That bring said… I just moved my homeserver to another city… and I plugged in the power, then I plugged in the ethernet, and that was the whole shebang.
Tunnels made it very easy. No port forwarding no dns configuration no firewall fiddling no nothing.
1.1.1.1/cloudflared responds crazy fast compared to anything else i’ve used. I really just wanted off Google (and before them OpenDNS). That’s about it.
It’s actually better privacy since it talks directly to the root servers instead of cloudflare knowing all of your DNS traffic. Quad9 is a good alternative with better data policies
Once configured, Tor Hidden Services also just work (you may need to use some fresh bridges in certain countries if ISPs block Tor there though). You don’t have to trust any specific third party in this case.
Unless you are behind CGNAT; you would have had the same plug+play experience by using your own router instead of the ISP supplied one, and using DDNS.
Yes, but if you host a public site it might be a better option, the content is public anyway, and you won’t get doxed if you publish something controversial.
It’s a trade-off, between keeping traffic private or keeping your IP private.
Wireguard works best for private traffic, but you can’t host a public site with that.
This is false. Some ISP’s change IP’s often, but some don’t and sometimes geoip lookups can be really accurate. My IP has remained the same since I moved in, and a geoip lookup results in a coordinate less than a kilometer away. It does matter.
I guess you live in a country with loads of spare IP addresses. Here in the UK they change every few days and IPs get rotated between all ISPs, so you can’t even deduct which ISP I’m using. And sometimes my IP is not even a mainland UK IP, but some weird shit from across the world, because Empire, lol.
When looking up my static ip, the location I get is the one of my ISP, not my address. Do you happen to live nearby some central infrastructure of your ISP? (If it seems otherwise, I’m not trying to debunk what you said - I’m just asking curious questions!)
@qaz@Darkassassin07 what are you even saying? Ip address doesn’t expose where you live. And better get off the internet right now if your concern is exposing your ip cause it was never secret to begin with.
Tunnels stop you from opening a port so nothing is exposed openly to the internet but it does not keep your ip private.
Tunnels stop you from opening a port so nothing is exposed openly to the internet1 but it does not keep your ip private2.
This is also incorrect.
The entire purpose of CF tunnels is to expose sites on the internet
CF tunnels (and services like it e.g. ngrok) rely on shared proxy servers that forward traffic based on HTTP host headers (which is why you can’t forward arbitrary TCP traffic). The IP of the site will therefore have the shared IP of the company’s proxy server instead of your own.
How do you imagine that geoblocking content works if IP addresses don’t expose where you live?
And better get off the internet right now if your concern is exposing your ip cause it was never secret to begin with.
qaz could be using any of dozens of different methods to obfuscate their IP from the wider internet to write their comment, Tor or a VPN to name just a couple.
Not entirely. CF can protect you from DDOS of up to a few millions of calls per minute. Your home router would melt with that traffic.
They also act as a firewall if you enable the proxy dns feature. They do a sanity check before forwarding the call. Also a home router cannot do this.
And there’s more.
@lemmyvore@f2sfljLhdtTZ cloud flare doesn’t drop you in that situation, I’ve been using them for years and seen them quietly and contently mitigate attacks for my clients
Sure, cloudflare provides other security benefits; but that’s not what OP was talking about. They just wanted/liked the plug+play aspect, which doesn’t need cloudflare.
Those ‘benefits’ are also really not necessary for the vast majority of self hosters. What are you hosting, from your home, that garners that kind of attention?
The only things I host from home are private services for myself or a very limited group; which, as far as ‘attacks’ goes, just gets the occasional script kiddy looking for exposed endpoints. Nothing that needs mitigation.
@f2sfljLhdtTZ@Darkassassin07 Eveyone so worried about DDoS. They are not going to DDoS a resedential Ip address. Sure if youbpiss someone off they well they’re going to do it even without selfhosting anything.
I can assure you that before I set up Cloudflare, I was getting hit by SYN floods filling up the entire bandwidth of my home DSL2 connection multiple times a week.
Because Cloudflare acts as a reverse proxy it can see everything that happens in a session.
This is also known as a man in the middle attack. But Cloudflare meds to do this in order to do it’s checks for bad actors.
Now, as Cloudflare has access to the unencrypted traffic and we know that NSA is all about data vacuuming due to the Snowdn leaks we can make a tin foil hat guess whaylt goes on.
I don’t understand why Cloudflare gets bashed so much over this… EVERY CDN out there does exactly the same thing. It’s how CDN’s work. Whether it’s Akamai, AWS, Google Cloud CDN, Fastly, Microsoft Azure CDN, or some other provider, they all do the same thing. In order to operate properly they need access to unencrypted content so that they can determine how to cache it properly and serve it from those caches instead of always going back to your origin server.
My employer uses both Akamai and AWS, and we’re well aware of this fact and what it means.
Just note, OP, that the last part of his statement is pure speculation. The first part is technically true, which can lead to that inference, but no information has been released which corroborates it. However, that does not mean it’s not possible.
Though those leaks showed they actually did it on a large scale. I don’t think they stopped for some arbitrary reason. Why would they? And technology developed further, surveillance is only getting easier. I’d say even without a tin-foil hat on, it’s more likely they do it than not.
@ramble81@slazer2au sure but they had PRISM to think they are still not doing something like that is absurd. We know they’re doing it and cloudflare would be a perfect target.
The trouble with cloudflare is that there is just one. It’s one of the best registrars out there, the only free/cheap and usable DNS host (have you seen what route53 charges per zone??). That without getting into the whole tunnels and DDoS mitigation end of things, which is nearly unique at any price point.
The problem with cloudflare is that we’re missing three other cloudflares to move to if they decide to pull evil shit.
It’s only a good registrar if you don’t care about privacy and you’re ok with their selection of TLDs (selected only from registries without privacy).
The free accounts do not benefit from DDoS protection. Re-read their terms of service, they’re vague on purpose. If you were ever DDoS’ed (I don’t know who would bother btw but that’s another discussion) they’d just drop you.
You can establish the tunneling thing on your own with any VPS.
The problem with cloudflare is that we’re missing three other cloudflares to move to if they decide to pull evil shit.
You can and should diversify your services and spread them to different providers that are easy to switch. I’ve been with “all in one” providers before, they inevitably end up leveraging their convenience into all sorts of crap. But until you get burned a couple of times they look really good.
Contact support and tell them how many you need and they’ll try to accommodate you. There were a lot of people abusing the service and hosting hundreds of domains so now they’re making everybody request them explicitly unfortunately. They’ve also had to suspend their .dedyn.io DDNS service indefinitely because of the abuse.
That’s why we can’t have nice things.
Please read up on DNSSEC because you will be required to turn it on for every domain you host with them.
I’m not seeing bunny.net on that list, it has a DNS service with API. They have a minimum account maintenance fee of $1/mo and when you load up your account you have to load a minimum of $10. So basically it’s $1/mo for which you get a lot of DNS and CDN service included (20M DNS queries and 100GB transfer).
The bigger trouble is creating a CDN has a stupidly high barrier to entry. You literally need your own data centers across the world, your own server infrastructure, the man power to manage it, etc.
You could try to host it on a cloud provider but you’d go bankrupt even quicker. Unless someone were to try to build a co-op run CDN, it’s just not gonna happen without a profit motive and a large amount of capital.
I mean the optimal cdn is maximally distributed to reduce load and latency right. Unfortunatly the web was not built in a manner that supports this.
Eg if we could have a single url for the same object that could be served by any server that is part of the fediverse then the fediverse itself would be an optimal cdn.
Perhaps we should take some notes from peertube. Plus more legitimate bit torrent content on the internet as a whole is hardly a bad thing make the isp’s jobs harder for places without net neutrality.
I consulted with professor gpt and it seams that it’s basicly just giving the same ip address to multiple servers meaning that any of said servers can serve as that ip.
Also it seems said ips require paying large sums of money to isps. My poiny was more that with the current mainstream internet (http websockets etc) it would require you to run a local service/proxy that can interpret a global id and route to basicly any small server with said resource. Unfortunatly i dont think its possible to build such a thing that would just work across browsers if embedded into a standard webpage.
I feel like something like https://www.storj.io/ is on the path to what we would want/need?
There might be some additional requirements for a true CDN to ensure data is closer to where it’s needed and in as many regions as needed though with the right amount of bandwidth. The data gets stored all over the place, but that doesn’t mean its optimal. But they do seem to claim it’s faster on their website…
Edit: For those not wanting to click, TLDR is they use excess storage around the world and make it accessible anywhere, and safe from failures. People with excess storage can join the network if they have enough storage/bandwidth and pass some tests. Their API is S3 compatible.
I once realized so many of my favourite businesses were cooperatives. I started thinking of what other co-ops I could start and grow. The excitement faded once I realized it would have to not be about the money.
Coops are still about the money. They’re about saving money by sharing resources with fellow workers/consumers, and maintaining democratic control over the company. You’re not going to get rich from a coop (without embezzlement), but you and your coowners will be cutting out the middle man. Obviously, it only makes sense for industries that you’re heavily invested in.
Even when you host a HUGE static website (e.g. maps with thousands of image files). You can just throw it on R2 add a few transform rules, point a domain at it, and you are done. Also highlights the usability of Cloudflare compared to other solutions.
You can set A DNS entries without wildcard in the configs (with head scale at least), just use their magic DNS thing that works with hostnames or just self host DNS and tell your tailnet to use that.
Actually you can… I do that with my setup. Just point your domain to the new ip assigned by tailscale to your server. Thats all. Recently they started supporting the https certificate also… Even though it’s not needed, for internal only communication.
That’s just a bandaid on capitalism’s issues. Urging people not to support the biggest actor will never work in the grand scheme of things, when said actor provides their best immediate interests.
Do you have a VPS or server with its own IPv4 address outside your home?
If you want I can maybe help you with configuring my new tool/service to replace Cloudflare Tunnels
But it depends on how you use it also, if you want to explain that send me a reply or a private message and I can answer if I think it is possible and give you the basic configuration for it, or check out the project and its sources I posted here
No, no public repo, no repo at all tbh, only the public code posted at the cloud drive, but the code is fully inspectable in the drive and there are no compiled binaries (you must compile it yourself to use it)
No shade on you, dude… but if it’s not available in a public repo where people with more experience than me have the opportunity to validate and review it… then I’m really really really not interested in downloading or running it on my machine.
I have trust issues with cloudflare yes, but I also have trust issues with random zip files from strangers’ cloud drives.
I’m pretty much just sharing my public backup with everyone, it is the only thing I need when deploying it, maybe someone else uploads it to some repo one day!
we should definitively have a wiki (though people should use “search” too, I wonder if a wiki would help really). This “topic” comes every month. I have posted this already, here it goes again: https://github.com/anderspitman/awesome-tunneling
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
I mean, I used to think Google Public DNS was great until I switched to 1.1.1.1…
9.9.9.9
What benefits are you having from switching?
1.1.1.1/cloudflared responds crazy fast compared to anything else i’ve used. I really just wanted off Google (and before them OpenDNS). That’s about it.
Commenting as I am curious about this too!
If you like 1.1.1.1 the. You should try 9.9.9.9. Or better yet host unbound pihole if you’re up to the challenge. Best dns experience I’ve had.
If you use 9.9.9.9, you should try Mullvad DNS (with adblocking) or AdGuard Public DNS
Since we’re all throwing out DNS options, I’ll toss in NextDNS
I already use pihole, but with cloudflared as the upstream. What benefits does unbound offer besides improved security?
It’s actually better privacy since it talks directly to the root servers instead of cloudflare knowing all of your DNS traffic. Quad9 is a good alternative with better data policies
So now your ISP sees all of your queries instead of CF. (Assuming the cloudflared option is using DoH)
I’ll trust Cloudflare over Comcast/AT&T/etc. any day of the week.
Your ISP knows where you’re going anyway. They don’t need DNS for that. They see all the traffic.
You can run a VPN and tunnel your outbound DNS queries over that. Heck, you could tunnel your DNS queries over TOR
It looks like Quad9 supports DoH: quad9
You might want to study more about SNI. Your ISP knows anyway
I know plenty account SNI already, but thanks. You might want to study more yourself, since we’re being condescending.
https://blog.cloudflare.com/encrypted-sni/
Well, running your own DNS server will also give you eSNI. And Cloudflare still doesn’t know anything
I use Cloudflare as my registrar and public DNS. And only for that. Sorry but they don’t get to peek at my network traffic.
I use cloud flare tunnel for my home server too. Are there any viable and somewhat easy alternatives?
Once configured, Tor Hidden Services also just work (you may need to use some fresh bridges in certain countries if ISPs block Tor there though). You don’t have to trust any specific third party in this case.
Wouldn’t that be slow?
Yes. Very slow. And only accessible from tor clients or tor2web/onion.to-like constructions. Which adds additional delay and errors.
There are things for which onion addresses are the right solution. This is not one of them.
It would. But it’s a good option when you have computationally heavy tasks and communication is relatively light.
Get a cheap VPS and set up a VPN of your choice.
Just make sure the VPS will shut down if the bandwidth is exceeded rather than giving you a big overage charge.
Port forwards in the router + DynDns.
Tailscale funnels
As soon as I can use my personal domains with tailscale funnel I’ll be switching, I like tail scale a lot
I guess that’s fine for some. Not a compromise I’m willing to make though.
DynDNS? I’m not 100% sure what CF Tunnel does, but from my 2 min reading it seems that DynDNS would accomplish what OP described just as well.
Oh, it’s way more than what any dyndns can do.
It might help to read it once more then 🙂
Unless you are behind CGNAT; you would have had the same plug+play experience by using your own router instead of the ISP supplied one, and using DDNS.
At least, I did.
Yes, but it does expose your own IP address and thus where you live. Tunnels don’t.
True, but the downside of cloudflare is that they are a reverse proxy and can see all your https traffic unencrypted.
Yes, but if you host a public site it might be a better option, the content is public anyway, and you won’t get doxed if you publish something controversial. It’s a trade-off, between keeping traffic private or keeping your IP private. Wireguard works best for private traffic, but you can’t host a public site with that.
Of course you can! Nginx and wireguard on a VPS and actual services wherever you want.
deleted by creator
Your IP changes all the time, it doesn’t matter. The best someone can deduct from your IP is the country.
This is false. Some ISP’s change IP’s often, but some don’t and sometimes geoip lookups can be really accurate. My IP has remained the same since I moved in, and a geoip lookup results in a coordinate less than a kilometer away. It does matter.
I guess you live in a country with loads of spare IP addresses. Here in the UK they change every few days and IPs get rotated between all ISPs, so you can’t even deduct which ISP I’m using. And sometimes my IP is not even a mainland UK IP, but some weird shit from across the world, because Empire, lol.
@qaz @Aux now you’ve just exposed where you live not your ipaddress. Nobody would have thought it was that close now they do.
When looking up my static ip, the location I get is the one of my ISP, not my address. Do you happen to live nearby some central infrastructure of your ISP? (If it seems otherwise, I’m not trying to debunk what you said - I’m just asking curious questions!)
Yes, it seems to be a hit or a miss. I don’t think I live near any central infrastructure or ISP, especially not this specific part of the city.
@qaz @Darkassassin07 what are you even saying? Ip address doesn’t expose where you live. And better get off the internet right now if your concern is exposing your ip cause it was never secret to begin with.
Tunnels stop you from opening a port so nothing is exposed openly to the internet but it does not keep your ip private.
https://letmegooglethat.com/?q=geoip+lookup
This is also incorrect.
How do you imagine that geoblocking content works if IP addresses don’t expose where you live?
qaz could be using any of dozens of different methods to obfuscate their IP from the wider internet to write their comment, Tor or a VPN to name just a couple.
No. You are skipping DNS.
I didn’t skip it, I installed ddclient.
Cloudflare is the devil!
As in, running software to update your DNS records automatically based on your current system IP. Great for dynamic IPs, or just moving location.
Not entirely. CF can protect you from DDOS of up to a few millions of calls per minute. Your home router would melt with that traffic. They also act as a firewall if you enable the proxy dns feature. They do a sanity check before forwarding the call. Also a home router cannot do this. And there’s more.
Both your ISP and CF will drop you like a hot potato if you’re ever under that kind of attack.
CF has other features that are nice like, like WAF, bot detection, geo blocking, caching etc. But it’s only a taste.
All their real services are paid and the whole reason they offer a free tier is to upsell you to their paid services.
@lemmyvore @f2sfljLhdtTZ cloud flare doesn’t drop you in that situation, I’ve been using them for years and seen them quietly and contently mitigate attacks for my clients
@lemmyvore @f2sfljLhdtTZ You can geoock without CloudFlare.
Sure, cloudflare provides other security benefits; but that’s not what OP was talking about. They just wanted/liked the plug+play aspect, which doesn’t need cloudflare.
Those ‘benefits’ are also really not necessary for the vast majority of self hosters. What are you hosting, from your home, that garners that kind of attention?
The only things I host from home are private services for myself or a very limited group; which, as far as ‘attacks’ goes, just gets the occasional script kiddy looking for exposed endpoints. Nothing that needs mitigation.
@f2sfljLhdtTZ @Darkassassin07 Eveyone so worried about DDoS. They are not going to DDoS a resedential Ip address. Sure if youbpiss someone off they well they’re going to do it even without selfhosting anything.
I can assure you that before I set up Cloudflare, I was getting hit by SYN floods filling up the entire bandwidth of my home DSL2 connection multiple times a week.
I am out of the loop, what’s going in with snooping?
I use their cloudflared tunnel sometimes for accessing home hosted stuff.
Because Cloudflare acts as a reverse proxy it can see everything that happens in a session.
This is also known as a man in the middle attack. But Cloudflare meds to do this in order to do it’s checks for bad actors.
Now, as Cloudflare has access to the unencrypted traffic and we know that NSA is all about data vacuuming due to the Snowdn leaks we can make a tin foil hat guess whaylt goes on.
Thank you!
I don’t understand why Cloudflare gets bashed so much over this… EVERY CDN out there does exactly the same thing. It’s how CDN’s work. Whether it’s Akamai, AWS, Google Cloud CDN, Fastly, Microsoft Azure CDN, or some other provider, they all do the same thing. In order to operate properly they need access to unencrypted content so that they can determine how to cache it properly and serve it from those caches instead of always going back to your origin server.
My employer uses both Akamai and AWS, and we’re well aware of this fact and what it means.
Just note, OP, that the last part of his statement is pure speculation. The first part is technically true, which can lead to that inference, but no information has been released which corroborates it. However, that does not mean it’s not possible.
This is true. Which is why I said tinfoil hat guess.
Though those leaks showed they actually did it on a large scale. I don’t think they stopped for some arbitrary reason. Why would they? And technology developed further, surveillance is only getting easier. I’d say even without a tin-foil hat on, it’s more likely they do it than not.
@ramble81 @slazer2au sure but they had PRISM to think they are still not doing something like that is absurd. We know they’re doing it and cloudflare would be a perfect target.
The trouble with cloudflare is that there is just one. It’s one of the best registrars out there, the only free/cheap and usable DNS host (have you seen what route53 charges per zone??). That without getting into the whole tunnels and DDoS mitigation end of things, which is nearly unique at any price point.
The problem with cloudflare is that we’re missing three other cloudflares to move to if they decide to pull evil shit.
Check out desec.io als an alternative
I’ve moved a couple of domains to dnssec and it’s great, simple DNS.
That sure does seem to tick a lot of boxes. I’m going to check it out!
So I need to make a VPS setup script to install bind for DNS and wireguard or openvpn and push it to gitlab/GitHub?
I am not sure what that would accomplish.
I have all that, but I still use cf for a ton of stuff.
It’s not the only free DNS service.
It’s only a good registrar if you don’t care about privacy and you’re ok with their selection of TLDs (selected only from registries without privacy).
The free accounts do not benefit from DDoS protection. Re-read their terms of service, they’re vague on purpose. If you were ever DDoS’ed (I don’t know who would bother btw but that’s another discussion) they’d just drop you.
You can establish the tunneling thing on your own with any VPS.
You can and should diversify your services and spread them to different providers that are easy to switch. I’ve been with “all in one” providers before, they inevitably end up leveraging their convenience into all sorts of crap. But until you get burned a couple of times they look really good.
can i get some alternatives. currently basically using cf pretty much just for dns, but would really like to switch
desec.io
that looks great, thanks o/
EDIT: looks like you can only manage 1 domain before having to contact their support
As it is run by volunteers, they probably want to keep corporate (or domain hoarders) off their platform unless they pay.
makes sense, they support plenty of donation options, if that’s suggested/a requirement to let me transfer in more than 1 :)
Contact support and tell them how many you need and they’ll try to accommodate you. There were a lot of people abusing the service and hosting hundreds of domains so now they’re making everybody request them explicitly unfortunately. They’ve also had to suspend their .dedyn.io DDNS service indefinitely because of the abuse.
That’s why we can’t have nice things.
Please read up on DNSSEC because you will be required to turn it on for every domain you host with them.
https://community.letsencrypt.org/t/dns-providers-who-easily-integrate-with-lets-encrypt-dns-validation/86438
I’m not seeing bunny.net on that list, it has a DNS service with API. They have a minimum account maintenance fee of $1/mo and when you load up your account you have to load a minimum of $10. So basically it’s $1/mo for which you get a lot of DNS and CDN service included (20M DNS queries and 100GB transfer).
I wish they supported my country’s two CCTLDs but other than that I’m very happy. I would never buy any of the crazy vanity TLDs anyways.
I mostly own .com domains and two CCTLDs domains.
Well it’s cloudflare, not cloudsflare. Maybe overcasthosting, or sunblockservers…
deleted by creator
The bigger trouble is creating a CDN has a stupidly high barrier to entry. You literally need your own data centers across the world, your own server infrastructure, the man power to manage it, etc.
You could try to host it on a cloud provider but you’d go bankrupt even quicker. Unless someone were to try to build a co-op run CDN, it’s just not gonna happen without a profit motive and a large amount of capital.
I mean the optimal cdn is maximally distributed to reduce load and latency right. Unfortunatly the web was not built in a manner that supports this.
Eg if we could have a single url for the same object that could be served by any server that is part of the fediverse then the fediverse itself would be an optimal cdn.
Perhaps we should take some notes from peertube. Plus more legitimate bit torrent content on the internet as a whole is hardly a bad thing make the isp’s jobs harder for places without net neutrality.
Look up Anycast when you get a chance.
I consulted with professor gpt and it seams that it’s basicly just giving the same ip address to multiple servers meaning that any of said servers can serve as that ip.
Also it seems said ips require paying large sums of money to isps. My poiny was more that with the current mainstream internet (http websockets etc) it would require you to run a local service/proxy that can interpret a global id and route to basicly any small server with said resource. Unfortunatly i dont think its possible to build such a thing that would just work across browsers if embedded into a standard webpage.
I feel like something like https://www.storj.io/ is on the path to what we would want/need?
There might be some additional requirements for a true CDN to ensure data is closer to where it’s needed and in as many regions as needed though with the right amount of bandwidth. The data gets stored all over the place, but that doesn’t mean its optimal. But they do seem to claim it’s faster on their website…
Edit: For those not wanting to click, TLDR is they use excess storage around the world and make it accessible anywhere, and safe from failures. People with excess storage can join the network if they have enough storage/bandwidth and pass some tests. Their API is S3 compatible.
That’s true. The bizarre paradox of the centralization of edge infrastructure is real.
That said, the other edge-lords (haha) could offer similar functionality, but they chose not to.
I once realized so many of my favourite businesses were cooperatives. I started thinking of what other co-ops I could start and grow. The excitement faded once I realized it would have to not be about the money.
Coops are still about the money. They’re about saving money by sharing resources with fellow workers/consumers, and maintaining democratic control over the company. You’re not going to get rich from a coop (without embezzlement), but you and your coowners will be cutting out the middle man. Obviously, it only makes sense for industries that you’re heavily invested in.
Car making without the tracking bullshit!
Their static website hosting is probably the best in the business. We seriously need some competition though.
There are tons of CDNs out there.
Even when you host a HUGE static website (e.g. maps with thousands of image files). You can just throw it on R2 add a few transform rules, point a domain at it, and you are done. Also highlights the usability of Cloudflare compared to other solutions.
also, when you have 5g failover on the router and the fiber it’s down, it automagically continues to work without admin intervention
I prefer Tailscale Funnel for these kinds of things. NetBird and ZeroTier also work just fine if you don’t want to expose your services to the public.
I looked at headscale but as far as I can tell their is no active directory or SSO integration. Which is very unfortunate.
Good news, they support OIDC! Haven’t tested it myself so your mileage may vary.
https://headscale.net/oidc/#basic-configuration
Tailscale is so cool too. I’ll definitely be switching if I can ever use my own domains
You can set A DNS entries without wildcard in the configs (with head scale at least), just use their magic DNS thing that works with hostnames or just self host DNS and tell your tailnet to use that.
Actually you can… I do that with my setup. Just point your domain to the new ip assigned by tailscale to your server. Thats all. Recently they started supporting the https certificate also… Even though it’s not needed, for internal only communication.
Just stop supporting the biggest actor in the market.
That’s just a bandaid on capitalism’s issues. Urging people not to support the biggest actor will never work in the grand scheme of things, when said actor provides their best immediate interests.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
13 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.
[Thread #830 for this sub, first seen 26th Jun 2024, 04:45] [FAQ] [Full list] [Contact] [Source code]
Good bot.
Do you have a VPS or server with its own IPv4 address outside your home?
If you want I can maybe help you with configuring my new tool/service to replace Cloudflare Tunnels
But it depends on how you use it also, if you want to explain that send me a reply or a private message and I can answer if I think it is possible and give you the basic configuration for it, or check out the project and its sources I posted here
Does your tool have a public repo I can take a look at?
No, no public repo, no repo at all tbh, only the public code posted at the cloud drive, but the code is fully inspectable in the drive and there are no compiled binaries (you must compile it yourself to use it)
No shade on you, dude… but if it’s not available in a public repo where people with more experience than me have the opportunity to validate and review it… then I’m really really really not interested in downloading or running it on my machine.
I have trust issues with cloudflare yes, but I also have trust issues with random zip files from strangers’ cloud drives.
I appreciate your helpful attitude anyway 🙂
No worries, I understand
There are just text files there anyway
I’m pretty much just sharing my public backup with everyone, it is the only thing I need when deploying it, maybe someone else uploads it to some repo one day!
I have written a small blog post about how to Bypass CGNAT, and have also mentioned why you should not use Cloudflare if you are hosting for privacy.
deleted by creator
we should definitively have a wiki (though people should use “search” too, I wonder if a wiki would help really). This “topic” comes every month. I have posted this already, here it goes again: https://github.com/anderspitman/awesome-tunneling
Thanks for sharing!
That’s awesome thanks!