I read a comment on here some time ago where the person said they were using cloudflared to expose some of their self-hosted stuff to the Internet so they can access it remotely.

I am currently using it to expose my RSS feed reader, and it works out fine. I also like the simplicity of Cloudflare’s other offerings.

Any thoughts on why cloudflared is not a good idea? What alternatives would you suggest? How easy/difficult are they to setup?

  • Dave@lemmy.nz
    link
    fedilink
    English
    arrow-up
    1
    ·
    11 months ago

    I think concerns come in two flavours:

    1. Privacy/security: Cloudflare terminates HTTPS, which means they decrypt your data on their side (e.g. browser to cloudflare section) then re-encrypt for the second part (cloudflare to server). They can therefore read your traffic, including passwords. Depending on your threat model, this might be a concern or it might not. A counterpoint is that Cloudflare helps protect your service from bad actors, so it could be seen to increase security.
    2. Cloudflare is centralised. The sidebar of this community states “A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.”, and Cloudflare is for sure a service you don’t control, and arguably you’re locked into it if you can’t access your stuff without it. Some people think Coudflare goes against the ethos of self-hosting.

    With that said, you’ll find several large lemmy instances (and many small ones) use cloudflare. While you’ll easily find people against its use, you’ll find many more people in the self-hosted community using it because it’s (typically) free and it works. If you want to use it, and you’re ok with the above, then go ahead.

    • Nibodhika@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      There’s a third point which is: Things in CloudFlare are publicly accessible, so if you don’t put a service on front for authentication and the service you’re exposing has no authentication, a weak password or a security issue, you’re exposing your server directly to the internet and bad actors can easily find it.

      Which is why some services that I don’t want to have complicated passwords are only exposed via Tailscale, so only people inside the VPN can access them.

  • ninjan@lemmy.mildgrim.com
    link
    fedilink
    English
    arrow-up
    1
    ·
    11 months ago

    I use a VPS I have for many purposes and a setup of Netbird + Caddy to do what Cloudflare does (but without their redundancy and worldwide distribution of hardware of course) but self-hosted. Personally I’m very much against relying on a large corporation which doesn’t give a fuck about me as a customer for access to my stuff.

      • ninjan@lemmy.mildgrim.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        I’m unsure what you’re asking for? You could replace Netbird with any other WireGuard implementation and Caddy with any other reverse proxy. I just found those two to be very self hosting and FOSS friendly options.

        As for what to use it for it allows me to run Jellyfin from home, while having Authentik be a forward authentication proxy in front of it so only people with an account can reach it while still allowing me to reach it from any device anywhere with Internet. It’s very nifty.