I recently started to selfhost some of the services like Bitwarden and it was actually pretty great at first. Then I had to access these services outside my home network. This was a problem for me and since my setup had many limitations. Normally we can access our services externally by,
- Buying a static IP from ISP and opening up ports.
- Setting up a VPS server to proxy traffic via a VPN.
- Or using Dynamic DNS (My ISP was using CGNAT 😒)
But none of this was actually possible for me. Then I came across a service called Cloudlfare Tunnels. Cloudflare tunnels can help you access your services like SSH, RDP, … etc. without opening any inbound ports. But this comes with some pros and cons.
Pros ✅
- Traffic is proxied through Cloudflare.
- Securing applications using different policies.
- A second layer of authentication can be added.
Cons 🛑
- All traffic is going through Cloudflare.
- Not actually “selfhosted”.
- All communications depend on Cloudflare network status.
Setting up 🏗️
The only prerequisite is that you should have a Cloudlfare account and a domain name. Once Its ready you can visit the Zero Trust Dashboard.
New tunnels can be created from Access ➡ Tunnels ➡ Create a tunnel . A connector should be installed to the host machine, instructions are provided on the same page. Once its done you will be able to see your machine with its current IP. On the next page you can add applications that you need to access. For example here I am adding an service that is running on 8080,
You can add multiple services that's working and each of these can be accessed via its own public hostname. In addition to this, you can protect these services by creating an Application. This can be done by Access ➡ Application ➡ Add an Application.
This adds an extra layer of security for your services. All authentications are handled by Cloudflare. Free plan comes with around 50 users, which is enough for most of us. You can always add more services to your existing tunnel by clicking configure from the list.
Conclusion
There are plenty of solutions out there to solve this particular issue. I used this solution mainly because of three reasons,
- My domain name was already managed by Cloudflare nameservers.
- Setup can be managed from the Cloudlfare Teams dashboard.
- Services can be protected by adding Cloudflare Access.
- Cost effective 😁(While using the free plan.).
There are many more services provided inside the Zero Trust dashboard like Gateway. These can be implemented in many situations for improving security and reliability. You can always opt for the methods I mentioned earlier as an alternative. Let me know your thoughts on this and how you have completed your home lab networking.
Made with 💟