Hey is there any alternatives to CloudFlare reverse proxies? I want to hide my server IP but not share everything with CF…
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
I used boringproxy for years and I recomend you
Sucuri?
Akamai?
Kinda depends on what’s going on, price point, etc. is this for DDOS purposes?
You do not need a CDN, but you have users. So, is this for like, a Plex server, serving friends in a similar geographic region?
What’s the use case? That will greatly help us answer.
@foremanguy92_@lemmy.ml ,
Step 1: get a cheap VPS, or even a free one (https://www.oracle.com/cloud/free/)
Step 2: If you’ve a static IP at home great, if you don’t get a dynamic DNS from https://freedns.afraid.org/ or https://www.duckdns.org/
Step 3: Install nginx on the VPS and configure it as reverse proxy to your home address. Something like this:
Step 4: Point your A record of example.org to your VPS.
Step 5: there’s a potential security issue with this option: https://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from and to get around this you can do the following on the home server nginx config:
This will make sure only the VPS is allowed to override the real IP of the client.
Step 6: Once your setup works you may increase your security by using SSL / disabling plain HTTP setup letsencrypt in both servers to get valid SSL certificates for real domain and the dynamic DNS one.
Proceed to disable plain text / HTTP traffic. To do this simply remove the entire
server { listen 80
section on both servers. You should replace them withserver { listen 443 ssl;
so it listens only for HTTPs traffic.Step 7: set your home router to allow incoming traffic in port 443 and forward it into the home server;
Step 8: set the home server’s firewall to only accept traffic coming from outside the LAN subnet on port 443 and if it comes from the VPS IP. Drop everything else.
Another alternative to this it to setup a Wireguard tunnel between your home server and the VPS and have the reverse proxy send the traffic through that tunnel (change
proxy_pass
to the IP of the home server inside the tunnel likeproxy_pass http://10.0.0.2
). This has two advantages: 1) you don’t need to setup SSL at your home server as all the traffic will flow encrypted over the tunnel and 2) will not require to open a local port for incoming traffic on the home network… however it also has two drawbacks: you’ll need a better VPS because WG requires extra processing power and 2) your home server will have to keep the tunnel connected and working however it will fail. Frankly I wouldn’t bother to setup the tunnel as your home server will only accept traffic from the VPS IP so you won’t gain much there in terms of security.Depends on why you want to hide your server ip, what’s your use case? Is it to protect against DDOS?
Cloudflare is evil, but is there any other party you would trust to share everything with?
Do you something like a vps would be more secure? Paying some dollars a month
If for personal access only, ZeroTier might solve your use case.
Do you want something that also has CDN like Cloudflare? Bunny.net is good, but way more expensive than a cheap VPS if you use a lot of traffic.
No I don’t need a CDN only a way to hide my IP to final users and that nobody can use my real IP to connect to my server
Literally cloudflare tunnel, sorry my dude.