[jpillora]

Port forwarding is fairly simple. All routers should support it. Forward port 443 to local-rpi-ip-address:443. Setup caddy/traefik. Create A record to public ip. Enable tls. Enable file hosting. Done: you now have TLS static website without any 3rd parties.

That said, cloudflare is super handy for dns, and for proxying specific domains, where you don't want to expose your public ip.

[sodality2]

Unfortunately residential networks usually don't have static IP's so the IP changes on reboots. Updating the DNS record every time would probably be a PITA.

[27100974]

Couple of notes: You can use a DNS updater like this one: https://github.com/timothymiller/cloudflare-ddns

The bigger problem would be if your ISP implemented CGNAT.

[ekianjo]

Easily taken care of by duckdns for example

[sodality2]

Then I can't hook it up to a real domain like google.com, just a subdomain of whatever site is running it.

[skeletonjelly]

And then you have to hope your ISP doesn't use CGNAT

[vira28]

Thanks. Xfinity (my ISP) supports only TCP and UDP for Xfi Gateway and not HTTP/HTTPS.

The thing which I don't know is how to remove Xfi Gateway and use my own gateway/router.

[Thorrez]

HTTP and HTTPS are layer 7 protocols that both go inside the layer 4 protocol TCP.

So port forward TCP and you'll be good.

https://en.wikipedia.org/wiki/OSI_model

[vira28]

Perfect. Thanks. That was my doubt. Will try it out.

[WrtCdEvrydy]

Yeah, most routers have a predefined list of "Applications" but you can add a custom application with custom port.

Back in the day, DynDNS actually allowed the IP to DNS as a free service.

[Thorrez]

Oh, I forgot to mention HTTP uses TCP port 80, and HTTPS uses TCP port 443.