So everyone is talking about cloudflare tunnels and I decided to give it a shot.
However, I find the learning curve quite hard and would really appreciate a short introduction into how they work and how do I set them up…
In my current infrastructure I am running a reverse proxy with SSL and Authentik, but nothing is exposed outside. I access my network via a VPN but would like to try out and consider CF. Might be easier for the family.
How does authentication work? Is it really a secure way to expose internal services?
Thanks!
Here’s how I do it: https://blog.lchapman.dev/self-hosting-foundations/
Note: blog isn’t monetised, I just write things up to make them easier to share with people.
Basically, I use a cloud VM as a gateway and reverse proxy to my services which are accessible via VPN. It’s not free, but it’s pretty cheap.
I have a friend who is using Cloudflare for this. He has a domain and he can access his services at domain.tld:port. Not bad, and it’s free. He could have his tunnel pointed at Caddy like I do and use subdomains, but he hasn’t got that far yet.
I prefer my method but both seem to get the basic functionality working.
Thanks for the write up! I’ll definately check out your blog as well. A cloud gateway is something I’ve considered as well (especially when the costs are around $5 monthly). How do you handle authentication?
Currently I don’t have an auth service sitting in front of my other services, it’s just whatever auth is built into each app and saved passwords.
That said, I’ve deployed Authentik at a workplace and really enjoyed working with it, using it for SSO for a variety of services. I’ll implement it on my own platform soon.