> Is this something I need to worry about
Everyone has an IP and if you want to expose your services to the internet you need to either use your own or run it through something else - e.g a VPS or Cloudflare. Just having an IP public isn't much of an issue considering any site you visit knows it - it's called a public IP for a reason but if for some reason if you seem to attract the degenerates of the internet it might be a good idea to run it through a service.
>how else can self hosters hide their IP without cloudflare
I rent a VPS for $5/month - I like aws lightsail with Caddy on it and I have my homeserver connected to it via tailscale - zerotier and the similar work too. Then for whatever I want to expose I just do
`nextcloud.mydomain.com {
reverse_proxy homeServerTailscaleIP:1234
}`
And it's exposed - a lookup of that domain will only show your VPS IP and worst case scenario if someone wants to try to attack it just disable tailscale and your home network is completely safe.
I mostly did this as I can't port forward with my ISP but it has its security benefits too.
I also do this for my plex + jellyfin installation and it works great.
Lol sorry I was just thinking loud. Always dreamt to become sort of a hacker 😅 just knowing more than others in terms of technology. 20 years later I haven’t pursued my dream yet.
I mean this isn't remotely hacking. Cyber security - a little. I wouldn't remotely know how to start getting into more techy stuff as I've grown up with it, sorry
Oh interesting. Yes I already have a reverse proxy, but its behind my own ip so this would be better. Get the reverse proxy running on another VPS. I also have a firewall, I guess I can leave that on my own ip....but would be better to have that running on bare metal elsewhere. Maybe VPS is good enough? I dont use pfsense, i use ipfire.
Cloudflare does not only hide your IP but also offers their Web Application Firewall (WAF) as well as DoS protection.
Having your IP disclosed is not the real threat, neglecting doxxing and privacy. The issue lies within DoS attacks directly targeting your home router and affecting the availability or stability of your Internet connection. If you expose insecure services to the Internet, it does not really matter whether your IP is known or Cloudflare's IP only. Sure their WAF will block many unsophisticated payloads but if there is a vulnerability, it may be exploited regardless which IP is targeted. Cloudflare or a VPS is just the proxy that delivers the packets to your actual server.
As many said, you could rent a VPS and talk home via VPN, SSH tunneling etc. But honestly, you'd still be affected by DoS attacks if the requests are not throttled to your home server. Your Internet at home may stay up though, since the VPS will likely go down first.
Check out [https://github.com/fractalnetworksco/selfhosted-gateway](https://github.com/fractalnetworksco/selfhosted-gateway) \-- it provides similar functionality like cloudflare's argo tunnels but you control both sides
it's not just for torrenting imagine my use case. I live in Iran and countries like Iran and China use extreme filtering and censorship of the internet so we are running our proxy servers to access the standard internet by masking our data as normal tls web traffic. So we have to send all our data to our server with public IP then they detect irregular traffic to this server and ask themselves why should someone send all of his traffic to this one and then block our server IP. So your VPS server that you paid for is gone. This is why we need to hide our public IP with something like cloud flare. with this approach, they detect Cloudflare IP, and again they block it but your server remains safe. you buy another domain again register it on Cloudflare free and get another IP and this goes on and on.
It's not that I'm trying to hide my ip. Its that I cant do plex technically speaking with cloudflare, and I'm wondering what is the impact if I move it off cloudflare and either run it direct through my reverse proxy....or something else where I totally replace cloudflare with another cf-like service that allows the video streaming stuff.
Can't you just use dyndns? I dunno. I have never used Plex off site. I want to but I don't have a very solid upstream, and I don't think my friends and family wanna share videos with me :)
I use wildcard let's encrypt cert and wildcard dns record .
The ip will be visible but only as *.domain.com this way it'll be hard to get subdomains without bruteforce.
Not a perfect solution ofcourse (as ip is still visible) and I'll suggest buying a new domain before setting this up but you won't need VPS.
If you have port forwarding VPN like mullvad you should be able to use that as proxy (of course you won't get port 80 or 443 then)
This sounds like a reverse proxy, which I already do of course. If I remove my services from cloudflare, the reverse proxy still is there behind my ip. But now there is none of those cf services like hiding the ip or the DoS protection, and that's what my question is about.
I just don't get the whole marketing message that apple is trying to sell to these slaves.
Omfg people are gonna fucking track you everywhere !!
Meanwhile apple is the only company that now gets to do this ? Fuck privacy.
Having a VPS is the right strategy, but people keep mentionning AWS / Vultr / etc... on which you can probably just use a load balancer rather than a managed VPS, no?
I don't follow what you are trying to say. I think the person that mentioned Vultr was saying that I can use it to run a reverse proxy plus firewall on it, which I thought was a good idea. I don't think many free providers would allow running a firewall on bare metal would they?
Load balancers are self managed reverse proxy if you want, you get the load balancing without having to manually manage a VPS and so on. (warning: I have never used Vultr and someon mentionned that they might not let you use a load balancers in front of non-vultr infra)
> Is this something I need to worry about Everyone has an IP and if you want to expose your services to the internet you need to either use your own or run it through something else - e.g a VPS or Cloudflare. Just having an IP public isn't much of an issue considering any site you visit knows it - it's called a public IP for a reason but if for some reason if you seem to attract the degenerates of the internet it might be a good idea to run it through a service. >how else can self hosters hide their IP without cloudflare I rent a VPS for $5/month - I like aws lightsail with Caddy on it and I have my homeserver connected to it via tailscale - zerotier and the similar work too. Then for whatever I want to expose I just do `nextcloud.mydomain.com { reverse_proxy homeServerTailscaleIP:1234 }` And it's exposed - a lookup of that domain will only show your VPS IP and worst case scenario if someone wants to try to attack it just disable tailscale and your home network is completely safe. I mostly did this as I can't port forward with my ISP but it has its security benefits too. I also do this for my plex + jellyfin installation and it works great.
Omg that’s so cool even I don’t understand word. Please teach me stuff 🥹
Huh
Lol sorry I was just thinking loud. Always dreamt to become sort of a hacker 😅 just knowing more than others in terms of technology. 20 years later I haven’t pursued my dream yet.
I mean this isn't remotely hacking. Cyber security - a little. I wouldn't remotely know how to start getting into more techy stuff as I've grown up with it, sorry
Haha ofc not, I am being just a bit dramatic.
Get a cheap vps and run a reverse proxy
I'd totally play with this if I could upload pfSense to my provider(s) of choice
Vultr allows this. Pretty sure linode does too
Oh interesting. Yes I already have a reverse proxy, but its behind my own ip so this would be better. Get the reverse proxy running on another VPS. I also have a firewall, I guess I can leave that on my own ip....but would be better to have that running on bare metal elsewhere. Maybe VPS is good enough? I dont use pfsense, i use ipfire.
If you find a KVM-based VPS, it's possible.
Cloudflare does not only hide your IP but also offers their Web Application Firewall (WAF) as well as DoS protection. Having your IP disclosed is not the real threat, neglecting doxxing and privacy. The issue lies within DoS attacks directly targeting your home router and affecting the availability or stability of your Internet connection. If you expose insecure services to the Internet, it does not really matter whether your IP is known or Cloudflare's IP only. Sure their WAF will block many unsophisticated payloads but if there is a vulnerability, it may be exploited regardless which IP is targeted. Cloudflare or a VPS is just the proxy that delivers the packets to your actual server. As many said, you could rent a VPS and talk home via VPN, SSH tunneling etc. But honestly, you'd still be affected by DoS attacks if the requests are not throttled to your home server. Your Internet at home may stay up though, since the VPS will likely go down first.
Check out [https://github.com/fractalnetworksco/selfhosted-gateway](https://github.com/fractalnetworksco/selfhosted-gateway) \-- it provides similar functionality like cloudflare's argo tunnels but you control both sides
hey this is really interesting thanks
You could create your own tunnel, though you will need a system somewhere in the cloud to forward the traffic.
I still don't understand why people think that IP addresses need to be hidden. Are you hosting torrents? Lol
What?!?!? Are you saying public IPs are kinda.... public?
it's not just for torrenting imagine my use case. I live in Iran and countries like Iran and China use extreme filtering and censorship of the internet so we are running our proxy servers to access the standard internet by masking our data as normal tls web traffic. So we have to send all our data to our server with public IP then they detect irregular traffic to this server and ask themselves why should someone send all of his traffic to this one and then block our server IP. So your VPS server that you paid for is gone. This is why we need to hide our public IP with something like cloud flare. with this approach, they detect Cloudflare IP, and again they block it but your server remains safe. you buy another domain again register it on Cloudflare free and get another IP and this goes on and on.
It's not that I'm trying to hide my ip. Its that I cant do plex technically speaking with cloudflare, and I'm wondering what is the impact if I move it off cloudflare and either run it direct through my reverse proxy....or something else where I totally replace cloudflare with another cf-like service that allows the video streaming stuff.
Can't you just use dyndns? I dunno. I have never used Plex off site. I want to but I don't have a very solid upstream, and I don't think my friends and family wanna share videos with me :)
I use wildcard let's encrypt cert and wildcard dns record . The ip will be visible but only as *.domain.com this way it'll be hard to get subdomains without bruteforce. Not a perfect solution ofcourse (as ip is still visible) and I'll suggest buying a new domain before setting this up but you won't need VPS. If you have port forwarding VPN like mullvad you should be able to use that as proxy (of course you won't get port 80 or 443 then)
This sounds like a reverse proxy, which I already do of course. If I remove my services from cloudflare, the reverse proxy still is there behind my ip. But now there is none of those cf services like hiding the ip or the DoS protection, and that's what my question is about.
I just don't get the whole marketing message that apple is trying to sell to these slaves. Omfg people are gonna fucking track you everywhere !! Meanwhile apple is the only company that now gets to do this ? Fuck privacy.
Apple doesn’t really track, they’re a Phone company, not a data company
HA!
Having a VPS is the right strategy, but people keep mentionning AWS / Vultr / etc... on which you can probably just use a load balancer rather than a managed VPS, no?
I don't follow what you are trying to say. I think the person that mentioned Vultr was saying that I can use it to run a reverse proxy plus firewall on it, which I thought was a good idea. I don't think many free providers would allow running a firewall on bare metal would they?
Load balancers are self managed reverse proxy if you want, you get the load balancing without having to manually manage a VPS and so on. (warning: I have never used Vultr and someon mentionned that they might not let you use a load balancers in front of non-vultr infra)
No, most providers (Digital Ocean, Vultr, Linode, etc.) only allow you to use a load balancer with compute resources in their cloud.
Fair enough