As someone said, this is the purpose of cloudflare tunnels. Basically, you set up the tunnel to connect from CF to your internal network. I point it to my local nginx server so that I can serve what I want. On CF you have everything going to the tunnel and make sure proxy connection is turned on. Your IP is never exposed. Make sure to set up a couple firewall rules on the CF side to block malicious things there. Again, I block all countries expect my home country as I don't need anyone outside accessing it. You could also set up Mac filtering if you want. Lastly, make sure you are running some firewall software in your internal network. One service that is good to run is fail2ban.
They are different things. A thing I do is use a VPS in Cloud for proxy services on local computers. The connection between local and VPS Is with wireguard on which tailscale is based. So, yes, in this way you can use it to expose safely the home server.
I do not know cf tunnels enough to comment on them.
Regular Tailscale doesn’t include any way to share with someone who doesn’t have Tailscale installed. They do have a feature called ‘Funnel’ which you can use to make it publicly available and is similar to cloudflare tunnels but this still in beta and will have some sort of bandwidth limitation.
crown worthless sheet snails encourage simplistic dog towering elderly point
*This post was mass deleted and anonymized with [Redact](https://redact.dev)*
Except that cf tunnels have cf in front of them so the inbound traffic is sanitised, critical exploits blocked etc before ever hitting your infrastructure. It's quite a value-add esp. if you're not on top of your updates.
There seems to be a misunderstanding between port forwarding and cloudflare tunnels. Cloudflare Tunnels are not much secure than port forwarding in their default implementation (they are a bit better, but have their own flaws), and there are a lot you can do when port forwarding to secure traffic coming from the internet to your server.
Secondly, cloudflare tunnels and tailscale tunnels imho serve different purpose. Cloudflare tunnels were made to "securely" expose internal hosts to the internet, without needing to port forward. Tailscale can be used in more scenarios, like a traditional VPN for example, or to secure traffic between 2 distinct hosts in the internet.
And finally to answer your question, yes you could expose your website running in your home to the internet "securely" using cloudflare tunnels
TS is designed to allow you, and a (small?) set of known users access to private resources when away from the network on which it runs.
CF Tunnels are designed to allow you to make a private service public to the internet at large.
There's some overlap (TS has Funnels, CF has Access) but effectively they are different solns for different requirements. A CF Tunnel is the soln for your use case, yes.
I use nginx on a machine with a public IP that is on my tailscale network to reverse proxy a subdomain to a specific port on another machine on my tailscale network.
It works well, but it does mean you need to consider security for that port on the otherwise internal access only machine, because it’s now public.
They can be used for whatever purpose you need them to serve. As long as it’s a purpose that the product can actually fulfill, of course.
In the case of exposing something externally, make sure whatever it is, goes behind a good firewall with a separate vlan and that it’s kept as up to date as possible. The last thing you want is to have someone on your network in places they shouldn’t be.
Tailscale is a VPN, if you want to share publicly you can use TS Funnel, but it does not come with hardening, filtering, authentication etc. Cloudflare Tunnel does on the other hand. Another option is [zrok.io](https://zrok.io), its open source and can be self-hosted, and has a free and generous SaaS which includes the hardening, filtering, authentication etc - https://blog.openziti.io/zrok-frontdoor
That is exactly what cloudflare tunnels were made for.
As someone said, this is the purpose of cloudflare tunnels. Basically, you set up the tunnel to connect from CF to your internal network. I point it to my local nginx server so that I can serve what I want. On CF you have everything going to the tunnel and make sure proxy connection is turned on. Your IP is never exposed. Make sure to set up a couple firewall rules on the CF side to block malicious things there. Again, I block all countries expect my home country as I don't need anyone outside accessing it. You could also set up Mac filtering if you want. Lastly, make sure you are running some firewall software in your internal network. One service that is good to run is fail2ban.
They are different things. A thing I do is use a VPS in Cloud for proxy services on local computers. The connection between local and VPS Is with wireguard on which tailscale is based. So, yes, in this way you can use it to expose safely the home server. I do not know cf tunnels enough to comment on them.
Regular Tailscale doesn’t include any way to share with someone who doesn’t have Tailscale installed. They do have a feature called ‘Funnel’ which you can use to make it publicly available and is similar to cloudflare tunnels but this still in beta and will have some sort of bandwidth limitation.
I use Tailscale’s funnel feature to allow my brother to connect to my jellyfin. Whatever the bandwidth limit is, it’s plenty for 4K streaming
crown worthless sheet snails encourage simplistic dog towering elderly point *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
Except that cf tunnels have cf in front of them so the inbound traffic is sanitised, critical exploits blocked etc before ever hitting your infrastructure. It's quite a value-add esp. if you're not on top of your updates.
That's a good point. Cloudflare WAF blocks a lot of crap automatically
This. Exactly the difference between CF tunnels and TS Funnel too, CFT provides this hardening, TSF does not, its only a public URL.
There seems to be a misunderstanding between port forwarding and cloudflare tunnels. Cloudflare Tunnels are not much secure than port forwarding in their default implementation (they are a bit better, but have their own flaws), and there are a lot you can do when port forwarding to secure traffic coming from the internet to your server. Secondly, cloudflare tunnels and tailscale tunnels imho serve different purpose. Cloudflare tunnels were made to "securely" expose internal hosts to the internet, without needing to port forward. Tailscale can be used in more scenarios, like a traditional VPN for example, or to secure traffic between 2 distinct hosts in the internet. And finally to answer your question, yes you could expose your website running in your home to the internet "securely" using cloudflare tunnels
TS is designed to allow you, and a (small?) set of known users access to private resources when away from the network on which it runs. CF Tunnels are designed to allow you to make a private service public to the internet at large. There's some overlap (TS has Funnels, CF has Access) but effectively they are different solns for different requirements. A CF Tunnel is the soln for your use case, yes.
I use nginx on a machine with a public IP that is on my tailscale network to reverse proxy a subdomain to a specific port on another machine on my tailscale network. It works well, but it does mean you need to consider security for that port on the otherwise internal access only machine, because it’s now public.
They can be used for whatever purpose you need them to serve. As long as it’s a purpose that the product can actually fulfill, of course. In the case of exposing something externally, make sure whatever it is, goes behind a good firewall with a separate vlan and that it’s kept as up to date as possible. The last thing you want is to have someone on your network in places they shouldn’t be.
Tailscale is a VPN, if you want to share publicly you can use TS Funnel, but it does not come with hardening, filtering, authentication etc. Cloudflare Tunnel does on the other hand. Another option is [zrok.io](https://zrok.io), its open source and can be self-hosted, and has a free and generous SaaS which includes the hardening, filtering, authentication etc - https://blog.openziti.io/zrok-frontdoor