News AI
August 6th, 2024

Cloudflare has made it too easy to access your homelab on the internet

Cloudflare has improved remote access to homelabs since 2017, simplifying setup with tools like Cloudflare Tunnels and Zero Trust, enhancing security and performance for users in about two hours.

Read original articleLink Icon
Cloudflare has made it too easy to access your homelab on the internet

Cloudflare has simplified the process of accessing homelabs over the internet, a significant improvement from the challenges faced in 2017. Previously, users struggled with issues like the lack of static IPs and complications from CGNAT, which affected uptime and routing. In 2024, tools like Cloudflare Tunnels and Zero Trust have streamlined remote access and enhanced security. The setup process involves downloading the cloudflared binary, installing the service, configuring public hostnames, and restarting the service, which can be completed in about two hours. The author shares their experience of hosting a status page on their homelab, noting good performance metrics. They emphasize the ease of configuration and the benefits of using Cloudflare's services, which allow for secure access to various Linux distributions for personal use and sharing with friends.

- Cloudflare has made remote access to homelabs significantly easier since 2017.

- The setup process for Cloudflare Tunnels can be completed in approximately two hours.

- Users can configure public hostnames and protocols for different services easily.

- The author reports good performance metrics for their homelab setup.

- Cloudflare's tools enhance both accessibility and security for home servers.

Related

The FreeBSD-native-ish home lab and network

The FreeBSD-native-ish home lab and network

The author details a complex home lab setup with a FreeBSD server on a laptop, utilizing Jails for services like WordPress and emphasizing security measures and network configurations for efficiency and functionality.

Show HN: I made a tool to HTTPS your localhost

Show HN: I made a tool to HTTPS your localhost

Lokal.so simplifies local development with features like sharing localhost publicly, debugging data, AI assistant, self-hosted tunnel server, Cloudflare integration, JSON conversion, edge location customization, and more. It offers a comprehensive solution for developers.

How to Use Tailscale VPN to Embrace Remote Work and Explore the World

How to Use Tailscale VPN to Embrace Remote Work and Explore the World

The rise of remote work has led to increased interest in digital nomadism, with Tailscale recommended for secure, flexible internet access through a self-hosted VPN, enhancing privacy while traveling.

The backbone behind Cloudflare's Connectivity Cloud

The backbone behind Cloudflare's Connectivity Cloud

Cloudflare has increased its backbone capacity by over 500% since 2021, operating data centers in 330 cities globally, utilizing advanced technologies for efficient data transfer and enhancing connectivity, especially in Africa.

Launch HN: Firezone (YC W22) – Zero-trust access platform built on WireGuard

Launch HN: Firezone (YC W22) – Zero-trust access platform built on WireGuard

Jamil Bou Kheir's Firezone is a remote access platform using WireGuard to enhance security for remote work, simplifying access control and deployment while addressing traditional VPN limitations.

Link Icon 10 comments
By @treesknees - 4 months
I've opted to do this myself by buying a VPS for ~$5/month with Digital Ocean. It runs a Wireguard server and nginx, and then my home lab router connects via Wireguard. Nginx acts as a reverse proxy to serve content from my home lab. I have (relatively speaking) complete control over the entire path.

When running Cloudflare tunnels, opening a port on your router, or having a VPS+Wireguard, it's important to think about security and covering your butt. I run everything in a DMZ subnet that has firewall/ACL rules on both the DMZ and my other networks to restrict any access. I put bandwidth caps on individual VMs/containers. I also use Wireguard to reroute all outbound Internet requests from the DMZ so that my home lab doesn't use my home IP address at all.

Maybe I'm paranoid, but the last thing I need is to forget about some web project I was experimenting with in my lab and suddenly the Internet connection I pay for is being used by some bad actor to participate in ddos or to resell access to my trusted residential IP for scamming purposes.

By @bhaney - 4 months
Call me crazy, but I don't think "tunnel all your traffic through a third party corporation's service" is the correct solution to "my IP changes sometimes." Maybe just set up DDNS instead?

If you really are trying to run a server behind a CGNAT, then I guess you have no other options, but I'd consider this kind of thing to be a last resort.

By @kingnothing - 4 months
I'm pretty happy with Tailscale for private access.
By @stavros - 4 months
Unfortunately, you can't use this to tunnel multiple subdomains, unless you tunnel an entire domain. That's because Cloudflare won't let you issue third-level wildcard certificates, so you can't proxy *.lab.mydomain.com. Maybe I should just get my homelab a domain and be done with it, but right now running everything over Tailscale seems like a better solution.
By @PonyoSunshine - 4 months
I once had a project where I had more than one person trying to play an emulated game online through a custom Dolphin Emulator build on the same LAN segment. Due to the nature of how the client was trying to use ports, port forwarding was not helping due to overlap (clients wanted the exact same ports open and could not be distributed). I eventually gave up trying to do port forwarding and instead had each person get a VM with an extra IP assigned to it in a local data center. Linux supports different network configs per application and I managed to use TincVPN as an Ethernet bridge between the VM's Ethernet and each local machine, where I assigned the 2nd IP from the VM to the end of the tunnel and created a custom routing table only for Dolphin to be started with that used the VMs routing configuration. Effectively, it looked like they were playing their games from inside the data center.
By @Dowwie - 4 months
Cloudflare tunnels is a nightmare to work with. I had the famous experience of "it worked fine at my home, I don't know why it's not working in the lab" and couldn't ever resolve the problem, running on Ubuntu. As of March 2024, Cloudflare tunnels was very, very unrefined (on Ubuntu). QUIC doesn't work and you have to read through forums to find how to change protocol to http2. The logs are insufficient to pinpoint issues. Remote administration workflow seems broken. I should also mention that I used my own domain, not the free one, and used Cloudflare for dns.

I am very interested in Tailscale SSH as an alternative to CloudflareTunnel + SSH. If anyone has experiences with Tailscale SSH, please share (https://tailscale.com/tailscale-ssh)

By @lukev - 4 months
This is also pretty easy with nothing but SSH, setting up a tunnel through any server to which you have SSH access (including extremely cheap/free ones.)
By @eternityforest - 4 months
I like Zrok.io for this stuff, not that I have much experience with this kind of thing.
By @jgowdy - 4 months
Brother, wait until you hear about Tailscale...

Which is also point to point for the traffic.

By @cmacleod4 - 4 months
How the **** do you decline cookies on this site??!!!