Hi, you guys might know me from these three posts. After reading all of the comments, I’ve decided to purchase a Mini PC to host public instances of privacy-respecting services.
I’m here to bring some good news: I got it working perfectly! You can visit reallyaweso.me today and get a list of services that I’m hosting!
All services are deployed via Docker and proxied through Cloudflare. You might ask: “Why Cloudflare?”. It’s because I can’t port forward things on my home network. It really sucks that I’m depending on Cloudflare to do the port forwarding for me, but it is what it is.
If you want me to host a specific service that you want, feel free to comment on this post!
I would really appreciate it if you guys could checkout some services that I’m hosting, as I don’t know if everything went smoothly or not. Thank you guys so much for helping me on this journey!!
Cool idea. Just be aware, that there are a lot of shady people out there. I’m not sure I would publicly host services, which rely on tight security (like Vaultwarden). They will come and they will probe your system and it’s security!
You might also want to remove Dockge from Uptime Kuma, no need to broadcast that publicly.
Yeah seeing all the attack vectors opened here freaks me out
Thank you for pointing these things out! I’ve removed Dockge from Uptime Kuma.
Awesome :D But providing a speed test on a 10 Mbit line is IMO pretty pointless.
I know, I just added the speed test because I can. If people want to use it, they can.
Is it so quick because Cloudflare is acting as a CDN? I tried a SearXNG search and it was just as fast as my local browser??? What on earth is this sorcery
Pretty neat! Or should I say. Its really awesome 😎 thanks!
Thank you! I appreciate the feedback!
Are you able to tunnel ports other than 80 and 443 through Cloudflare?
If you have a domain and connected it to Cloudflare, you can assign tunnels to specific subdomains. For example, I have Invidious running locally on my server with port 3000. I connected the server with a Cloudflare tunnel and pointed invidious.reallyaweso.me to
http://192.168.0.17:3000, which is my local IP.Ah right. What I really meant to ask was if it can do protocols other than http.
Which I don’t think it can…
I have rented a cheap vps and use ssh encrypted port fotwarding to it instead of cloudflare. Its an option in alternative.
I prefer owning my server hardware than renting a VPS. I completely forgot that I couldn’t port forward in my home network, so Cloudflare was my last-minute solution to that problem.
I think parent is hosting on their own physical hardware, just using a VPS for a public IP. I do the same (I use WireGuard instead, but similar idea). The VPS is doing the same thing as Cloud flare in your setup. I’m a proponent of this setup because the only reliance is on a totally generic VPS, of which there are many providers.
Very cool! Thanks, saw some things I didn’t know about.
Thanks! I’m glad that I could show you some other services!
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CGNAT Carrier-Grade NAT DNS Domain Name Service/System IP Internet Protocol NAT Network Address Translation SMTP Simple Mail Transfer Protocol SSH Secure Shell for remote terminal access SSL Secure Sockets Layer, for transparent encryption TLS Transport Layer Security, supersedes SSL VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting)
8 acronyms in this thread; the most compressed thread commented on today has 12 acronyms.
[Thread #627 for this sub, first seen 25th Mar 2024, 14:45] [FAQ] [Full list] [Contact] [Source code]
I wrote a small blog about bypassing CGNAT using TLS-passthrough. Cloudflare uses TLS-termination, which means they can see all the data being passed through, which defeats the purpose of privacy.
The problem with such a situation is that you have no idea of the origin IP address, as all the requests look like they are coming from your VPS. Did you find a way to restore origin IP in your logs?
Yes, it is fairly easy. You just have to forward the http headers. I am using HAProxy, and you can look at my configuration file in the blog. If you’re using something like Nginx Proxy, look up how to forward http heards. Some applications, like Nextcloud, require extra steps, but they also provide their own documentation.
Ok for http trafic, but what about SMTP?
All ports are forwarded. If your SMTP is running on, say, port 993, on your local machine,
your-VPS-ip:993will be your SMTP.Sorry for the late answer, but will your SMTP logs show the original IP or the VPS’?
Not sure. Will have to try it out.
