new | ask | show | jobs
brownindian 2 days ago  [ - ]

Could also use Cloudflare tunnels. That way:

1. your 1password gets a different entry each time for <service>.<yourdomain>.<tld>

2. you get https for free

3. Remote access without Tailscale.

4. Put Cloudflare Access in front of the tunnel, now you have a proper auth via Google or Github.

lukevp 2 days ago  [ - ]

You can also use cloudflare to create a dns record for each local service (pointed to the local IP) and just mark it as not proxied, then use Wireguard or Tailscale on your router to get VPN access to your whole network. If you set up a reverse proxy like nginx proxy manager, you can easily issue a wildcard cert using DNS validation from your NAS using ACME (LetsEncrypt). This is what I do, and I set my phone to use Wireguard with automatic VPN activation when off my home WiFi network. Then you’re not limited by CF Tunnel’s rules like the upload limits or not being able to use Plex.

organsnyder a day ago  [ - ]

This is exactly what I do. I have a few operators set up in k8s that handle all of this with just a couple of annotations on the Ingress resource (yeah, I know I need to migrate to Gateway). For services I want to be publicly-facing, I can set up a Cloudflare tunnel using cloudflare-operator.

johnmaguire 2 days ago  [ - ]

Yup doing this with Caddy and Nebula, works great!

sylens a day ago  [ - ]

This is the way

QGQBGdeZREunxLe 2 days ago  [ - ]

Tunnels go through Cloudflare infrastructure so are subject to bandwidth limits (100MB upload). Streaming Plex over a tunnel is against their ToS.

miloschwartz 2 days ago  [ - ]

Pangolin is a good solution to this because you can optionally self-host it which means you aren't limited by Cloudflare's TOS / limits.

somehnguy a day ago  [ - ]

Also achievable with Tailscale. All my internal services are on machines with Tailscale. I have an external VPS with Tailscale & Caddy. Caddy is functioning as a reverse proxy to the Tailscale hosts.

No open ports on my internal network, Tailscale handles routing the traffic as needed. Confirmed that traffic is going direct between hosts, no middleman needed.

arvid-lind a day ago  [ - ]

Another vote for Pangolin! Been using it for a month or so to replace my Cloudflare tunnels and it's been perfect.

mvdtnz 2 days ago  [ - ]

Yeesh, the last thing I want is remote access to my homelab.