Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Cheapest way to expose a http service behind router ?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Cheapest way to expose a http service behind router ?

Tried free Argo tunnel, it works great, but the URL is too long, something like blah-blah-even-more-blah.trycloudflare.com. I would like to use my own domain, but paid version $5/m is steep.

Ideally, if it allows throttling so it does not eat up my whole home connection and protection against attacks would be nice.

Shared hosting with reverse proxy?

Comments

  • Why not open a port on your router?

    Thanked by 1romanz
  • romanzromanz Member
    edited November 2020

    @serveradministrator said:
    Why not open a port on your router?

    That works too, however it is higher risk. For router forwarding, machine needs to be bridged to LAN and if someone gains control, they can access entire LAN. With Argo tunnel or similar I can use NAT setup so even if its compromised, attacker wont get out to my LAN.

    I am not completely against opening the port, perhaps there is some networking trickery that can be done with OpenWrt? Like this: https://openwrt.org/docs/guide-user/network/routing_in_gre

  • @romanz said:

    @serveradministrator said:
    Why not open a port on your router?

    That works too, however it is higher risk. For router forwarding, machine needs to be bridged to LAN and if someone gains control, they can access entire LAN. With Argo tunnel or similar I can use NAT setup so even if its compromised, attacker wont get out to my LAN.

    I am not completely against opening the port, perhaps there is some networking trickery that can be done with OpenWrt?

    You can just open port 80 & 443 for example. It will only allow those ports. If you need better security then have passwords for websites etc.

    My homelab is also setup for some sites where 443 & 80 is open, but only for Cloudflare IPs, so I just have some of my sites tunneled in Cloudflare. There is basically no security risk there.

  • Why not create a Vlan to protect your network and put Cloudflare on top or a reverse proxy on another VM to hide your IP?

    Thanked by 1romanz
  • romanzromanz Member
    edited November 2020

    I am going to go with port forwarding and CloudFlare DNS proxy.

    Have two types of nodes that would like to expose as domains/subdomains, one type are wired VBox VMs and second type are WiFi devices. Found that VBox NAT supports port forwarding. Router supports WiFi client isolation. So that should all work out.

  • raindog308raindog308 Administrator, Veteran

    This all sounds incredibly painful. Why not get a VPS?

    Even if the content is dynamic based on some kind of home data gathering, I'd rather update the VPS regularly than get into frogging around with vbox NAT, opening my home LAN to the Internet, etc.

    Thanked by 1vimalware
  • @raindog308 said:
    This all sounds incredibly painful. Why not get a VPS?

    Even if the content is dynamic based on some kind of home data gathering, I'd rather update the VPS regularly than get into frogging around with vbox NAT, opening my home LAN to the Internet, etc.

    Its not that incredibly painful and I do not mind frogging around ;)

    Perhaps you could elaborate why do you think my home LAN is open when I isolate clients? My understanding is that router or VBox NAT driver will not route isolated client packets anywhere else but WAN however badly they try to spoof their way out.

  • jarjar Patron Provider, Top Host, Veteran

    The right words to google seem like "self hosted ngrok" but it's not something I've looked into as much as I've intended to.

    Thanked by 1yoursunny
  • Tinc

  • chihcherngchihcherng Veteran
    edited November 2020

    @romanz said:
    Perhaps you could elaborate why do you think my home LAN is open when I isolate clients? My understanding is that router or VBox NAT driver will not route isolated client packets anywhere else but WAN however badly they try to spoof their way out.

    I guess raindog308 meant to say that a VPS could be much straight forward to set up your website, and it won't jeopardize your LAN if your website is compromised.

  • romanzromanz Member
    edited November 2020

    VPS is an ultimate solution, but shared hosting reverse proxy would be sufficient as well. If host does not support user controlled reverse proxy, it is possible to make one with PHP:

    https://github.com/michaelfranzl/no.php

    I prefer (shared) hosting before VPS because it is like having managed server for fraction of the cost. The host takes care of security, updating, patching and I can focus on what I like doing. I am currently with BuyShared and despite couple hiccups it has been pleasant experience. They do not support reverse proxy and suggested VPS, and I have unused VPS with them, but I would rather go with shared/PHP solution.

    If there is an attack on the server, host's staff will detect and extinguish it much quicker than I would on self managed VPS. I would open my home router only to connection from single IP so even if attacker learns my IP, they cannot do much with it. Plus I will lock down files and directories on the host so attacker wont be able to use any vulnerability that relies on writing arbitrary files. BuyShared gives every client their own IP, so even if attacker attacks anyone else on my shared server, their proxy requests will come from different IP, will not get through my router. With CF DNS proxy in front of all this, I think it is as secure as it gets.

  • ngrok is another alternative. What you're looking for is a tunneling service.

    See https://github.com/anderspitman/awesome-tunneling

  • +1 nat vps, openvpn & iptables?

  • Check PageKite.

  • rafaelscsrafaelscs Member
    edited November 2020

    haproxy and zerotier for vpn tunnel
    Natvps with ipv6 and cloudflare tunnel?
    Ipv6 home in your home host and cloudflare tunnel?

  • ericlsericls Member, Patron Provider

    ssh tunneling

  • DianTamaDianTama Member
    edited November 2020

    Since I use Laragon for my local development and it has ngrok feature built in.. So I've always use ngrok for tunneling.

Sign In or Register to comment.