I’ll admit I’ve only really been doing all of this fun self-hosting stuff for about 4 years now but I have been learning computer since Apple II. With my local fiber internet I have a static IP address and seem to have no barriers to expose my hosted websites to the internet. I’ve never used cloudfare and can’t imagine why I would need it. Use NGINX reverse proxy manager at both home and work. Some people have to jump through all these hoops and I’m just curious to know what situations necessitate all the extra hassle.
DHCP assigned IP address.
CG-NAT
ISP-blocked ports.
Thing is, you grew up in the pioneering age of computing, and in that time you needed to do everything yourself. This gave you a bunch of skills for free, that are hard to do today, because most of the hard stuff is automated away and snuck behind a gui and/or containers.
You use Cloudflare to proxy, or in other words, hide your IP. Anyone can hit your DNS records, grab your IP and start DDOSing or hacking on it. They also have some nice features to force security features like HSTS or WAF rules. I’d recommend looking into it, not proxying your public IP is an amateur move. As for using NGINX proxy manager, consider using standalone NGINX and writing your own configuration files. There’s a pretty big security issue with it the lead developer refuses to patch.
Link to said security issue would be nice so we know what to look out for
Why not use the phone already in your hand to look it up? There are several multi thousand upvoted threads on this platform about it.
Is it this one - https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2640 ?
Some of us had to hide our services behind vpn. As the last time I had my webserver exposed for to have others see my test site (I test internally before moving to public servers) I was dropping over 5000 connections a second that was trying to login to my page.
So my little server was getting hammered, and my other traffic started to get effected.
So you might be fine, others might have constraints that are not common.
Well many ISPs have started to use CGNATs so static IPs have become/will become a rarity. In this case exposing your service to the internet is not so straightforward. But if this is nitpicking, in general, networking, proxying, port forwarding etc., have a steep learning curve. So when people, who are just starting out, hit a wall and post a query here it might seem like they must go through hell before they can achieve what they want.
Also, another thing is security. Even if it’s easy to expose a service to the public internet, given the cyber climate, it’s quite important to go through a few hoops to make sure you do it securely.
Most of the services I access through Open VPN installed on my router but I do have things like vault Warden, next cloud, mesh Central, and a few others exposed directly. They all require username and passwords to get into and I use almost everyday and wouldn’t know how else to use them in my workflow if they weren’t exposed directly to the internet.
