Their tunnel uses TLS termination. When we use TLS/SSL certificates on a server, we want the data to be encrypted between your server and the clients connecting to it. When you use Cloudflare’s tunnel, that TLS connection is terminated, that is, decrypted on their servers and then it is re-encrypted and sent to your client. So, theoretically, they can look at all the data going through. But do they sniff in to your data, that is upto what you believe.
If you are self-hosting for privacy, this is a bad idea. Free solutions like Cloudflare and Tailscale all do TLS termination. What you want is TLS pass through. You can rent a small VPS and set up TLS pass through using something very simple, like HAProxy, NGINX Proxy etc.
prenatal_confusion@lemmy.one 1 year ago
Care to explain? I just set up zero trust Tunnel with them 😶
nutbutter@discuss.tchncs.de 1 year ago
Their tunnel uses TLS termination. When we use TLS/SSL certificates on a server, we want the data to be encrypted between your server and the clients connecting to it. When you use Cloudflare’s tunnel, that TLS connection is terminated, that is, decrypted on their servers and then it is re-encrypted and sent to your client. So, theoretically, they can look at all the data going through. But do they sniff in to your data, that is upto what you believe.
If you are self-hosting for privacy, this is a bad idea. Free solutions like Cloudflare and Tailscale all do TLS termination. What you want is TLS pass through. You can rent a small VPS and set up TLS pass through using something very simple, like HAProxy, NGINX Proxy etc.