I’ve seen a post on here before about Cloudflare tunnels being unsafe for exposing your locally hosted services to the web which I totally get.

However I’m a bit of a noob with complex VPN set ups and I tried to get Wireguard working in Docker but couldn’t. I got a tunnel configured and exchanged all the peer keys and things but I think my initial networking docker-compose stack was incorrect possibly. Also the windows client for it is a bit ugly but that’s by the by.

I’ve also used Tailscale in the past which is great but it feels like a temporary solution to me as you still have to remember ports and things (there may be a way around that if I remember correctly but I’d rather stay away from Tailscale. I prefer having control myself or through my domain name - probably illogical I know).

Instead I decided to try to protect the Cloudflare tunnel to my home network and I’ve made a policy in Cloudflare Access that won’t let you in without emailing you a code (only my email address works) and having you enter it. I’d also rather adjust that to my 2FA app but I can’t seem to get that to work here.

My question is: is that secure enough? And if not, what would you all suggest as an alternative (preferably an alternative that is pretty easy and means I can use my domain name)?

  • AnApexBreadB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Cloudflare tunnels being unsafe for exposing your locally hosted services to the web

    That’s the pout of Cloudflare Tunnels. It’s a reverse proxy.

    Cloudflare Auth (zero trust) can lock down the tunnel so only certain people can access it.

    I want to clarify something though. Cloudflare Tunnels IS SAFE. But if you choose to use it in a not safe way that’s not the fault of the tunnel.

    It’s like putting on a bicycle helmet and then running on the freeway and wondering why your leg gets broken after getting hit by a car.

    “but I was wearing my helmet” great, but that wasn’t the point of the helmet.

    • 80ShipsOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Makes sense. I was assuming that the people who were saying it wasn’t safe were including the access control methods in that too for some reason.