I read a comment on here some time ago where the person said they were using cloudflared to expose some of their self-hosted stuff to the Internet so they can access it remotely.

I am currently using it to expose my RSS feed reader, and it works out fine. I also like the simplicity of Cloudflare’s other offerings.

Any thoughts on why cloudflared is not a good idea? What alternatives would you suggest? How easy/difficult are they to setup?

  • keyez@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    11 months ago

    I have a cloudflare tunnel setup for 1 service in my homelab and have it connecting to my reverse proxy so the data between cloudflare and my backend is encrypted separately. I get no malformed requests and no issues from cloudflare, even remote public IP data in the headers.

    Everyone mentions this as an issue, and I am sure doing the default of pointing cloudflared at a http local service but it’s not the ONLY option.

    • Dave@lemmy.nz
      link
      fedilink
      English
      arrow-up
      3
      ·
      11 months ago

      I’m not quite sure I get what you’re getting at. If you’re using Cloudflare (for more than just a nameserver), then the client’s browser is connecting to Cloudflare via a Cloudflare SSL certificate. Any password (or other data) submitted will be readable by Cloudflare because the encryption is only between the browser and Cloudflare. They then connect to your reverse proxy, which might have SSL or it might be unencrypted. That’s a second jump done by re-encrypting the data.

      How does the reverse proxy help, when the browser is connecting to Cloudflare not to the reverse proxy?

      • keyez@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        Fair, I was more thinking from the server side not the client side where cloudflare certs are the ones seen first.