Comment on How safe is self-hosting a public website behind Cloudflare?
hpca01@programming.dev 5 months ago
Cloudflare tunnels are layer 7, so it’s not unlimited access by any means. This also means that certain things will break btw, for example if your website uses websockets to load information, that isn’t supported.
Next, I’d put the computer that is going to be hosting into an isolated vlan of its own and access via external URL only.
If you’re going to use docker images, make sure to vet that they’re updated often and always spin up the latest.
daq@lemmy.sdf.org 5 months ago
CF tunnels are layer 3, not 7 and they have support for web sockets. It’s basically wireguard VPN with a few extras built on top.
…cloudflare.com/…/cloudflare-tunnels-faq/
hpca01@programming.dev 5 months ago
That document doesn’t say what layer. But it does say it supports Websockets.
Just odd that when I try to set it up using a named tunnel I don’t get an option to specify the WS service type. However it does require a service type if you want to connect to it.
Looking at this page it would seem that it’s a layer 7. Although I could be wrong, but my front end app has issues finding my backend service for websockets.
daq@lemmy.sdf.org 5 months ago
No, but I thought I clarified that when I said it’s basically wireguard VPN which operates using tcp/udp (layer 3.) layer 7 is stuff like https. CF tunnels are lower level.
Page you linked is missing the layer between CF and source server so it doesn’t indicate layer. You can lookup wireguard protocol if you want more details.