this post was submitted on 14 Oct 2023
34 points (97.2% liked)

Privacy

31939 readers
705 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I have a bunch of services on a home machine and I use cloudflare tunnels to access them on the WAN. My ISP locks down ports 80 and 443, and so tunnels were the most viable way for me to get various pages online easy; especially helped since it's easy to configure and free to boot.

But I've been seeing more people talk about it being privacy invasive, and while I'm probably gonna remain largely ignorant on why, I was wanting to know if there was an alternative to this that I can use?

top 11 comments
sorted by: hot top controversial new old
[–] [email protected] 12 points 1 year ago (1 children)

What is your goal? If it’s to have personal remote access, set up tailscale on all the devices you want to connect. If it’s self-hosting a public webserver, your options are hosting on non-standard ports, changing ISPs to one that lets you host, or tunneling to some other third party location that lets you host.

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago) (1 children)
[–] [email protected] 2 points 1 year ago

And of course, as others mentioned, you can always set up a VPN and tunnel in; ISPs rarely block VPN server port access.

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago)

There are some managed tunnel alternatives but they are not cheap. At this point it’s cheaper to rent a $20/year VPS and install one of these: https://github.com/anderspitman/awesome-tunneling

I personally love frp

Edit: I have never tried it, but there’s also Tailscale Funnel https://tailscale.com/kb/1223/tailscale-funnel/

[–] [email protected] 5 points 1 year ago

The only real alternative is to get a cheap VPS so you can VPN between the VPS and your home and keep using the tunnel and not expose your home IP but only your VPS IP. Or variations of that: you can also just use NGINX to forward 80/443 to 8080/8443 at home without even needing a VPN or to decode the encrypted traffic. Oracle has a free tier for those, but there's lots of reports of people's instances being shut down and left without their data.

There's no free and readily available solution like Cloudflare tunnels that can be more private, because whoever is proxying your traffic pretty much has to be able to see it. At the bare minimum, to be able to route it, they'd have to either give you your own public IP and blanket forward port 443, or they have to inspect the SNI header of the TLS session. It's technically possible to do that, I've implemented such a proxy with zero knowledge of the data inside. Cloudflare does have such a product in the enterprise tier, but it doesn't make sense for them to offer as a free product.

The only reason they have a free tier is to collect telemetry and run experiments to improve their enterprise offerings, and also free advertising by luring small companies into using them and then upgrading when they grow, or from people like us that will never need their paid features but will likely use them in an enterprise setting out of habit and comfort rather than do a true evaluation of all the CDN options available. Or people moving from free companies on the free tier to a bigger company that then will use them and upgrade to paid.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago)

Are you exposing those services so that stangers can also access them, or it's mostly about you and relatives using those services?

If it's for mostly private use, you could set up a mesh VPN network using Wireguard, or if you want something easier to manage you could look at Tailscale.

That way you'd also limit exposure of these services to the Internet and therefore minimize the risk of a security breach.

[–] [email protected] 4 points 1 year ago

I use rathole tunnel (similar to frp) on VPS and Caddy locally. VPS and my local machine are connected with wireguard VPN. DNS points to VPS, TLS certificates are managed locally by Caddy.

[–] [email protected] 4 points 1 year ago

You can use SSH to tunnel everything to a VPS. I also saw some alternatives on r/selfhosted

[–] [email protected] 4 points 1 year ago

If it's just port blocking, why not run the services on other ports? OpenVPN or any other VPN software could get you secure remote access without issue, you run OpenVPN on whatever port you want and then you can connect to any service on your home machine from outside the house. A Tor hidden service could also be used, though you would sacrifice some speed and reliability.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)
[–] [email protected] 1 points 1 year ago

Does your router have a VPN server? Use that to get into your network. If not, maybe think about replacing the router with one that does (most do from the better manufacturers).