Pangolin-Cloudflare-Tunnel: Expose your self-hosted services without opening ports if you cant get your hands on vps

( Just to let you know this can work with native tunneling of pangolin gerbil so your video/ streaming traffic remains on non Cloudflare route and secure or more sensitive traffic you can loop in cf tunnels with it in built Access protection) clarification for first time users. it all depends on your creativity.

Same you can bundle it the tailscale/WG etc.

Hi r/selfhosted!

I wanted to share a an eazy way I've been working on that combines the power of Pangolin (a self-hosted tunneled reverse proxy) with Cloudflare Zero Trust tunnels.

What is it?

Pangolin-Cloudflare-Tunnel is a bridge that automatically syncs your Pangolin resources with Cloudflare tunnels. This means you can expose your self-hosted services through Cloudflare's global network without opening any ports on your router.

Why would you want this?

• No port forwarding required - Works behind CGNAT or strict firewalls
• DDoS protection through Cloudflare's network
• Global CDN for faster access to your services worldwide
• Simple management through Pangolin's clean UI
• Free alternative to services like Tailscale or ZeroTier for exposing services

How it works

1. Pangolin manages your local resources and routing
2. The bridge monitors your Pangolin configuration
3. When you add a new resource in Pangolin, it automatically creates the tunnel configuration and DNS records in Cloudflare
4. Your service is instantly available through your domain

This is perfect for homelab users who want to access their services remotely without the security risks of opening ports or not at the stage to buy a vps.

Check it out

GitHub: https://github.com/hhftechnology/pangolin-cloudflare-tunnel

The repo includes detailed setup instructions, configuration options.

Pangolin Discord. https://discord.gg/48NgSsx2bS

DAMN - why I didn't know about CloudFlair before?

One of my .TV domain was expiring and renewal fee on GoDaddy was $187

I transferred my domain to CloudFlair who only charged $25

I have transferred my other domains too - BYE BYE DADDY!!

Update: Sorry for typo - it's CloudFlare :)

1. changed port on server from 22 -> 22XX
2. Root user not allowed to login
3. password authentication not allowed
   
4. Add .ssh/authorized_keys
5. Add firewall to ports 22XX, 80

What else do I need to add? to make it more safe, planning to deploy a static web apps for now

I've been looking for a low code open source or at least self hostable platform for a while. The goal is to build a custom business app that's like CRM, order management, inventory etc.

What I have found so far

The business optimised platform

app-smith, Retool, Budibase etc

these are more of a single page CRUD app, the moment you need to start have proper navigation and page linking, they fall apart quickly

The general web app platform

Lowcoder, UI bakery etc

They are great platforms for simple business apps. Their provided component are generalised, not optimised for business.

Most are cumbersome with child tables, which is must for orders. Or struggle with business relation database, i.e. contact page that pulls summary of multiple tables.

Frappe Framework ( ERPnext )

Frappe is the most powerful and feature rich back end I come across so far. If it can handle ERP, it can handle pretty much any business database

Getting my head around setting up Frappe Framework for custom app has already been way more hands on then other platform, its frontend frappe-ui is by no means low code.

There are a few videos out there recorded from conferencess, or a full stack dev talking to the camera while jumping between various VScode files. Nothing sturctured and super hard to follow.

Any other platforms?

At the end of the day. I know no platform is perfrect, and everything has a learning curve.

Odoo is not real open source. I recall reading somewhere dolibarr has similar limitations, but hasn't investigated yet.

Hi, r/selfhosted!

I'm looking for a self-hosted CI framework to monitor the health of a source code repository hosted on gitee.com based on Pull Requsts change.

If I'm the owner of that repo, then it's a well-solved problem. However, my team don't actually own this, we are actually just a remote/guest team, so

1. modification on the meta-thing of the repo is not possible,

2. changes like "add an extra folder contains ci pipeline" is also not possible. - that means maybe I need to have a seperate place to hold these data

So here is my need for such CI framework:

1. could be configured to work based on "poll every x minute" pattern instead of "callback from CSM provider". (if Gitee is not supported, then maybe I can modify the existing supported thing like BitBucket thing to make it fit, but I don't see "Drone.ci" provide a machanism to do "polling")

2. easily customizable (ideally plugin etc) so I can actually send out coverage image/test case fail rate/memory usage during full test graph through IM.

3. (optional) could use "remote runner" etc so we can have maybe more than one builder running in parallel.

4. (optional) have a public page for showing "yep, execution for all these is still running" (for everyone without authentication).

Hi all,

I'm working on a new cluster following better security practice than I have in the past. I am using 3 nodes of proxmox and am yet to put load on this new cluster. I want to avoid password auth as much as possible and implement decent 2FA for my hosts and guests.

So, my question is, what's your preferred method to manage SSH keys public and private, rotate them keep them in sync, add a a second layer auth, perhaps oauth as well without being overly complex?

There are open source projects out there, yet most seem to be aimed at multi user enterprise. I just want this mainly for myself. Goal is easy management along with security.

Ant suggestions are welcome and appreciated.

Cheers!

Is there an open-source option to this were i can use my own hardware for 2d to 3d stl?

what is the best Zerotrust Mesh VPN that I can selfhost ?

My requirements:

1. They shouldn't have the opensource project just as a marketing tool (like headscale)

2. Shouldn't practice "Community Deprioritization" by shutting down forums (like Tailscale did)

please tell us about your experience in self-hosting different zero-trust-mesh vpn service and their level of complexity and potential future decision that may impact/limit things in future.

TLDR: Tailscale: I have only used tailscale and often suggested others in the threads to use it but now I feel like I was a "marketing agent" all along. But when I thought of deploying the headscale version, it felt as if the opensource project is heavily and intentionally restricted. I asked chatgpt about it if I am being unreasonable about it then it said "its a pattern where companies use opensource as marketing tool, and steps like shutting down forums is one way to detect this pattern."

I think tailscale is a good project, and it is doing what any business would do, but since I often also look into past and potential future business decisions of projects I want to deploy. I don't think I am going to use tailscale or headscale. Let me know if I am missing something.

Netbird: I haven't used netbird, but upon reading it seems their cloud version is different from their selfhosted version, which is expected, but since I haven't used it I can't speak about them.

I might as well go back to bare metal wireguard if there is no option.

^{Seeing the craze of tailscale in this subreddit, I think this is going to get downvoted to nothingness}

I've been having wireguard as the only way to get in my home LAN and access my selfhosted services. And I installed wireguard config files on my family members' smartphones. The reason I choose wireguard is because I can keep it simple (only one udp port open -> less attack surface/ no brute force/ no denial of service)

But I fear that if one of my family members' wireguard config file is stolen, most of my local resouces become available to the bad guys. There are discussion around this topic like this one Although I trust my family don't abuse my services I just can't expect their OPSec to be that good. And counter measures like periodical key rotation would be a huge headache and time consuming.

So in this particular senario, something like authentik (SSO protected with MFA) make far more sense than wireguard?

The worst thing that could happen is once those bad guys get into my home LAN, they can do all sorts of things like brute force ssh or try to access router webUI. Although I'm supposed to protect those resources, I simply can't take that much time investigating all those vulnerabilities and keep high OPsec on every single hosts. Let alone I have tons of insecure experimental proxmox VMs.

Thus, my realization. Is authentik safer than wireguard when I want to share my selfhosted services to my family members?

Please share your thoughts. Thank you!

I am looking for reputable brand that offers UPS with LiFePO4 batteries instead of lead acid batteries.

I know that the purpose of UPS is for you to gracefully shutdown your system and are not intended as power supply, but wouldn't it still be nice to have that huge battery capacity and 4000+ recharge cycles you get from LiFePO4?

I was considering power stations like jackery, but they don't have 0ms seamless switching and also their passthrough mode doesn't actually bypass the battery, which is a bummer as it will wear the battery when using it in passthrough mode.

Hi masters,

I got an unusual challenge and I would like to know if we have any project that could attend it, the company that requested me also want to help supporting finantially the project that provides a solution for this.

The objective is to have a redundant environment of their Microsoft 365 services, basically use SharePoint as file server and Mailboxes.

My idea is to raise a server with +- 5TB, but need help to maintain a copy of files and mails periodically, and, in case of a big downtime from Microsoft (we know that it's basolutely resilient) they could be able to access the environemnt and work with mailboxes and their old messages, also with their files.

I know that we have Nextcloud, do we have another options for it? Or any easy way to adapt Nextcloud to receive constant migration jobs to have mailboxes with mewssages and sharepoint files to multiple shared file stores?

Thanks a lot and regards

So, I currently own about 5 websites. None of them have that many files on them per se—just the source files. But I use MEGA to share large files with users, and honestly, it’s not great:

• The speed is very inconsistent
• It’s expensive (I’m on the $200/year plan for 8TB)
• It’s a pain to manage files when you want other people to access them—unless you give them your username and password (yeah, I know about team accounts, but that costs more)

So I’ve been thinking about buying a home NAS (around 10TB to 15TB), but I’m a total noob when it comes to networking. Here are some questions I’d really love answers to:

1. Is it even possible to replicate MEGA’s behavior with a NAS (i.e., share files via links)?
2. Will speed be an issue? (I have 1Gbps internet)
3. How would you go about setting it up, and how much would it cost?
4. Is it viable to buy a NAS second-hand?

I know it's not a huge deal, but after a litany of issues I finally got Nginx Proxy Manager working on my UnRAID setup. That means my Obsidian self-hosted finally works outside of my network, and I can safely share my Plex with friends.

No clue what was stopping it from working before, but hey, it works now and it's mostly thanks to this sub. So thank you all that have posted in the past, I owe ya.

Hello all, I have a few Sonicwall TZ500 routers in our offices, never really liked them that much, especially the licensing structure, was thinking of replacing with an open source model and some form of linux OS on top of it.

Reason is that I want to deploy router configs via saltstack, for sonicwalls I have to manually go into the console and create objects via UI, which is cumbersome

can anyone recommend a good hardware model with at least 8-10 ports and at least 1 port for fiber, and an OS for this? Thank you.