Comment on I finally understand Cloudflare Zero Trust tunnels
q7mJI7tk1@lemmy.world 1 week agoIf today’s outage is anything to go by, you’re better off not using Cloudflare!!
I have continued to use it for public websites so that, in my thinking, at least the Cloudflare network is scrutinising who is accessing my webpages in case of attacks etc.
Pangolin is a simpler cloud reverse proxy, whereas Cloudflare has more bells 'n whistles for quick-set security. You just need to harden your VPS that Pangolin runs on. You can activate Crowdsec etc on it as well.
I run mine on a Hetzner VPS which has a nice firewall feature in the control panel securing the VPS ports for SSH and Pangolin tunnel to my home IP. This adds a comfort for me to know now that it’s then only the ports 80 & 443 exposed. And I think from memory Pangolin doesn’t play nicely with UFW (well, Traefik doesn’t).
PeriodicallyPedantic@lemmy.ca 1 week ago
Outside of VPS firewalls settings and fail2ban, is there anything else you’d recommend to harden the VPS?
q7mJI7tk1@lemmy.world 1 week ago
Not my expertise I’m afraid. Geoip blocking is straightforward with traefik (and Pangolin docs), Crowdsec is a little more complicated, and with the external firewall into the VPS, there isn’t much more I can think to do.
It’s likely more a factor of how secure Pangolin itself is at that stage.