Which route did you go for your homeland, a tunnel to your services or setting up tail scale/wireguard and access them on your trailer?

  • mlg@lemmy.worldEnglish
    5·
    6 days ago

    Wireguard.

    Dunno if Cloudflare does effective auth for the tunnel or if you have to set that up yourself, but I don’t bother trying to expose services to the internet in any way because some of this stuff was just never designed for proper web security (cough Jellyfin).

    It’s still worth setting up a wildcard cert with ACME so you get nice https and a real domain.

    • frosch@sh.itjust.worksOPEnglish
      2·
      5 days ago

      Cloudflare has some opt-in auth. Mail-OTP is a nice balance imo: You can allowlist mail addresses per service/subdomain and set expiry for each. Then for access, you first have to enter the mail address, get the OTP and then access the service.

      So, nobody without access to allowed mail addresses even gets to knock on you door.

      But yeah, that’s why I think about going tail scale: why bother having something exposed when not needed?

      I just think, some services might be nice to provide to friends, too - and having them connect to my tailnet for this is a bit too much friction, I guess

      • prenatal_confusion@feddit.orgEnglish
        2·
        5 days ago

        No, ridiculously easy with docker.

        Then it follows the same principles as cloud flare. Create a site (vpn endpoint), get a docker snippet for a newt (what they call the vpn connector), paste it in the docker compose on your Homeserver and see it come up in the Webinterface.

        Then you create a public resource and point it to said site and give it a url.

        Done.

        Ask me if you have questions

        • frosch@sh.itjust.worksOPEnglish
          1·
          5 days ago

          Cool, do you get any auth and/or ingress protection?

          With cloudflare, you get some auth options, can block AI crawlers (that get recognized…) etc for free

          • prenatal_confusion@feddit.orgEnglish
            1·
            5 days ago

            Yes there is auth on by default for resources. You can use real accounts that need to be created or passwords or pins. And I think some id providers.

  • Illecors@lemmy.cafeEnglish
    6·
    6 days ago

    I do run wireguard on my router, but the main reason is ad blocking, not hiding services. Most services are publicly exposed.

  • irmadlad@lemmy.worldEnglish
    4·
    6 days ago

    How about both? I run the evil Cloudflare Tunnels/Zero Trust with Tailscale as an overlay on the server.

    • frosch@sh.itjust.worksOPEnglish
      2·
      5 days ago

      I’m a bit stumped, what do you gain from this setup?

      Or do you mean just running some services through the tunnel for easy access and “hide” others behind tailscale?

  • 187OnAnUndercoverCop@programming.devEnglish
    4·
    6 days ago

    Temp stuff where I could care less about the free tier domain name or things that I just want to funnel to my existing devices: Tailscale

    Widespread, prolonged services that will be more actively maintained for a longer amount of time and can just spin off of its own domain/subdomain: Cloudflare

    Both are great.

  • Decronym@lemmy.decronym.xyzBEnglish
    3·
    1 day ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    DNS Domain Name Service/System
    IP Internet Protocol
    VPN Virtual Private Network
    VPS Virtual Private Server (opposed to shared hosting)

    [Thread #265 for this comm, first seen 30th Apr 2026, 19:30] [FAQ] [Full list] [Contact] [Source code]

  • French75@slrpnk.netEnglish
    2·
    6 days ago

    I used wireguard, then switched to Pangolin. Wireguard was simpler and worked better with mobile apps though. I’ll prob switch back for most apps.