Wondering if anyone from the #selfhosted crowd could help me with some suggestions for alternatives to Cloudflare tunnels.
-
Wondering if anyone from the #selfhosted crowd could help me with some suggestions for alternatives to Cloudflare tunnels. Main things I run behind tunnels now are Vaultwarden and Immich.
Anyone using some similar service? Or am I better off just fronting everything myself?
-
Wondering if anyone from the #selfhosted crowd could help me with some suggestions for alternatives to Cloudflare tunnels. Main things I run behind tunnels now are Vaultwarden and Immich.
Anyone using some similar service? Or am I better off just fronting everything myself?
Ideally, VaultWarden should be run on a private VLAN with local LAN accessibility and VPN (or ssh-tunneled) remote connectivity; it shouldn't be exposed to the Net unless you have no other option.
I probably wouldn't expose Immich to the Net either, unless you need to share with folks (relatives ...) who can't handle a VPN.
The Algo VPN server configurator is pretty good at setting up VPN servers, though I've had to write some scripts to make managing users on them less annoying.
(This may not be useful, since I dunno why you're using Cloudflare; I'd be happy to try to be more useful if you want to detail your use case more.)
@tobraha -
Ideally, VaultWarden should be run on a private VLAN with local LAN accessibility and VPN (or ssh-tunneled) remote connectivity; it shouldn't be exposed to the Net unless you have no other option.
I probably wouldn't expose Immich to the Net either, unless you need to share with folks (relatives ...) who can't handle a VPN.
The Algo VPN server configurator is pretty good at setting up VPN servers, though I've had to write some scripts to make managing users on them less annoying.
(This may not be useful, since I dunno why you're using Cloudflare; I'd be happy to try to be more useful if you want to detail your use case more.)
@tobraha@spike thanks for the tips! I do have Immich locked down behind mTLS, but I do share vaultwarden with family members for whom mTLS would be much more difficult to manage.
I definitely don't like having vaultwarden open like this. I do have a Wireguard server setup which might be an easier way to lock down access to my family members. wg has pretty good support across mobile platforms for app specific routing and such.
Your advice is helpful! I have these tiny humans to take care of that demand most of my brainpower
-
Wondering if anyone from the #selfhosted crowd could help me with some suggestions for alternatives to Cloudflare tunnels. Main things I run behind tunnels now are Vaultwarden and Immich.
Anyone using some similar service? Or am I better off just fronting everything myself?
@tobraha I run a wireguard VPN to get to my passbolt password storage. Passbolt has no exposure to the internet and I can do a wireguard "split tunnel" where only my network resources go through the vpn or I can send all traffic back to my home network. I do have resources that are proxies by nginx (nextcloud, subsonic music, plex, and soon mailcow). It is doable but it takes a good infrastructure and baby steps.
Let me know if you have questions... -
Wondering if anyone from the #selfhosted crowd could help me with some suggestions for alternatives to Cloudflare tunnels. Main things I run behind tunnels now are Vaultwarden and Immich.
Anyone using some similar service? Or am I better off just fronting everything myself?
@tobraha maybe have a look at Pangolin https://github.com/fosrl/pangolin
I’m using that with great satisfaction.
Alternatively netbird might be what you’re after https://netbird.io/ -
@tobraha maybe have a look at Pangolin https://github.com/fosrl/pangolin
I’m using that with great satisfaction.
Alternatively netbird might be what you’re after https://netbird.io/@dergilm thank you for the tips, I've not heard of either of these. Pangolin looks interesting!
-
R relay@relay.infosec.exchange shared this topic
