I mean, this and the reddit board are /r/selfhosted. We self-host, yet I see so much about people relying on 1.1.1.1 and Cloudflare’s proxy services that they never second-guess.
I don’t care about Cloudflare. My server doesn’t exist to use their proxies and services when the entire point is to divide from reliance on third-parties.
I already found Anubis, I’m sure many of you are familiar with it. Are there any other useful tools or similar that you guys have been using?
Pangolin as replacement for cloudflare tunnels and more.
Ok now this is interesting.
I’m not knocking anubis but anubis seems very one-note, a single step. Pangolin looks more encompassing.
Cloudflare does a lot of things from DNS to tunnels. Can you describe the part you’re interested in?
…asterisk? The proxy everyone uses, the middleware that detects bots and such before letting you through. Their bread and butter. I’m not sure of any formal name.
This is the way
I’m not sure of any formal name
Cloudflare turnstile
A bit like this? https://github.com/chaitin/safeline
Only safeline’s webui is open source, and the dev is a little odd. Just like tailscale, I don’t like closed source reliance. I’ve been referred to open-appsec as an open alternative, but I’m not sure on them either.
One this that’s really hard to replace is DDoS protection.
If you want DDoS protection you’re gonna need to work with someone who can swallow and filter a whole botnet’s worth of traffic and keep running. That takes some serious infrastructure.
I recommend Cloudflare for small businesses because their terms of service are actually decent, and blending their traffic into that stream makes their website indistinguishable from larger competition.
The next closest things are Pangolin (https://digpangolin.com/) and WireGuard. You’ll need to rent a server somewhere with a public-facing IP to run the server-side software (and DDoS protection is based on the services provided by your datacenter host). Pangolin has a UI similar to Cloudflare, but under the hood, it’s just Wireguard, so if you prefer more direct control, you can just set up a Wireguard tunnel by hand.
For myself, and my own needs, I don’t need all that. I just use DDNS* to point my DNS records to my home’s public ip address & use port forwarding to connect ports 80 & 443 to Nginx Proxy Manager. (When I add Anubis, I’ll port forward to Anubis and then have Anubis redirect valid traffic to Nginx Proxy Manager) This setup offers no protection against DDoS, but for what I use it for, I think it’s an acceptable risk (I’d either have to get someone’s attention and ire or just be cosmically unlucky)
*the server has a cron job to curl the DDNS refresh URL every hour.
If you just want a secure connection, you can use a reverse proxy with certbot and nginx. Plenty of people have already done this and you can find their work on hub.docker.com
Agreed!
