this post was submitted on 19 Jan 2024
12 points (87.5% liked)

Selfhosted

39967 readers
330 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

ive anabled a port forward on port 80 (TCP/UDP) to my server, but i still cant acess it. i know its unsafe to just open a port like that, this is temporary, just wanna see if it works. ill put a reverse proxt and https on it later

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 9 months ago* (last edited 9 months ago)

I think opening a tunnel and forwarding the port through it and opening a port forward directly have about the same security implications. Both end up opening the same port and forwarding the same packets to the same computer. The only difference is with a tunnel there is an extra step in between that slows things down. In some edge cases it may be nice if people can't directly see your IP but just the one from the tunnel. But that doesn't matter if it's only for you and your friends. Might be a concern though if you're a big live-streamer and fear people DDoSing you. But then there are better alternatives. (for example paying $8 a month for a small VPS.) So I think a tunnel makes perfect sense if you can't get the port forward running. It just doesn't add anything to security.

Cloudflare might be a different deal though. They include DDoS protection and filter some attacks. I don't like cloudflare so I don't really know the specifics. I think it's bad for the internet that a good share of the overall traffic is tunneled over a single company's servers. And I myself don't need a middleman in my own services. But they certainly must have something to offer or they wouldn't be as popular as they are...