Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
arjie 11 hours ago

Cloudflare Tunnel is a wonderful thing. In fact, Cloudflare itself is fantastic for homelabbers because it gives you so much for free. I used to just host direct on my own home IP, but nowadays I find it easier to just `cloudflared`. Don't have to worry about the firewall and any breaches into my network and all of that stuff.

I started from a similar place as you and then eventually now my IaaC for my homelab is just idempotent bash scripts written by Claude. The pattern I find with dependencies is that they have the property that someone wants to change some attribute and so the program needs to evolve for the attribute to be changeable. This means programs evolve to have many hinges and the interactions cause bugs one cannot reason about.

My needs for the homelab are fairly simple and the script can encode all the information it needs. As a human, writing such a script is tedious. As a human with an AI assistant, I've found that this is so much easier to worry about because bash is a fairly stable target.

Anyway, apart from that, I landed on using systemd's containers that use podman but otherwise not too different. My (far less polished) version of this post as a memory aid to myself: https://wiki.roshangeorge.dev/w/One_Quick_Way_To_Host_A_WebA...

lorenzohess 10 hours ago | parent | next [-]

How do you feel about the privacy implications of Cloudflare theoretically being able to read all your data? I guess this theoretical downside is outweighed by the practical upsides?

Hamuko 10 hours ago | parent | prev [-]

What's the benefit of Cloudflare Tunnel over just using Wireguard?

radicality 9 hours ago | parent | next [-]

Same question from me too - I do have a few services on my homelab at home - stuff like a NAS, synology surveillance, homeassistant, few lxc containers hosting random services on Proxmox - and it all works just fine for my needs with standard WireGuard vpn setup on all my devices (macbook/ipad/iphone/android). What would cloudflare tunnel get me?

antihero 9 hours ago | parent | prev | next [-]

It's free and simple and handles HTTPS termination and can be set up easily using terraform/pulumi.

Interestingly, in the early hours of this morning I switched from Cloudflare Tunnels to a rathole/traefik based solution (well, currently it's port forwarding and a low grade home-baked dyndns solution until I get paid and can afford a cheap hetzner box because I spent all of my money again).

I switched back because I didn't like the added complexity of having to manage the routes, what I'm using it for is technically against ToS, and I like the self-contained nature of my microk8s cluster.

cassianoleal 8 hours ago | parent [-]

> handles HTTPS termination

I understand a lot of people run services locally for other reasons, but HTTPS termination defeats any privacy argument.

Cloudflare are essentially the largest MitM data collector in the world. A few people started moving their data out of the cloud and they saw the gap. Now they're plugging that gap "for free".

lostmsu 3 hours ago | parent | prev [-]

I just add Yggdrasil to all my nodes. Removes the need to deal with nginx also.