New on LowEndTalk? Please Register and read our Community Rules.
Cheapest way to expose a http service behind router ?
Tried free Argo tunnel, it works great, but the URL is too long, something like blah-blah-even-more-blah.trycloudflare.com. I would like to use my own domain, but paid version $5/m is steep.
Ideally, if it allows throttling so it does not eat up my whole home connection and protection against attacks would be nice.
Shared hosting with reverse proxy?
Why not open a port on your router?
That works too, however it is higher risk. For router forwarding, machine needs to be bridged to LAN and if someone gains control, they can access entire LAN. With Argo tunnel or similar I can use NAT setup so even if its compromised, attacker wont get out to my LAN.
I am not completely against opening the port, perhaps there is some networking trickery that can be done with OpenWrt? Like this: https://openwrt.org/docs/guide-user/network/routing_in_gre
You can just open port 80 & 443 for example. It will only allow those ports. If you need better security then have passwords for websites etc.
My homelab is also setup for some sites where 443 & 80 is open, but only for Cloudflare IPs, so I just have some of my sites tunneled in Cloudflare. There is basically no security risk there.
Why not create a Vlan to protect your network and put Cloudflare on top or a reverse proxy on another VM to hide your IP?
I am going to go with port forwarding and CloudFlare DNS proxy.
Have two types of nodes that would like to expose as domains/subdomains, one type are wired VBox VMs and second type are WiFi devices. Found that VBox NAT supports port forwarding. Router supports WiFi client isolation. So that should all work out.
This all sounds incredibly painful. Why not get a VPS?
Even if the content is dynamic based on some kind of home data gathering, I'd rather update the VPS regularly than get into frogging around with vbox NAT, opening my home LAN to the Internet, etc.
Its not that incredibly painful and I do not mind frogging around
Perhaps you could elaborate why do you think my home LAN is open when I isolate clients? My understanding is that router or VBox NAT driver will not route isolated client packets anywhere else but WAN however badly they try to spoof their way out.
The right words to google seem like "self hosted ngrok" but it's not something I've looked into as much as I've intended to.
I guess raindog308 meant to say that a VPS could be much straight forward to set up your website, and it won't jeopardize your LAN if your website is compromised.
VPS is an ultimate solution, but shared hosting reverse proxy would be sufficient as well. If host does not support user controlled reverse proxy, it is possible to make one with PHP:
I prefer (shared) hosting before VPS because it is like having managed server for fraction of the cost. The host takes care of security, updating, patching and I can focus on what I like doing. I am currently with BuyShared and despite couple hiccups it has been pleasant experience. They do not support reverse proxy and suggested VPS, and I have unused VPS with them, but I would rather go with shared/PHP solution.
If there is an attack on the server, host's staff will detect and extinguish it much quicker than I would on self managed VPS. I would open my home router only to connection from single IP so even if attacker learns my IP, they cannot do much with it. Plus I will lock down files and directories on the host so attacker wont be able to use any vulnerability that relies on writing arbitrary files. BuyShared gives every client their own IP, so even if attacker attacks anyone else on my shared server, their proxy requests will come from different IP, will not get through my router. With CF DNS proxy in front of all this, I think it is as secure as it gets.
ngrok is another alternative. What you're looking for is a tunneling service.
+1 nat vps, openvpn & iptables?
haproxy and zerotier for vpn tunnel
Natvps with ipv6 and cloudflare tunnel?
Ipv6 home in your home host and cloudflare tunnel?
Since I use Laragon for my local development and it has ngrok feature built in.. So I've always use ngrok for tunneling.