I’m willing to move away from cloudflare if only I can expose servers without a global IP and needing to open port on the router side. Do anybody know how to do this?
Or maybe I should move to somewhere I can setup port-forwarding?
VPS has public IP and runs WireGuard “server”* and a reverse proxy (and fail2ban…). Reverse proxy points to my home computer over the WireGuard link. No open ports on my home router.
For private facing/LAN-only services I just don’t have an entry in the VPS reverse proxy. DNS on the router points everything to my local server, so if at home I access everything directly. To access internal services remotely requires VPN (i.e., WireGuard to the VPS).
Works well; I have a tiny free tier VPS but even so, no complaints.
*Yes I know there are no wg clients or servers, only peers, but it plays a server-likr role.
Yes, but you can run multiple VPS, from different providers, simultaneously.
What I like is that while it does depend on an external provider, it doesn’t depend on a specific external provider. Any VPS with a public IPv4 would work.
Tailscale is definitely the most frictionless solution. But you will then rely on tailscale instead of cloudflare, so not ideal. You can also host Headscale so you do not have to rely on them either.
I’ve never heard of headscale. Can you hook this up to a domain like you can with cloudflare tunnels? That was my main reason for using it. Being able to just hand my family member a domain to point to and see audiobooks
Tailscale is fine, problem is I have to keep my phone connected to the tail network, which drains the battery. I do have a tailscale subnet router running under my network so I can fix things remotely.
I’m willing to move away from cloudflare if only I can expose servers without a global IP and needing to open port on the router side. Do anybody know how to do this?
Or maybe I should move to somewhere I can setup port-forwarding?
VPS+VPN, this is what I do.
VPS has public IP and runs WireGuard “server”* and a reverse proxy (and fail2ban…). Reverse proxy points to my home computer over the WireGuard link. No open ports on my home router.
For private facing/LAN-only services I just don’t have an entry in the VPS reverse proxy. DNS on the router points everything to my local server, so if at home I access everything directly. To access internal services remotely requires VPN (i.e., WireGuard to the VPS).
Works well; I have a tiny free tier VPS but even so, no complaints.
*Yes I know there are no wg clients or servers, only peers, but it plays a server-likr role.
I’ve been thinking about this setup but it depends on external server after all…
Yes, but you can run multiple VPS, from different providers, simultaneously.
What I like is that while it does depend on an external provider, it doesn’t depend on a specific external provider. Any VPS with a public IPv4 would work.
I wish I could afford multiple VPS
If you search around you might find free ones. Oracle has/had a free tier (though it’s Oracle, so…).
Just use wire guard. This is what tunnels is and this is what tail scale uses
Maybe Pangolin is what you are looking for.
So it’s basically the same as what https://startrek.website/u/qjkxbmwvz described above … but with extra security features?
You could use something like tail scale
Tailscale is definitely the most frictionless solution. But you will then rely on tailscale instead of cloudflare, so not ideal. You can also host Headscale so you do not have to rely on them either.
I’ve never heard of headscale. Can you hook this up to a domain like you can with cloudflare tunnels? That was my main reason for using it. Being able to just hand my family member a domain to point to and see audiobooks
Tailscale is fine, problem is I have to keep my phone connected to the tail network, which drains the battery. I do have a tailscale subnet router running under my network so I can fix things remotely.