Given the repeat questions you can find here on basics, it’s kind of surprising there doesn’t appear to be a commonly shared FAQ, website, or book going over some of the basics.
E.g. ways to safely connect to home servers over the internet while away, when it may be better to spin up services on a VPS instead, etc.
Have I been overlooking some shared text-based resource concerning the subject, or…?
Also fwiw I did look at the sidebar links, and the awesome-sysadmin link has links to sections for blogs/books, but as of writing this, they were empty sections.
What’s the consensus on Cloudflare tunneling?
It’s pretty good. I understand and somewhat agree with the concerns about concentrating the web around one company, but tunnels is simply a great product. So convenient for running services behind CGNAT or dynamic IP without good port forwarding options, and it’s just set and forget. If there was an alternative that good I’d use it.
I’ve been using it too, it’s really good and largely transparent. Of course, you can only expose HTTP traffic and you can’t use your own certificates unless you pay (so *.*.domain.tld domains or deeper are a no go on the free plan), but for just normal self hosting it’s the perfect solution.
I think for most people it becomes a trade off decision. Do you want to expose ports and potentially open your home to attacks but keep all traffic privately encrypted (if using SSL) and yours? Or do I keep my home unexposed but delegate trust and traffic flow to Cloudflare essentially and potentially allowing them to see my traffic?
For me it depends on the service. Nothing too sensitive or personal or already publicly available? Then Cloudflare tunnel coupled with Nginx Proxy Manager.
Highly sensitive and personal? Then do I really need to expose it to the internet? Most of the time it’s no or a VPN can be used to access those resources.
Something in between? I’d consider forwarding ports and use Nginx Proxy Manager for SSL.
For some people, exposing or forwarding ports isn’t even an option due to ISPs CGNATs, not allowed, etc. In those cases Cloudflare shines and it’s the most feasible solution.
My 0.02 cents
deleted by creator