view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
How are you currently accessing those services?
If you're using Cloudflare tunnels already, then you're good. It already acts as a secure VPN between you and Cloudflare, and they handle the TLS certificates for you already.
TLS is what puts the S in HTTPS: it provides encryption and security of the connection. If you didn't use Cloudflare tunnels, you'd be port forwarding and serving the content directly from your public IP at home. To secure those connections, you'd need a reverse proxy. That's usually NGINX these days, and its purpose is to serve as a hub to reach all of your services. It would go Internet -> your router -> your server -> NGINX -> whatever container it needs to go to. As you can see, it's basically the entry point of your stuff.
To securely access it from the outside, you can either use a TLS certificate handled by NGINX (LetsEncrypt is easy to use and provides them for free), or you set up a VPN (that's what Tailscale would do) so that it doesn't matter if you access your server over plain text HTTP.
The key here is really just that you want your traffic to be encrypted in some way when it goes over the Internet, as otherwise, it doesn't matter that you have a strong password, everyone could see it anyway.
So, you usually want one of the 3 options: CF tunnels, self managed NGINX that you access directly over the Internet with a TLS certificate, or a VPN to your home network which automatically secures traffic between your device and your home network over the Internet.
Since you use CF tunnels, you used the first option and you're all good out of the box!