I love it, but I’m also a hypocrite. Centralized internet is bad but cloudflared is incredible.

The service is ok, but if you (rightfully) do not want to be tied to Cloudflare, take a look at Tailscale Funnels. Same concept, but from a company that values the user and their privacy. Also, for regular personal/small user base, free tier is more than enough. And you get a free .ts.net subdomain to use with your apps, if you need that.

I’m using Pangolin, which is the current hotness. It’s somewhat like cloud flare tunnels, but you need a VPS (find a cheap one). That tunnels back to your house. I opted into using crowdsec as another later. It’s a part of their setup process.

I run a jellyfin server. I have gigabit fiber in ohio, USA. Some of my users found it basically unusable when they were geographicly far away, like Hawaii and Thailand. I switched to using cloudflare tunnel as an experiment and the difference was dramatic. They are now able to stream reliably almost as if they were geographically nearby. The fact of the matter is, the cloud flare CDN that’s traffic passes through using the tunnel is infinitely better connected to the rest of the world than whatever home ISP you have.

That being said, cloudflare plays man in the middle to all your traffic, so I wouldn’t use it for anything that’s particularly secret. But for standard web pages it’s amazing. I run my vaultwarden server directly on my home ip address and not through cloudflare tunnel.

Does your use case include random people on the internet accessing these services or is it just for you? If it’s just you and a couple friends and their devices look into Headscale

I just started using them and I like it. It’s a good balance of easy and secure for me. I just added the container to my stack and then use their UI to point a subdomain at the internal port. Security can go pretty extreme if you set up their whole zero trust thing.

An alternative similar option is Pangolin. I’ve seen a lot of people like it to avoid Cloudflare, but I haven’t used it myself. There still has to be an endpoint running it, so you’ll need an external VPS, which then adds a cost to the equation but at least you control it.

It’s easy to use and takes away some of the hassle.

If you don’t like cloudflare you could find a VPS you do like and run Pangolin on it to get the same service but maybe not the same level of protection.

I use Oracle’s free tier to host it. They’re probably worse than cloudflare as far as evil corporations go though.

I just found out about cloudflared, it looks straightforward but you need a cloudflare account to use it. IDK what (if anything) they charge for it.

I have generally just used a VPS for this. I’ve done it through an ssh reverse proxy which is pretty crappy, but a more serious approach would use iptables forwarding or wireguard or whatever the current hotness is.

Two of my coworkers with kubernetes homelabs use the Helm Chart deployment of this and they like it very much. All my domains are in Cloudflare so this is a no brainer.

I would like to try this with their SSO offering so that I could just handle auth at the tunnel instead of something like Dex in front of each service in the cluster.

I used a cloudflare tunnel for streaming music in jellyfin. Didn’t so much else with it and it worked pretty well. Anything high bandwidth you should use something else, but for stuff that doesnt consume a ton of bandwidth like music streaming in my case, it worked fine, at least when I used it a few years back.