Just getting started with self hosting. I was wondering if anyone had experience with Cloudflare Tunnels for exposing their services to the internet. I like the simplicity and security it offers but don’t love the idea of using Cloudflare. Like, I’m self hosting for a reason lol. Any tips would be greatly appreciated!
For context, I’m running all of my services in a very small k8s cluster and my priorities are mostly security then maintainability. Thanks yall!
EDIT: yall are great! Thank you so much for the replies. I’m going try my luck with pangolin but its good to know I have options.
You can (and I do) terminate TLS locally and have your data encrypted through the tunnel. Use Traefik/Caddy for easy automated certs with containers or whatever flow you prefer to automate acme certs provisioning locally. You’ll have to configure your tunnel to hit a local DNS so it can route the domain to your local IP instead of the public records on the tunnel or use a secondary domain for the local termination.
I’m fairly sure what you mean is, traffic is decrypted in the middle and the re-encrypted before it gets sent your way. Otherwise they couldn’t do proxying or threat detection/mitigation.
You’re right, sorry, that was a heavy brain fart. The data needs to be decrypted on cloudflare’s end before being proxied and send to your services.