In response to the discussion on a recent thread about whether to trust Cloudflare, as some people are not very comfortable with it terminates HTTPS (MITM).

There is this thing called Fast Reverse Proxy (FRP) https://github.com/fatedier/frp

It’s open source, very lightweight and I have used it in multiple instances. Frankly there doesn’t seem to be a lot of people know/use it here. The idea is you deploy this on a VPS with public IP, and have your server at home connect to it. It is pretty much like your own Cloudflare tunnel, only you have much more control over it (ports, TCP/UDP/HTTP, auth, etc).

I use it on the cheapest VPS ($5) I can find close to where I live. It acts as a simple TCP reverse proxy to my server, where Nginx Proxy Manager handles the actual HTTPS. (You can let FRP handle HTTPS but then you need to think about if you trust the VPS and also keep the certs updated there, so nah.)

It’s developed by a Chinese dude as it is pretty much a necessity for selfhosters (mostly minecraft servers) in China, since Public IP is scarce there and most people live behind CGNATs.

  • Tivin-i@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Well, pretty much any type of tunneling software such as Tailscale or Wireguard will achieve the same, you just need to change a bit where your components are located.

    What I personally do is have swag proxy on the VPS with crowdsec and authelia, this redirects the traffic to the internal wireguard/tailscale mesh network to the specific service requested.

    If you are the only user of the services, create a tailscale or a netmaker; Not sure about tailscale but in Netmaker (wireguard based) you can choose to have your VPS as the relay host.