posts/self-host-docker/

[utterances-bot]

Self-Hosting with Docker and Argo Tunnel :: Nathan Vaughn — Adventures in programming and tech

Background For the past few years, I’ve rented a VPS to host some web apps for myself. I’ve done this since I’ve lived in college apartments behind a NAT and I wanted to be able to access these services from the outside world. Also, running locally, I wouldn’t be able to setup HTTPS other than self-signed certs. Yuck.
However, with Cloudflare’s new service, Argo Tunnel, and poor financial decisions a server I bought on Craigslist, I decided to move my apps to be hosted on-premise.

https://blog.nathanv.me/posts/self-host-docker/

[akshaytolwani123]

Hello Nathanv. I know that this post is a bit old now. Since you had pricing problems with argo tunnel you can use inlets. It is similar to argo tunnel but you can forward the tunnel to a vm. However If I read the github page correctly, the tunnel to a vm is unencrypted.

If you want the tunnel to be encrypted you will need to buy a license for inets pro with costs a bit more than 230 dollars for a one year license. Then you need to buy a vm for exposing the server which if you use the linode 5 dollar per month instance with 1 tb egress it will cost 60 dollars. The total comes near 300 dollars for the instance and the license.
For context the latest pricing of 0.10 dollars per gb after the first gb it will cost you 100 dollars per tb of data. Which is pretty expensive. In the end what you use depends

There is nice tutorial on inets here . Also cloudflare argo tunnels supports ssl. I used argo tunnels today with cloudflared and then used it with the --origin-server-name example.com . Just replace example.com with the domain you issued ssl for.

Thanks for the great post

[akshaytolwani123]

Sorry I forgot to mention I dont know how to setup ssl with hera

[lsgv]

Hi. Thanks a lot for this post! I've been trying to improve the security of my server(s) running home assistant, FreeNAS/Nextcloud and a couple of other stuff and had started to use Cloudflare Argo Tunnel but had trouble setting up Nextcloud. With your post I am now all set. Thanks.

[0dragosh]

Hey, cool post!

I'm running Cloudflare Access for a fair number of services for my homelab and I want to add Nextcloud, I wondered what did you do about auth-ing clients there?

How do you authenticate say iOS into Nextcloud when it's behind a Cloudflare Access Application + Policy? How about things like desktop apps/extensions, any stories there?

Thanks!

[NathanVaughn]

Oh man, it's been a long time since I've actually used Cloudflare Access. I've actually started using traefik-forward-auth and Keycloak. I know with some applications, I did have to get pretty aggressive on some of the bypass policies to allow routes. A number of applications make HTTP request in JS that don't seem to have the same authorization headers, and get blocked, so you need to make exceptions for them. For something like Nextcloud, you may just need to bypass the entire application and rely on it's own authentication mechanism.