this post was submitted on 19 Nov 2023
2 points (100.0% liked)

Self-Hosted Main

511 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

I'm sure I'll find the answer to my question here. It's been asked a few times, but there hasn't been a definitive answer. Everywhere, something else is said (#).

I want to set up remote access to Immich (a Docker image hosting service) using Cloudflare Tunnel. The problem is that by default, Cloudflare can see all the data that goes through the tunnel. To do this, I want to use TLS with self-signed certificates through Let's Encrypt.

In this way, I can keep the data fully encrypted between the client and the server, in the following way:

client-->tls-->tunnel-->tls-->server. Then all traffic going through the tunnel would not be viewable.

Is this configuration really possible so that Cloudflare won't be able to see my data? How can I make this entire configuration work at its best?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 1 points 11 months ago (1 children)
  • Get a cheap VPS.
  • Get a domain name and point its A record to the IP of the VPS.
  • Set up a VPN tunnel between the VPS and your home server. You can use Tailscale or wg-easy. You don't need to worry about CGNAT because you're establishing the VPN by going out of your server (either through Tailscale or to the VPS IP with wireguard).
  • Port-forward 443 on the VPS public IP through the tunnel to a reverse proxy running on the home server (NPM, Caddy, Traefik etc.)
  • Get a Let's Encrypt wildcard TLS certificate for *.yourdomain.tld.
  • Set up the reverse proxy to use the TLS certificate for immich.yourdomain.tld and point it at your immich container.
[โ€“] [email protected] 1 points 11 months ago

Wow, thank you for the response, I'll try to check it out, it seems like a complicated process for someone who just started with the whole self-hosting world. But thank you very much for the response!