wildcard *.mydomain.net and then by default anything that is in your domain will be protected. Means when you’re testing something new you won’t forget to lock it down.
You’re correct about media, I use nginx proxy manager for emby, but everything else goes through the tunnels
As for configuring, the cloudflare LLM bot has been trained on all its documentation so it’s one of the few times a chat bot is genuinely useful.