ELI5 Cloudflare Tunnel - eviltoast

So everyone is talking about cloudflare tunnels and I decided to give it a shot.

However, I find the learning curve quite hard and would really appreciate a short introduction into how they work and how do I set them up…

In my current infrastructure I am running a reverse proxy with SSL and Authentik, but nothing is exposed outside. I access my network via a VPN but would like to try out and consider CF. Might be easier for the family.

How does authentication work? Is it really a secure way to expose internal services?

Thanks!

  • lchapman@programming.dev
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    1 year ago

    Here’s how I do it: https://blog.lchapman.dev/self-hosting-foundations/

    Note: blog isn’t monetised, I just write things up to make them easier to share with people.

    Basically, I use a cloud VM as a gateway and reverse proxy to my services which are accessible via VPN. It’s not free, but it’s pretty cheap.

    I have a friend who is using Cloudflare for this. He has a domain and he can access his services at domain.tld:port. Not bad, and it’s free. He could have his tunnel pointed at Caddy like I do and use subdomains, but he hasn’t got that far yet.

    I prefer my method but both seem to get the basic functionality working.

    • operator@kbin.socialOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Thanks for the write up! I’ll definately check out your blog as well. A cloud gateway is something I’ve considered as well (especially when the costs are around $5 monthly). How do you handle authentication?

      • lchapman@programming.dev
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Currently I don’t have an auth service sitting in front of my other services, it’s just whatever auth is built into each app and saved passwords.

        That said, I’ve deployed Authentik at a workplace and really enjoyed working with it, using it for SSO for a variety of services. I’ll implement it on my own platform soon.