maybe silly question but does tailscale tunnel operate in a similar fashion to a cloud flare tunnel? as in you can remotely access your internal service over https?
Comment on How to reverse proxy?
ippokratis@lemmy.ml 2 weeks agoThe funnel exposes your local services to the public over https . Like what you want to accomplish with reverse proxy . Its just more straightforward for a beginner.
Personally I closed my router ports and switched to tailscalr funnels after using caddy with mutual TLS for years.
CapitalNumbers@lemm.ee 2 weeks ago
ippokratis@lemmy.ml 2 weeks ago
Yes that’s exactly what they do
WhyJiffie@sh.itjust.works 2 weeks ago
they did not say they want it public, and that’s an additional security burden they may not need
ippokratis@lemmy.ml 2 weeks ago
He he didnt but ghats what he meant
I mean 99% of users use reverse proxy for https public access
Also read the threat replies …
That’s what this thread is about
…
No?
WhyJiffie@sh.itjust.works 2 weeks ago
if that’s true, I assume it is because they don’t know about the security consequences, nor about more secure ways. and for 99% that is the worst solution, because they won’t tighten security with a read only filesystem, DMZ and whatnot, worse, they won’t be patching their systems on schedule, but maybe in a year.
99% users should not expose any public services other than wireguard or something based on it. on a VPS the risk my be lower, but on a home network, hell no!
ippokratis@lemmy.ml 2 weeks ago
Ok I’m not any networking expert but I think you are overestimating the risk here.
Opening a port doesn’t mean you are opening your whole home network just the specific services you want. And those not directly but with a web server in front of them . Web servers talked in this tgread that sit in front of open ports are well audited . I think that measures like mtls a generic web server hardening are more than ok to not ever be compromised.
But yeah I’m surely interested to listen if you could elaborate.
Thanks