this post was submitted on 15 Jun 2024
50 points (89.1% liked)

Selfhosted

40329 readers
401 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hey is there any alternatives to CloudFlare reverse proxies? I want to hide my server IP but not share everything with CF...

you are viewing a single comment's thread
view the rest of the comments
[–] jubilationtcornpone@sh.itjust.works 6 points 5 months ago (2 children)

Set up a VPS. Create a VPN tunnel from you local network to the VPS. Use the VPS as the edge router by opening ports on the VPS firewall and routing incoming traffic on those ports through the VPN tunnel to servers on your local network.

I used to do this to get around CGNAT. I ran RouterOS in a Digital Ocean droplet and setting up a wire guard tunnel between it and my local Mikrotik router.

It will obscure your local WAN IP and give you a static IP but that's about the only benefit. And you have to be pretty network savvy to configure it correctly.

It does not make you immune to DDoS attacks and is honestly more headache to maintain (albeit just a small headache).

[–] Cyber@feddit.uk 1 points 5 months ago (1 children)

Not heard of RouterOS before ... I didn't realise jad released firmware that would run in a normal VM... don't suppose you have anything to compare it to pfSense?

[–] jubilationtcornpone@sh.itjust.works 3 points 5 months ago* (last edited 5 months ago) (1 children)

They do maintain an x86 build. I haven't used pfSense but I have used OpnSense so that's that closest thing I have to compare it to. I think the upside and downside to RouterOS/Mikrotik is the same thing: it allows very granular control over almost everything. Maybe to a fault. It's probably overkill for most home networks.

[–] Cyber@feddit.uk 1 points 5 months ago

Ok, thanks... Good to know for a rainy day.

DDOS protection is going to depend on the VPS. But for most services you could spin up a pretty lean Debian vm running a proxy like nginx proxy manager and run that over the tunnel. Something like opnsense seems like overkill.