I do vaguely remember something about it getting changed, but yeah, as you said unless you’re sharing it with a bunch of people, it’s probably not enough to trigger anything on their side anyway
I think theres a nice variety of methods out there now that there’s no “one right way” to do it which I think is great compared to just a few years ago where your only real options were a reverse tunnel or CloudFlare tunnels
Why would you need an expensive switch for CF tunnels??
It bypasses the switch and forms a tunnel directly to the machine and you don’t need to change any configuration on the switch
Both options can expose any service as long as the machine has internet
first your questions
Is the tunnel solution appropriate for jellyfin?
Yes but also no. the tldr is It will work, but video streaming is against CloudFlare rules. I ran this way for about 2 years with Plex just for my own use, so for about 15 hours a week on 480p and I never got my service suspended, but I’ve heard stories of others getting suspended… So just know it’s a risk
I suppose it’s OK for vaultwarden as there isnt much data being transfered?
That’s a good use of tunnels
Would it be better to run nginx proxy manager for everything or can I run both of the solutions?
You can definitely run both solutions (tunnel points to npm, npm towards to all other services), and it saves you setting up tunnels for each service
Now for my 2 cents
As others have suggested, tailscale funnel is a valid option. A reverse proxy using a VPS is also a valid option. And as I pointed out, doing the CloudFlare tunnel is an option if you’re willing to accept the risk.
My current setup is using a free Oracle VPS with a small nginx docker container forwarding all port 80 and 443 traffic through a tailscale. On the other end is a nginx proxy manager docker container that points to all my services across the network. I have my CloudFlare details configured in nginx proxy manager to generate a wildcard SSL certificate that I apply to all my local services
Inside the network, I use adguard to redirect the domain to the local LAN IP of the nginx proxy manager server to avoid traffic going through the internet.
Then all you need to do is point the domain on CloudFlare dns to the Oracle server, and you’ll have several layers of separation between the internet and your local LAN , as well as SSL certs both internally and externally on any services you share
It might not be the most elegant setup, but I share my Plex server (as well as about 30 other things) with several other people and can handle multiple 1080p streams going through it without any issue and it’s been nice and stable for over a year without any issues
I’m curious who is the arbitrator for what’s a valid security concern or not. If it’s done by an independent group, it might make it harder to get around. If it’s self disclosed, then yeah nothing will change
Many years ago I had a Facebook account under my real name, and they blocked it and told me to verify … I did everything they asked and they wouldn’t accept it… I recreated it under a fake name (very obvious it’s fake since it uses a celeb name) and have been using it for messaging a couple of friends for like a decade now with no issue
That sounds like the start of a horror movie
It’s got romance, action, comedy, fantasy, safe for kids and families… Covers most groups
You can do this pretty easily using asterisk and then just point your VoIP clients to it’s IP address
But…
Whatever you do, unless you’re an expert with network security, don’t leave it on its default port if you’ll expose it to the internet.
You’ll have that many bots trying to get in that it’ll DDoS you within a few hours of setting it up. Even if you have it on a different port, you’ll have lots of bots trying to get in.
If you ever see those “unlimited international calls” cards sold in third world countries for like $5-10, those are mostly hacked VoIP systems that have accounts or access to a phone line
This looks great, I don’t suppose you plan on a pre-made docker container?
For a bit of context for those not too familiar with CDN stuff. My web server hosts about 20 small business websites. None are heavy on images or video or anything else. Most sites have well under 1k visitors a day, some are under 100.
Each month CloudFlare CDN saves me between 40-60gb of traffic which is nothing my server couldn’t handle, but over a year is ~600gb in saved data so it adds up
If you had a Lemmy instance with even just 100 active users, with all the images and videos and all the federated background communications, that would add up extremely quickly.
It’s a shitty situation that’s causing mods and users alike a lot of frustration and might be a bit before it’s sorted.
Unfortunately I think this is something that will need to be dealt with Federation wide before it’s under control… But even then it’ll still add a lot of extra ongoing work to the mods of instances and communities just to clean up anything that gets through
It’s not just this community, or even just Lemmy… Mastodon and other Federation services all struggling with the same issue at the moment
Good for you. I have too… That doesn’t mean it’s safe or legal everywhere and doesn’t give any reason why turning it into a portable bedroom is a bad idea
A) it’s not always safe to sleep outside when travelling
B) it’s not always legal to sleep where you are
So by taking your own bed in the pocket dimension, you’ll always have a safe, comfortable and legal place to stay without any cost
You’ll only get the nasty letters if you use public trackers… I’ve been on starlink since it came to Australia and never once got a nasty letter or warning or anything, and I don’t have any VPN going
You’re right about the upload speed though