this post was submitted on 12 Oct 2023
12 points (92.9% liked)

Selfhosted

40133 readers
909 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
12
Security Audit Help (mander.xyz)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
3 comments fedilink hide all child comments
 

Hi all,

I've recently built a unRAID based NAS / Media acquisition (*Arr suite) machine that I'm really happy with, but I need help filling my knowledge gaps in networking and security.

I have all the relevant containers ran with docker. The only container behind a VPN is qbittorrent. The only containers which are accessible remotely are Jellyfin, and jellyseerr, which are accessed via cloud flare tunnel. I use strong UN/password combinations for access to those services, within the apps themselves. No ports are open through my router.

I've seen a lot of talk of reverse proxies and ssl certificates but don't really understand their function, or if the cloud flare tunnel replaces those functions.

I've heard of tailscale as a solution but I'm not able to install anything on computers which I'll be accessing the content.

Would appreciate advice or resources to learn from. Thanks!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 1 year ago (1 children)

The cloudflare tunnel is the reverse proxy in this case. No particular need to run another. Are you using the docker cloudflared to set up the tunnel?

In my case, I use NGINX that connects to the cloudflare side and parse everything out from there, and I haven't used the cloudflared docker, but I imagine that makes things easier. I set everything up before Cloudflare tunnels were a thing, so I didn't really want to rejigger everything. If were doing it from scratch, I'd probably go with Cloudflare.

Inb4 the Cloudflare is Bad and is a MITM attack people. Yes, it is, but it's about opportunity cost. I'm not doing anything I care that Cloudflare sees, so I'm fine using it for simplicity sake, and I imagine they do a better job of security than I do, and I can manage stuff on a well configured dashboard instead of a command line. I'm more interested in blocking people who AREN'T cloudflare from screwing with my shit than I am in keeping Cloudflare out of my business. I use a VPN for things I don't want to run through Cloudflare (like Torrents).

[–] [email protected] 2 points 1 year ago

I am using the official "cloudflared" docker image yeah. Setting up the tunnel was easy but for some reason I've had A LOT of trouble getting the DNS and subdomain settings to work consistently.