shastaxc
- 0 Posts
- 55 Comments
So many suggestions here but I thought I’d chime in because I have a setup very similar to what you suggested and I found a very easy way of hosting it securely. I am using Unraid on a system in my house. I have my web service running in a docker container. I exposed it using a cloudflare tunnel. There is an Unraid plugin for cloudflare tunnels that takes out a lot of the configuration work involved in getting it running locally. You just have to also set up a corresponding endpoint on Cloudflare’s website and have a domain name registered with them for you to link to it.
The way it works then is when someone requests your domain (or subdomain) in their browser, Cloudflare gets the request and redirects the traffic to the cloudflare tunnel client app that you set up in your computer. That app on your machine then redirects the traffic to your other container that is hosting your web service and established bidirectional communication that way.
The benefits to this system are:
- Relatively easy setup, especially if you want to expose more services in the future (you’ll need to run a separate cloudflare container for each service exposed though)
- No need to open ports in your router or firewall on your home network. Cloudflare just knows how to communicate between its server and its client app on your computer (I think you have to set up an access token so it is secure).
- None of your users ever learn your home IP address because once they connect at Cloudflare’s server, they don’t get any more knowledge than that about what’s on the other side.
- It’s free (not including the cost of registering your domain)
- You don’t have to worry about changing anything if your ISP randomly changes your IP address. Hell, you could even move to a new house and take your computer with you and you wouldn’t have to reconfigure anything.
Downsides:
- You have to trust that Cloudflare is not scraping all the traffic going through the tunnel.
- Some people have a moral issue with giving Cloudflare more responsibility for hosting “the Internet”. We already rely on their infrastructure heavily for large sections of the Internet. If they ever become malicious or compromised, there is a lot to lose as a society.
I believe you can use Wireguard and a rented VPS to recreate this setup without Cloudflare but it will require a lot more knowledge in order to set it up with more points of failure. And it would cost more because even though Wireguard is FOSS, a VPS will cost you a monthly fee of at least a few bucks per month.
I currently have 2 services exposed using Cloudflare tunnels on my Unraid system at home. They’ve been running for over a year now with 0 interruption.
People don’t like centralizing the Internet in a single service. There’s nothing wrong with the product. It works great and is much more secure than opening ports in your home network. This community is just more biased toward decentralization and privacy, which is a common reason for people to start self hosting.
I think wireguard can allow you to set up a similar external connection with some extra steps. This would remove Cloudflare from the loop.
I guess I’ll have to do the research myself. Ohh bother. I can tell you that Keycloak can use a postgresql db or ldap but it is not built in. I honestly really dislike LDAP though. It’s an old protocol that has terrible client support and the only real reason to use it imo is if you need to support really high number of users and traffic, like in the millions.
This is why I spend a good amount of time setting up linters on new repos before even starting to make the application. It saves a ton of time in peer reviews because no one has to think about formatting. Some people may not like the rules chosen but official direction from the boss is “get over it”. There are 0 comments on PRs about formatting which only ever annoys people and is a waste of good dev time.
The backup and easy set up on other servers is not necessarily super useful for a homelab but a huge selling point for the enterprise level. You can make a VM template of your host with docker set up in it, with your Compose definitions but no actual data. Then spin up as many of those as you want and they’ll just download what they need to run the images. Copying VMs with all the images in them takes much longer.
And regarding the memory footprint, you can get that even lower using podman because it’s daemonless. But it is a little more work to set things up to auto start because you have to manually put it into systemd. But still a great option and it also works in Windows and is able to parse Compose configs too. Just running Docker Desktop in windows takes up like 1.5GB of memory for me. But I still prefer it because it has some convenient features.
Chrome released in 2008,but did not support HTML5 video until 2010. But yes, Safari did it first (in 2008). https://en.m.wikipedia.org/wiki/HTML5_video
I got firstlast.info (it used to be cheap)
This is more a condemnation of nest.js than ts. It seems great in theory. I like the architecture and the ability to share models and interfaces between front and backend, but it’s objectively makes everything more complicated. It adds layers of abstraction that should not be necessary and it’s such a niche/unpopular framework for backend systems that you generally have to jump through hoops to do anything moderately complex. Not only do new devs have to learn typescript to use it, they have to learn the nest architecture to know how to do things “the right way” and you still end up in situations like this which looks perfectly valid but isn’t. Typescript was never meant to be used for backend, and trying to make it do so and then complaining about it is like jogging while carrying a gun, shooting yourself in the foot, and blaming the gun.
Yeah because that’s a great loophole for foreign governments to install a puppet president in our country. At least currently it is a little harder.