Centralization is bad for everyone everywhere.
That bring said… I just moved my homeserver to another city… and I plugged in the power, then I plugged in the ethernet, and that was the whole shebang.
Tunnels made it very easy. No port forwarding no dns configuration no firewall fiddling no nothing.
Why do they have to make it so so easy…
It’s almost like the big tech companies are really good at their jobs…
I prefer Tailscale Funnel for these kinds of things. NetBird and ZeroTier also work just fine if you don’t want to expose your services to the public.
Tailscale is so cool too. I’ll definitely be switching if I can ever use my own domains
I looked at headscale but as far as I can tell their is no active directory or SSO integration. Which is very unfortunate.
Good news, they support OIDC! Haven’t tested it myself so your mileage may vary.
I mean, I used to think Google Public DNS was great until I switched to 1.1.1.1…
If you like 1.1.1.1 the. You should try 9.9.9.9. Or better yet host unbound pihole if you’re up to the challenge. Best dns experience I’ve had.
If you use 9.9.9.9, you should try Mullvad DNS (with adblocking) or AdGuard Public DNS
I already use pihole, but with cloudflared as the upstream. What benefits does unbound offer besides improved security?
It’s actually better privacy since it talks directly to the root servers instead of cloudflare knowing all of your DNS traffic. Quad9 is a good alternative with better data policies
So now your ISP sees all of your queries instead of CF. (Assuming the cloudflared option is using DoH)
I’ll trust Cloudflare over Comcast/AT&T/etc. any day of the week.
It looks like Quad9 supports DoH: quad9
Your ISP knows where you’re going anyway. They don’t need DNS for that. They see all the traffic.
You can run a VPN and tunnel your outbound DNS queries over that. Heck, you could tunnel your DNS queries over TOR
You might want to study more about SNI. Your ISP knows anyway
I know plenty account SNI already, but thanks. You might want to study more yourself, since we’re being condescending.
Well, running your own DNS server will also give you eSNI. And Cloudflare still doesn’t know anything
What benefits are you having from switching?
1.1.1.1/cloudflared responds crazy fast compared to anything else i’ve used. I really just wanted off Google (and before them OpenDNS). That’s about it.
I use Cloudflare as my registrar and public DNS. And only for that. Sorry but they don’t get to peek at my network traffic.
I am out of the loop, what’s going in with snooping?
I use their cloudflared tunnel sometimes for accessing home hosted stuff.
Because Cloudflare acts as a reverse proxy it can see everything that happens in a session.
This is also known as a man in the middle attack. But Cloudflare meds to do this in order to do it’s checks for bad actors.Now, as Cloudflare has access to the unencrypted traffic and we know that NSA is all about data vacuuming due to the Snowdn leaks we can make a tin foil hat guess whaylt goes on.
Just note, OP, that the last part of his statement is pure speculation. The first part is technically true, which can lead to that inference, but no information has been released which corroborates it. However, that does not mean it’s not possible.
This is true. Which is why I said tinfoil hat guess.
I don’t understand why Cloudflare gets bashed so much over this… EVERY CDN out there does exactly the same thing. It’s how CDN’s work. Whether it’s Akamai, AWS, Google Cloud CDN, Fastly, Microsoft Azure CDN, or some other provider, they all do the same thing. In order to operate properly they need access to unencrypted content so that they can determine how to cache it properly and serve it from those caches instead of always going back to your origin server.
My employer uses both Akamai and AWS, and we’re well aware of this fact and what it means.
Thank you!
Their static website hosting is probably the best in the business. We seriously need some competition though.
Are there browser plugins (or other solutions) to see if an site uses cloudflare before visting?
I use cloud flare tunnel for my home server too. Are there any viable and somewhat easy alternatives?
As soon as I can use my personal domains with tailscale funnel I’ll be switching, I like tail scale a lot
DNS names are restricted to your tailnet’s domain name (node-name.tailnet-name.ts.net)
I guess that’s fine for some. Not a compromise I’m willing to make though.
Once configured, Tor Hidden Services also just work (you may need to use some fresh bridges in certain countries if ISPs block Tor there though). You don’t have to trust any specific third party in this case.
Wouldn’t that be slow?
It would. But it’s a good option when you have computationally heavy tasks and communication is relatively light.
DynDNS? I’m not 100% sure what CF Tunnel does, but from my 2 min reading it seems that DynDNS would accomplish what OP described just as well.
It might help to read it once more then 🙂
Oh, it’s way more than what any dyndns can do.
Is there a way to do reverse tunnels, or something like it, so not opening any ports at all on the network, without cloudflare?
Closest to that XP I got was generating VPN keys and distributing them to close friends, running DDNS (no-ip) on my Pi with a pivpn server and then accessing JellyFin that way.