87
you are viewing a single comment's thread
view the rest of the comments
[-] lemann@lemmy.dbzer0.com 53 points 10 months ago* (last edited 10 months ago)

A reverse proxy takes all your web-based services, e.g.

  • plex on port 32400
  • octoprint on port 8000
  • transmission on port 8888

and allows you to map these to domain names, so instead of typing server.example.com:32400 you can type plex.example.com. I have simplified this quite a bit though - you need DNS configured as well, and depending on your requirements you may want to purchase a domain name if you intend on accessing content from outside your home without a self hosted VPN.

Cloudflare is a DDoS mitigation service, a caching web proxy, and a DNS nameserver. Most users here would probably be using it for Dynamic DNS. You can use it in combination with a reverse proxy as a means to mask your home IP address from people connecting to your self hosted web-based services remotely, but on its own it cannot be used as a reverse proxy (at least easily - would not recommend attempting to). Do note that Cloudflare can see all the data you transmit through their systems, something to bare in mind if you are privacy conscious.

In my opinion though, it would be much better for you to use a self hosted VPN to access your self hosted services (can be used in combination with the reverse proxy), unless there is a specific need to expose the services out to the internet

Edit: fix minor typo, add extra info about cloudflare

[-] BluePhoenix01@sh.itjust.works 3 points 10 months ago

Very good points all around.

So far, I have WireGuard set up, and activate it when I need access.

This year I have considered Cloudflare tunnels to enable them only to issue SSL certificates (instead of signing my own like I did last year). But not sure if it is worth it or if I should just keep signing myself.

(Cert is mainly to avoid SSL warnings on iOS and browsers, so far I am the only one using what I host)

Might also be nice to not have to configure each device to use a different dns server (my own), but not sure the benefit is worth having that dns record “out there” and Cloudflare “in here”.

[-] Chewy7324@discuss.tchncs.de 2 points 10 months ago

The DNS-01 challenge [1] allows for issuing SSL certificates without a publicly routable IP address. It needs API support from your DNS provider to automate it, but e.g. lego [2] supports many services.

I personally leave my Wireguard VPN always on, but as its only routing the local subnet with my services, it doesn't even appear in my battery statistics.

[1] https://letsencrypt.org/docs/challenge-types/#dns-01-challenge

[2] https://github.com/go-acme/lego

[-] BluePhoenix01@sh.itjust.works 1 points 10 months ago

Thank you for the info and the links. That seems like a more sensible approach. Hope to try it out after the work week is done.

load more comments (8 replies)
this post was submitted on 29 Dec 2023
87 points (93.1% liked)

Selfhosted

40152 readers
544 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS