In response to the discussion on a recent thread about whether to trust Cloudflare, as some people are not very comfortable with it terminates HTTPS (MITM).

There is this thing called Fast Reverse Proxy (FRP) https://github.com/fatedier/frp

It’s open source, very lightweight and I have used it in multiple instances. Frankly there doesn’t seem to be a lot of people know/use it here. The idea is you deploy this on a VPS with public IP, and have your server at home connect to it. It is pretty much like your own Cloudflare tunnel, only you have much more control over it (ports, TCP/UDP/HTTP, auth, etc).

I use it on the cheapest VPS ($5) I can find close to where I live. It acts as a simple TCP reverse proxy to my server, where Nginx Proxy Manager handles the actual HTTPS. (You can let FRP handle HTTPS but then you need to think about if you trust the VPS and also keep the certs updated there, so nah.)

It’s developed by a Chinese dude as it is pretty much a necessity for selfhosters (mostly minecraft servers) in China, since Public IP is scarce there and most people live behind CGNATs.

  • garibaldi3489B
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    This type of tool is interesting, and provides some of the functionality that Cloudflare Tunnel does, but with frp, a vulnerability in your app (or its login screen) could be more easily exploited since you don’t have the traffic protection features that Cloudflare provides, right? Maybe combining this with fail2ban (or is there another similar self-hosted tool) would not only act as a proxy but also help protect your app to a degree like Cloudflare does?