Our great sponsors
-
kilo
Kilo is a multi-cloud network overlay built on WireGuard and designed for Kubernetes (k8s + wg = kg) (by squat)
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
awesome-tunneling
List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
cloudflared-docker
Simple Alpine-built scratch-runtime Dockerfile for cloudflared, with support for multiple architectures.
Another one for the alternatives list is Kilo[1]
It's a wireguard based kubernetes network overlay. I use it to access private services in my homelab cluster from my laptop, phone, etc.
[1] https://kilo.squat.ai
It's unfortunate the only mature open source alternative[1] went on a path to seriously expensive subscriptions, 5x of a tailscale personal subscription.
[1]: https://inlets.dev/
There are lots of other open source options[0]. Whether you would consider any mature is a bit more subjective.
[0]: https://github.com/anderspitman/awesome-tunneling
Cloudflare Tunnel doesn't offer an end-to-end encryption option. If this is a must for you, either my own boringproxy or remotemoe[0] both offer this. I'm sure at least a couple others on the list[1] do as well but you'd have to check them individually. If you find any that do please consider opening an issue so I can add that information to the list.
[0]: https://github.com/fasmide/remotemoe
[1]: https://github.com/anderspitman/awesome-tunneling
Lmao your response made me chuckle. You're entirely right! Probably nothing bad will happen. Especially if you partition your network like I mentioned in my OP.
I would get worried about somehow enabling access to defects in my router by opening some inbound ports. I realize that's a little paranoid...but recently I have been playing around with https://github.com/threat9/routersploit and routinely find defects in consumer routers.
Here's my other beef with cloudflare: Once I gotta pay 200+/mo for their security services or whatever, I could just rent out a private rack in a colocation and throw some old beefy lga-2011 xeon hosts. Now I don't need anything on my LAN exposed and I have dedicated IPs, physical security, and backup generators...etc.
I do this for our services, it works great and we can easily put SSO in front of them with CF Access. I publish a Docker container that you can use as a sidecar for your Compose deployments:
https://gitlab.com/stavros/docker-cloudflared
I use this with Harbormaster (https://gitlab.com/stavros/harbormaster) so I can expose containerized stuff without ever forwarding any ports outside of Docker.
I do this for our services, it works great and we can easily put SSO in front of them with CF Access. I publish a Docker container that you can use as a sidecar for your Compose deployments:
https://gitlab.com/stavros/docker-cloudflared
I use this with Harbormaster (https://gitlab.com/stavros/harbormaster) so I can expose containerized stuff without ever forwarding any ports outside of Docker.
I've just spent a few hours trying to use Cloudflare Tunnels to connect to my machine through SSH after reading this post. Unfortunately, I then found that SSH keys are not supported: https://github.com/cloudflare/cloudflared/issues/319 so I cannot disable Password authentication.
Hi, I'm the author of the blog post being promoted here.
I maintain my own Docker image too for personal use (https://github.com/Erisa/cloudflared-docker) but I've never ran into a situation where needing everything as an environment variable was required or even desired.
Related posts
- New project | GitHub - wencaiwulue/kubevpn: KubeVPN, A vpn tools which can connect to kubernetes cluster network, you can access remote kubernetes cluster network, remote kubernetes cluster service can also access your local service
- Grant Kubernetes Pods Access to AWS Services Using OpenID Connect
- Connect to K8s network by using kubevpn
- How Telemetry Saved my Open-Source Platform
- This Week In Python