Comment by miramba - Hacker Neue

Is there a way to do that and still be able to access the server?

Yes, of course.

Free way - sign up for a cloudflare account. Use the DNS on cloudflare, they wil put their public ip in front of your www.

Level 2 is install the cloudflare tunnel software on your server and you never need to use the public IP.

Backend access securely? Install Tailscale or headscale.

This should cover most web hosting scenarios. If there's additional ports or services, tools like nginx proxy manager (web based) or others can help. Some people put them on a dedicated VPS as a jump machine.

This way using the Public IP can almost be optional and locked down if needed. This is all before running a firewall on it.

m00x 4 days ago

Yes, cloudflare tunnels do this, but I don't think it's really necessary for this.

I use them for self-hosting.

doublerabbit 3 days ago

That server is still exposed to the internet on a public IP. Just only known and courted through a 3rd party's castle.

j45 3 days ago

The tunnel doesn't have to use the Public IP inbound, the cloudflare tunnel calls outbound that can be entirely locked up.

If you are using Cloudflare's DNS they can hide your IP on the dns record but it would still have to be locked down but some folks find ways to tighten that up too.

If you're using a bare metal server it can be broken up.

It's fair that it's a 3rd party's castle. At the same time until you know how to run and secure a server, some services are not a bad idea.

Some people run pangolin or nginx proxy manager on a cheap vps if it suits their use case which will securely connect to the server.

We are lucky that many of these ideas have already been discovered and hardened by people before us.

Even when I had bare metal servers connected to the internet, I would put a firewall like pfsense or something in between.

palata 3 days ago

What does the tunnel bring except DoS protection and hiding your IP? And what is the security concern with divulging your IP? Say when I connect to a website, the website knows my IP and I don't consider this a security risk.

If I run vulnerable software, it will still be vulnerable through a Cloudflare tunnel, right?

Genuinely interested, I'm always scared to expose things to the internet :-).

iLoveOncall 4 days ago

Yes, CloudFlare ZeroTrust. It's entirely free, I use it for loads of containers on multiple hosts and it works perfectly.

j45 3 days ago

It's really convenient. I don't love that its a one of one service, but it's a decent enough placeholder.

Carrok 4 days ago

Many ways. Using a "bastion host" is one option, with something like wireguard or tinc. Tailscale and similar services are another option. Tor is yet another option.

cortesoft 4 days ago

The bastion host is a server, though, and would be exposed to the internet.

venturecruelty 4 days ago

>Never expose your server IP directly to the internet, vps or baremetal.

sh3rl0ck 4 days ago

Either via a VPN or a tunnel.

This item has no comments currently.