[reilly3000]

I just set up a Cloudflare Tunnel this weekend to my homelab. I was able to connect it up with a container within minutes. I also was able to set up their zero trust offering and had route based RBAC against two domains w/ Google OAuth2 login. I have my reservations about CloudFlare with regard to centralizing the web, but this tunnel is fantastic and saved me quite a bit of trouble with messing with my RouterOs config and nginx.

[api]

> I have my reservations about CloudFlare with regard to centralizing the web, but this tunnel is fantastic

Superior UI/UX offered by centralized systems is why everything is being centralized.

People will trade everything including privacy and security for ease of use. The market has shown this time and time again.

[hombre_fatal]

Getting ddosed by a $5 botnet, which gets cheaper every day, tends to change people's minds about Cloudflare.

Your users don't really care about decentralized utopia when your service doesn't work.

[api]

The only decentralization that's going to work is actual decentralization where there's not really anything to DDOS, or rather the entire system is itself a botnet.

[acdha]

There’s always something to DDoS. It comes down to whether the attacker has more resources than you have server capacity, and these days attacks can be measured in terabits.

[fomine3]

Ultimately big CDN is the only way to win for DDoS.

[moontear]

Help me understand what you mean: my service ok particular wouldn’t be ddosed because nobody cares.

I guess bots are hitting CF IPs at large and therefore services might be disrupted?

[hombre_fatal]

Well, every service that gets ddosed was once a service that nobody cared about.

But if your service is in a category that attracts ddos (like a forum or game) and you ever get enough traction for someone to care (doesn’t take much), it might surprise you how cheap it is to take you down and how limited your options are against a simple volumetric attack.

[anderspitman]

Not to mention Cloudflare Tunnel is a loss leader. Basically any new entrant has to either get funding or justify charging money for tunnel traffic.

Cloudflare Tunnel has gotten good enough there aren't a lot of ways to be better left. A couple would be offering e2ee and a less stringent ToS (technically anything other than normal HTML websites is not permitted, though I'm not aware of this ever being enforced, yet).

[NicoJuicy]

Cloudflare already has the bandwidth. I suppose tunnel doesn't cost much ( or even anything) compared to the rest since they pay for the size of the pipe.

When someone uses the tunnel, they never have to go outside of cloudflare. Since the traffic ( i suspect) would stay very local.

Perhaps it could be even cheaper in the end for them.

[anderspitman]

Good point, but they do still have to pay development costs for Cloudflare Tunnel.

[NicoJuicy]

That's why i explicitly mentioned the cost of the bandwidth.

I wasn't talking about the development/maintenance.

[sascha_sl]

It's unfortunate the only mature open source alternative[1] went on a path to seriously expensive subscriptions, 5x of a tailscale personal subscription.

[1]: https://inlets.dev/

[anderspitman]

There are lots of other open source options[0]. Whether you would consider any mature is a bit more subjective.

[0]: https://github.com/anderspitman/awesome-tunneling

[sascha_sl]

I did go through this list a few months ago and found most options lacking. But Cloudflare tunnel was still bound to having an Argo subscription back then. (To be fair, their pricing page is still very confusing on this)

[blaise-pabon]

Ok, I'm confused... you went through a bunch of awesome solutions and you found them lacking; but the modest price of inlets is unacceptable? If Tailscale works for you, then you don't need Inlets.

I like to have several environments on my laptop, each with a different Ingress and Let's Encrypt certificate, accessible from the public Internet whether I am at home or at Starbucks. If Grandma's mac has 4G of ram, she can do it too!

[sascha_sl]

That you’d think 20 dollars a month is an acceptable price for this tells me that you’re either in the valley, are Alex Ellis or both.

Either way, I’ve built my own solution in go and if that doesn’t work out I also have cloudflared now. inlets is cool, but it is not revolutionary tech that can not be replicated and 20 dollars a month is mighty much for convenience, which would be hampered again by me having to throw a license key at every instance and being unable to share my config easily and reproducibly. And that ultimately matters a lot to me.

[anderspitman]

If you wouldn't mind opening an issue (or posting on forum.indiebits.io) and sharing anything you learned that's not already in the list it would be very helpful. I don't have time to try them all in depth.

[blaise-pabon]

Ummm... you haven't used Inlets, have you? But seriously, folks who use Inlets have typically tried a bunch of the obvious solutions and end up there when all else has failed them.

First of all, it's not "a" tunnel. It's however many you need to access the applications on your private network... which could be your laptop. It's not for everyone, but if you're running lots of apps on, say, your laptop and you want to have TLS everywhere, none of the comparably priced options come close.

[sascha_sl]

Cloudflare tunnels is free now though.