this post was submitted on 29 Dec 2023
31 points (97.0% liked)

Selfhosted

40134 readers
533 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I work in tech and am constantly finding solutions to problems, often on other people's tech blogs, that I think "I should write that down somewhere" and, well, I want to actually start doing that, but I don't want to pay someone else to host it.

I have a Synology NAS, a sweet domain name, and familiarity with both Docker and Cloudflare tunnels. Would I be opening myself up to a world of hurt if I hosted a publicly available website on my NAS using [insert simple blogging platform], in a Docker container and behind some sort of Cloudflare protection?

In theory that's enough levels of protection and isolation but I don't know enough about it to not be paranoid about everything getting popped and providing access to the wider NAS as a whole.

Update: Thanks for the replies, everyone, they've been really helpful and somewhat reassuring. I think I'm going to have a look at Github and Cloudflare's pages as my first port of call for my needs.

top 13 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 10 months ago (1 children)

Cloudflare tunnels are layer 7, so it's not unlimited access by any means. This also means that certain things will break btw, for example if your website uses websockets to load information, that isn't supported.

Next, I'd put the computer that is going to be hosting into an isolated vlan of its own and access via external URL only.

If you're going to use docker images, make sure to vet that they're updated often and always spin up the latest.

[–] [email protected] 3 points 10 months ago (1 children)

CF tunnels are layer 3, not 7 and they have support for web sockets. It's basically wireguard VPN with a few extras built on top.

https://developers.cloudflare.com/cloudflare-one/faq/cloudflare-tunnels-faq/

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago) (1 children)

That document doesn't say what layer. But it does say it supports Websockets.

Just odd that when I try to set it up using a named tunnel I don't get an option to specify the WS service type. However it does require a service type if you want to connect to it.

Looking at this page it would seem that it's a layer 7. Although I could be wrong, but my front end app has issues finding my backend service for websockets.

Granted I even tried to connect to my private computer using other protocols. I couldn't get through. Anyway I'm most likely going to be taking that project offline soon.

[–] [email protected] 1 points 10 months ago

No, but I thought I clarified that when I said it's basically wireguard VPN which operates using tcp/udp (layer 3.) layer 7 is stuff like https. CF tunnels are lower level.

Page you linked is missing the layer between CF and source server so it doesn't indicate layer. You can lookup wireguard protocol if you want more details.

[–] [email protected] 2 points 10 months ago

I'm definitely a fan of Gitlab pages for simple webpages I just want on the Internet. It's nice to have the code hosted anyways (gives me that off site back up safety so my stuff at home can go down if needed).

[–] [email protected] 2 points 10 months ago* (last edited 10 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
CF CloudFlare
DNS Domain Name Service/System
IP Internet Protocol
SSH Secure Shell for remote terminal access
SSL Secure Sockets Layer, for transparent encryption
VNC Virtual Network Computing for remote desktop access
VPN Virtual Private Network
VPS Virtual Private Server (opposed to shared hosting)

8 acronyms in this thread; the most compressed thread commented on today has 10 acronyms.

[Thread #384 for this sub, first seen 29th Dec 2023, 14:55] [FAQ] [Full list] [Contact] [Source code]

[–] [email protected] 0 points 10 months ago* (last edited 10 months ago) (1 children)

I'll let folks with more security experience dive into your specific question, but another option is to host your website on something like Github pages (using a static website generator like Jekyll) and point Cloudflare at it. That way you don't need anything pointed at your local network, get the uptime of Github, and still benefit from your own domain name.

That's what I'm doing with my own blog and it's been great. Github provides the service for free but if they ever charge for it I'll just start hosting it locally.

[–] [email protected] 0 points 10 months ago (1 children)

OK that's genius, I will definitely look into that!

[–] [email protected] 1 points 10 months ago

Or take github out of the equation and directly use cloudflare pages. It has its own pros and cons, but for a simple static blog it'll be more than enough, and takes out the CNAME hassle.

[–] [email protected] -1 points 10 months ago

New Lemmy Post: How safe is self-hosting a public website behind Cloudflare? (https://lemmy.world/post/10093430)
Tagging: #SelfHosted

(Replying in the OP of this thread (NOT THIS BOT!) will appear as a comment in the lemmy discussion.)

I am a FOSS bot. Check my README: https://github.com/db0/lemmy-tagginator/blob/main/README.md

[–] [email protected] -2 points 10 months ago (1 children)

If you concerned about your exposed services being hacked, why not learn how to protect them properly from bad actors? There exists a wide range of solutions that attempt to specifically solve this problem.

[–] [email protected] 10 points 10 months ago (1 children)

why not learn how to protect them properly from bad actors?

Exactly. One way to start is asking for help on forum with people who like to talk about this kind of thing. Hope OP finds their way.

[–] [email protected] 1 points 10 months ago

Not exactly. OP mentions he's interested in using cloudflare/github pages where the security is managed by those platforms not the user.