I would so love to meet this guy and be best friends with him and every time I watch his videos I feel so influenced to dive into technology more and more it’s crazy!
I would just love to have friends to nerd talk with. I work in IT and I am not even sure my colleagues know what Docker is. IT in my country is influenced too much by our education system that still teaches token ring, WIC-2A/S ports for data between routers. Even our vendors that deliver software/web solutions act confused if I ask them what programming languages they use e.g Python, GO, Rust, PHP like they have not even heard of anything besides Visual Basics 2000 The closet I think I have is my engineer friends who are very up to date :) Sorry for the semi rant guys. Have a nice weekend :D
I took up web hosting as a hobby project and have watched so many videos... none of them did what you do at 12:19 by simply adding the container name as URL. Would've never found that out on my own. Absolutely fantastic video!
@@christianlempa yes! I have authelia set up and I cannot get it to work with anything other than the local domain setup. It does not work at all for the cloudflare tunnel portion of the rule. :( If there is a suggestion on how to do that, I am all ears as I have been trying for about 2 days now.
PERFECT Timing! I've been using CloudFlare tunnel on my server for a while, but decided to do a cleanup/consolidation on my Docker networks. Realized I had used the command line to set the tunnel up originally, but wanted to set up a stack in Portainer to handle future updates. Everything I need was in the tutorial (BTW - I think there might be a typo in the command to set up the token). THANKS!
Can't agree more, this is perfect timining! I just setup docker and a CloudFlare tunnel for the first time on my home server. This guide has definitely showed me a few more things I'll want in my setup.
amazing! The 404 cost me HOURS! I couldn't figure out why it's re-routing traffic externally but not internally in the cluster. Made the same change as you did but not with labels per service, instead added a route in the ingress. 10 seconds of gold
hey saw a clip before on this and started to look around a bit. but you are doing much better and looking forward to your clips. Has helped a lot to get ahead and also got answers to many questions.
Hey buddy , thanks a lot for this exclellent tutorial. Your tshoot demonstrating the need for both fqdn's in the Traefik Ingress Route saved me a good deal of time to figure out why setup wasn't working. You're the best thanks a lot!!!👍😀
Awesome! Thank you, Christian, again for the great motivation :D Every time I watch your videos, I feel inspired to implement your techniques into my own homelab or at least start experimenting with them. By the way, I would be more than glad to hear your recommendations for securing access to exposed services through these tunnels. Cheers!
CF Tunnel is what I'm using to expose my Matrix and Mastodon servers endpoint so they can federate. Otherwise I still prefer accessing stuff via Tailscale (which BTW recently added Tailscale Funnel). But Cloudflare is a different kind of beast if you want to combine Warp with Tunnel or Warp-to-Warp, but I digress 😃
I literally just worked out how to do this myself last weekend. Good to see if what I was doing is what everyone does with integrating Cloudflared and Traefik.
Great video. Would love to see a video on setting up the various authentication methods and creating better policies for self hosted apps (including allowing API access to them). Thanks heaps
That's a great video I am soo excited for more videos about it about rdp with Cloudflare or access please continue your good work Could you do a video about authentification with Cloudflare access and a self-hosted IAM like Authelia or Keycloak (if possible with a user-friendly UI😅) or nether an existing active directory server
Just done this before watching this video last week. I don't mind exposing my ip address, people can already guess and I had to move ssh port higher. Because it was constantly abused. It still is, but with much lower rate. But advantage is that it somewhat helps with other stuff: you don't need nginx reverse proxy, you don't need to renew let's encrypt certificates for each service every three months, you don't need to setup port forwarding on docsys modem/router and open port 443 whenever it needs factory reset. I just haven't tried this for ssh and to have dynamic dns (script that checks local ip every 30 minutes and renews dns when it changes - which can be likely done via cloudflare api) and to for blocking access based on country.
Great video! Can you do an in-depth video covering those settings in the cloudflare zero trust for exposing web application? How to allow mobile app api access while locking down web access.
It would be nice to see a video about the authentication, Because, For example, if I setup the nextcloud using the tunnel, and I enabled the one time pin authentication, then, I am not sure if the nextcloud mobile application would still connect to this nextcloud instance, as the end point would be protected by one time pin, probably the mobile app would fail to connect. Thanks for your comments.
That's Excalidraw, specifically used inside Obsidian. Obsidian is a markdown editor and knowledge management app with lots of extensions, one of them is Excalidraw. Excalidraw also exists as a standalone web app.
@cristian Thanks for the amazing guides I whould love to see you setup and configure authentik with truenas scale seems there are not guides on this subject and will be very populat as a replacement for authellia that is complex to setup and manage
what if the self hosted setup includes both Træfik and Authelia? Is there something different to be done there? I can reach a simple Nginx container in the same network, but when I try to reach containers behind Træfik and Authelia, I cannot seem to reach them. Thanks for the great videos!
I have à question you know if this tunnel or other we can connect with same ip but différent port. Ex: yacht app like portainer, because need always change the tunnel ip:port for access 😢. Ty
Christian, can you make some recommendations regarding how to employ "authentication providers and other security measures" due to TLS terminating at CF? What specifically have you done to mitigate this risk? Thanks!
Interessanter Ansatz! Wieder ein Pluspunkt für Traefik. Würde aber sehr gerne beim NPM bleiben, da ich nicht alles in Docker-Containern habe mir der händische Weg mit GUI irgendwie besser gefällt. Bin nun dazu übergegangen eine separate Domain für Cloudflare Tunnel zu nehmen und eine andere, die weiterhin klassisch mit DynDNS läuft, für den Fall, dass Cloudflare mal nicht als Option in Frage kommt. Nur wie mache ich das mit Nextcloud AIO o.Ä. wo die Domain hardgecoded festgelegt ist? Da funktioniert der OR-Operator || vermutlich nicht? Bin hier noch etwas überfragt. Besonders Nextcloud möchte man ja auch lokal mit Daten bespielen, ohne gleich alles durchs Internet schieben zu müssen.
@@christianlempa Question: I've successfully installed the TailScale on my TrueNAS Scale and I can ping it using the IP TailScale is assigning to it. But when I add that same IP as an alias to network interface and then set that IP as the Kubernetes' Node IP, I cannot access my apps through VPN. I'm trying to make it so whenever I'm connected to the VPN, I can use my TrueNAS Scales apps. Do you know how I can make this work?
Hi Christian, thanks for your good work on this nice topic! I use cloudflared on a separate ubuntu server in my dmz as connector. The publishing services are running on other servers (and dockers) in separate vlans. I only allow the configured ports, protocols and target-server in my firewall, so that other communication from tdmz to other internal networks isn´t allowed. One advantage over teleport is, that I do not need a cloud-server. Another point is, that cloudflare offers a kind of application firewall on top to the 2fa login, so access to my applications is further narrowed down. The other side is, that in this case we have to trust in cloudflare. I also like it to self host applications and solutions, so I would be happy if you make another video about teleport, how to install, configure and use it. Thanks a lot 🙂
Hey Christian, thank you for your dedication to each video and for your great selection of new topics as well as a very intuitive explanation process. Me personally, I'm under a CGNAT on a local ISP and I'm in need to use cloudflare tunnels and its great to see that you can still use traefik for load balancing, that was a great thing you showed me with this video. I'm curious since traefik can run in the internal network, couldn't authelia be deployed with traefik inside the internal network to provide an extra 2FA layer of security? I'm also excited to learn teleport if that's a more convenient way of exposing my services than cloudflare tunnels.
Hello! Great video! Can such a solution be done without a third-party service such as cloudflare? Purpose: hosting services on the open Internet without port forwarding on the router.
@@christianlempa Update. I've bought a domain on Cloudflare. Connected it to my dedicated IP. And with configuring the firewall on the Mikrotik router I passed the traffic to my Kubernetes cluster on the Orange Pi5 boards. I'm a developer and just started to learn self-hosted Kubernetes. Danke schön for your videos! They really help me a lot!
@@christianlempa I tried with hestiacp but no luck there.. May be I have to troubleshoot something. (Hestiacp because it has builtin webmail function and it can run with smtp relay easly)
That's Excalidraw, specifically used inside Obsidian. Obsidian is a markdown editor and knowledge management app with lots of extensions, one of them is Excalidraw. Excalidraw also exists as a standalone web app.
@@abuseifamina That's Excalidraw, specifically used inside Obsidian. Obsidian is a markdown editor and knowledge management app with lots of extensions, one of them is Excalidraw. Excalidraw also exists as a standalone web app.
Hey Christian, just wanted to point out that your zsh history prefiller may have leaked a production token. I'm sure you probably noticed and it's all good, but just wanted to let you know
Hey Christian, Thank you for the valuable insights you share on your TH-cam channel. I have a question: Is it possible to forgo Traefik's SSL termination mechanism and instead utilize Cloudflare's HTTPS termination service to manage our certificates? I'm curious about the advantages of integrating Traefik's DNS challenge with Cloudflare, especially when we have the option to enable Cloudflare's free SSL/TLS. Thanks.
Great video. Finding tunnels great for home use. I would like to enable more security, but can you think of a way to do this that still allows mobile apps (nextcloud) to access the tunnel? Would like to see a video about this.
how I can view or monitor for example IP of the machine that connects and use my tunnel expose website? I dont see a monitor for activity on cloudfare dashboard
Do you know how to get portainer itself running behind traefik? I have my cloudflare tunnel and traefik connected but Portainer is the only one not working.
I will have to update my templates at some point to add the portainer configs for traefik, but that probably will need to wait until early next year. Check out the github.com/ChristianLempa/boilerplates for updates!
Great Videos! I have created a tunnel in the past for Plex, but recently when attempting to do so, I noticed that the localhost now ends with /web. Normally its localhost:port, but now localhost:port/web to access plex locally. Do you know how we can now tunnel with the /web, or even other's that have /ui?
Thanks for this. Fantastic material. Your linked video on docker networks was great also. However! 😂. It never explains your use and configuration of the backend and frontend networks. Where is that covered?
Thank you for all your videos! I did have one question, perhaps you discussed this in another video but I missed it - can you explain your rationale and usecase for your "frontend" and "backend" networks?
Have you figured out how to do that ? I have the same question, how to create the network service backend or fronted. I have created one in portainer but it does not work.
Hey Christian, I tried setting up a public hostname to my local proxmox management IP, I get the cloudflare bad gateway error (host) and does it matter that the ''Origin Configurations" on the public hostnames page shows 0? Come a long way watchin your videos!
hi @Christian Lempa, Thank you, I have a question, how do you install traefik plugin from Github? I also try to install it, but it's fail with invalid download
For someone just starting down this home lab rabbit hole would you recommend going this route for exposing services to the Internet for personal and public use or would you recommend a reverse proxy?
So, I have created the tunnel and it says it is working. I added nginx container and public hostname as you suggested. I head to that URL and it says: bad gateway at host.
Good video, many hints on what to follow - but you missed the disclaimer that CF is able to access all the traffic due to man in the middle, might be okay for pictures wouldn't want to put my nextcloud there...
Word of warning: Streaming video or serving disproportionate amount of images is prohibited by CloudFlare. Watching your camera feeds will get your account terminated. It is actually somewhere in their Tunnels agreement.
@@christianlempa No problem. I figured it from a youtube video about Blueiris and how some people lost their accounts over that. I was about to put my Blueiris there, but now I rather just go with a VPN I already have (Nord has an internal feature they call Meshnet)
Great video! I would've really liked to see the deal with those private networks you can setup in Zero Trust. Not sure if the WARP client thing is the same as a simple custom WireGuard container/VM.
Muss man die DNS Server von cloudflare verwenden oder kann man manuelle DNS Einträge verwenden? Ich stelle mir vor, dass das ganze über cloudflare ihre DNS Server laufen muss......
Theoretisch könntest du auch eigene DNS Server verwenden, aber das würde wenig Sinn ergeben. Was du machen könntest ist eine eigene DNS Zone erstellen und diese dann an cloudflare delegieren.
Hi Christian, ich steh gerade vor der Frage wie es im Okt weiter geht mit Docker Umstellung bei TrueNas Scale. Habe gerade neu installiert und scheue nun wieder alles mit TrueCharts zu machen, da iX garantieren will die eigenen Apps zu Docker zu migrieren samt Einstellungen. Hast du da schon ein Plan?
I would so love to meet this guy and be best friends with him and every time I watch his videos I feel so influenced to dive into technology more and more it’s crazy!
This is such a nice compliment! Thank you buddy :)
Right :) "Evening conversations over beer at a pub" with Jeff Geerling, Timothy Stewart and Lewis Barclay
It’s ze accent for meee!!!
I would just love to have friends to nerd talk with. I work in IT and I am not even sure my colleagues know what Docker is. IT in my country is influenced too much by our education system that still teaches token ring, WIC-2A/S ports for data between routers. Even our vendors that deliver software/web solutions act confused if I ask them what programming languages they use e.g Python, GO, Rust, PHP like they have not even heard of anything besides Visual Basics 2000
The closet I think I have is my engineer friends who are very up to date :)
Sorry for the semi rant guys. Have a nice weekend :D
I took up web hosting as a hobby project and have watched so many videos... none of them did what you do at 12:19 by simply adding the container name as URL. Would've never found that out on my own. Absolutely fantastic video!
Thank you so much! Glad you liked it :)
I watched this to learn more about the access control feature for self hosted, and that wildcard "*" was the answer I was looking for. Thank you!
I would love to see a video on the authentication recommendation and setup! Great video!
Thank you!
@@christianlempa yes! I have authelia set up and I cannot get it to work with anything other than the local domain setup. It does not work at all for the cloudflare tunnel portion of the rule. :( If there is a suggestion on how to do that, I am all ears as I have been trying for about 2 days now.
i was able to get it working finally lol
ich wurde schon bekloppt mit vaultwarden und reverse proxy - mit cloudflare gehts so easy - DANKE !! du hast mir den feiertag gerettet
You saved my day I couldn’t thank you enough for figuring out you have to include both domain names in the traefik label I was stuck for hours.
Awesome! Thank you
Thanks Senior, after wandering around, you solved my problem easily. Am here for good!
Glad I could help!
PERFECT Timing! I've been using CloudFlare tunnel on my server for a while, but decided to do a cleanup/consolidation on my Docker networks. Realized I had used the command line to set the tunnel up originally, but wanted to set up a stack in Portainer to handle future updates. Everything I need was in the tutorial (BTW - I think there might be a typo in the command to set up the token). THANKS!
Can't agree more, this is perfect timining! I just setup docker and a CloudFlare tunnel for the first time on my home server. This guide has definitely showed me a few more things I'll want in my setup.
@@SabreToothedSam this guide showed me a few things I had to FIX in my setup - Christian's videos are the best 👍
This is a great video, Christian! Thank you for shouting out Warp in the beginning 👍
Damn, you fixed my life with the tip of adding the double pipe for the logical OR instruction
The videos on your channel have helped SO much! Any idea/question I've had, you seem to always have a video for it with answers. Awesome stuff.
Thank you so much! I'm glad the channels helps you :)
amazing! The 404 cost me HOURS! I couldn't figure out why it's re-routing traffic externally but not internally in the cluster. Made the same change as you did but not with labels per service, instead added a route in the ingress. 10 seconds of gold
Haha, it did cost me ~4 hours, too! 😂 but glad we could sort it out :)
Yes! Yes! Yes! on the Cloudflare video, absolutely would love to go deeper, thank you
Been using this setup for months now. Setting up Cloudflare access to use authentik for the oidc was pretty straightforward.
hey saw a clip before on this and started to look around a bit. but you are doing much better and looking forward to your clips. Has helped a lot to get ahead and also got answers to many questions.
Thank you 😊
Excellent, exactly what I was waiting for.
Great to hear! I hope you like it! :)
Hey buddy , thanks a lot for this exclellent tutorial. Your tshoot demonstrating the need for both fqdn's in the Traefik Ingress Route saved me a good deal of time to figure out why setup wasn't working. You're the best thanks a lot!!!👍😀
Glad it was helpful
Digging the new earthy background!
Awesome! Thank you, Christian, again for the great motivation :D Every time I watch your videos, I feel inspired to implement your techniques into my own homelab or at least start experimenting with them. By the way, I would be more than glad to hear your recommendations for securing access to exposed services through these tunnels. Cheers!
That's amazing. I have a network with the same setup, and I couldn't manage to get to work cloudfare tunnels + traefik. Thanks a lot for sharing!
You’re welcome :)
CF Tunnel is what I'm using to expose my Matrix and Mastodon servers endpoint so they can federate. Otherwise I still prefer accessing stuff via Tailscale (which BTW recently added Tailscale Funnel).
But Cloudflare is a different kind of beast if you want to combine Warp with Tunnel or Warp-to-Warp, but I digress 😃
I agree and just switched from CF tunnel to Tailscale/traefik. It's simpler, faster, and at least as secure.
@@gmsipe Im learning how to set up Tailscale with Traefik. Was it difficult for you?
I literally just worked out how to do this myself last weekend. Good to see if what I was doing is what everyone does with integrating Cloudflared and Traefik.
Nice! I knew I was doing it right :D
Again a great and very clear video Christian !
Christian, your Videos get better and better. This is such a good explanation of this complex, I can only say Wow. Well done. 👍
Thank you so much 😊
As always, you are on top 👍
Thanks! 😃
Thank you for this and all of your videos. Fantastic.
Thank you for this feedback! :)
Great video. Would love to see a video on setting up the various authentication methods and creating better policies for self hosted apps (including allowing API access to them). Thanks heaps
Have to say, that was probably the best video I've watched on CF tunnels, very nicely explained 😁
Thank you so much, what a nice statement! :)
How to get Android apps working on the smartphone? Like Nexcloud or Synology apps. Because of the login screen for 1-time password or verification...
Awesome video Christian!
Thx!
That's a great video I am soo excited for more videos about it about rdp with Cloudflare or access
please continue your good work
Could you do a video about authentification with Cloudflare access and a self-hosted IAM like Authelia or Keycloak (if possible with a user-friendly UI😅) or nether an existing active directory server
This ^^
Just done this before watching this video last week. I don't mind exposing my ip address, people can already guess and I had to move ssh port higher. Because it was constantly abused. It still is, but with much lower rate. But advantage is that it somewhat helps with other stuff: you don't need nginx reverse proxy, you don't need to renew let's encrypt certificates for each service every three months, you don't need to setup port forwarding on docsys modem/router and open port 443 whenever it needs factory reset.
I just haven't tried this for ssh and to have dynamic dns (script that checks local ip every 30 minutes and renews dns when it changes - which can be likely done via cloudflare api) and to for blocking access based on country.
Great video! Can you do an in-depth video covering those settings in the cloudflare zero trust for exposing web application? How to allow mobile app api access while locking down web access.
It would be nice to see a video about the authentication, Because, For example, if I setup the nextcloud using the tunnel, and I enabled the one time pin authentication, then, I am not sure if the nextcloud mobile application would still connect to this nextcloud instance, as the end point would be protected by one time pin, probably the mobile app would fail to connect. Thanks for your comments.
I was able to setup SSH access, and it works like a charm.
i have been using this method for about 6 months now
It would be interesteing to see how works with RPD, or CIFS/SMB works
Superb, many thanks 🎉
What are you using to draw the details out?
That's Excalidraw, specifically used inside Obsidian.
Obsidian is a markdown editor and knowledge management app with lots of extensions, one of them is Excalidraw. Excalidraw also exists as a standalone web app.
@cristian Thanks for the amazing guides
I whould love to see you setup and configure authentik with truenas scale seems there are not guides on this subject and will be very populat as a replacement for authellia that is complex to setup and manage
Great video! (As always) 🎉
🙏 thanks
what if the self hosted setup includes both Træfik and Authelia? Is there something different to be done there? I can reach a simple Nginx container in the same network, but when I try to reach containers behind Træfik and Authelia, I cannot seem to reach them. Thanks for the great videos!
Haven't tried it with Authelia, yet.
@@christianlempa This would be great to know how to do
I would love to see a video about Teleport!
Coming soon :)
Hi great video, where can i find your video about local and external ssl and dns configuration? i like a lot that😀
Hello, thanks for this amazing video. One question: what is the app you use to diagram on 3:13m ?
You're welcome! That was excalidraw
This looks so convenient and easier to setup compared to the traditional port forwarding method ! I'll definitely look into CF tunnels.
Nice! :D Hope it works great for you
Is it possible to combine this with authelia? When ive been trying traefik isnt pushing through authelia?
I have à question you know if this tunnel or other we can connect with same ip but différent port. Ex: yacht app like portainer, because need always change the tunnel ip:port for access 😢.
Ty
Christian, can you make some recommendations regarding how to employ "authentication providers and other security measures" due to TLS terminating at CF? What specifically have you done to mitigate this risk? Thanks!
Great video! Thanks! 😃
Thx :)
Interessanter Ansatz! Wieder ein Pluspunkt für Traefik. Würde aber sehr gerne beim NPM bleiben, da ich nicht alles in Docker-Containern habe mir der händische Weg mit GUI irgendwie besser gefällt. Bin nun dazu übergegangen eine separate Domain für Cloudflare Tunnel zu nehmen und eine andere, die weiterhin klassisch mit DynDNS läuft, für den Fall, dass Cloudflare mal nicht als Option in Frage kommt.
Nur wie mache ich das mit Nextcloud AIO o.Ä. wo die Domain hardgecoded festgelegt ist? Da funktioniert der OR-Operator || vermutlich nicht? Bin hier noch etwas überfragt. Besonders Nextcloud möchte man ja auch lokal mit Daten bespielen, ohne gleich alles durchs Internet schieben zu müssen.
Thanks a lot. It worked like a charm with TrueNAS Scale as well (TrueCharts).
Thank you 🙏
@@christianlempa Question: I've successfully installed the TailScale on my TrueNAS Scale and I can ping it using the IP TailScale is assigning to it. But when I add that same IP as an alias to network interface and then set that IP as the Kubernetes' Node IP, I cannot access my apps through VPN. I'm trying to make it so whenever I'm connected to the VPN, I can use my TrueNAS Scales apps. Do you know how I can make this work?
Hi can you make a video for using cloudflare to have access to our SMB server, FTP and SSH from internet? 😢
What's that application that has docker and kube environment at 0:14, TIA
Portainer
Hi Christian, thanks for your good work on this nice topic! I use cloudflared on a separate ubuntu server in my dmz as connector. The publishing services are running on other servers (and dockers) in separate vlans. I only allow the configured ports, protocols and target-server in my firewall, so that other communication from tdmz to other internal networks isn´t allowed. One advantage over teleport is, that I do not need a cloud-server. Another point is, that cloudflare offers a kind of application firewall on top to the 2fa login, so access to my applications is further narrowed down. The other side is, that in this case we have to trust in cloudflare. I also like it to self host applications and solutions, so I would be happy if you make another video about teleport, how to install, configure and use it. Thanks a lot 🙂
Hey Christian, thank you for your dedication to each video and for your great selection of new topics as well as a very intuitive explanation process. Me personally, I'm under a CGNAT on a local ISP and I'm in need to use cloudflare tunnels and its great to see that you can still use traefik for load balancing, that was a great thing you showed me with this video. I'm curious since traefik can run in the internal network, couldn't authelia be deployed with traefik inside the internal network to provide an extra 2FA layer of security? I'm also excited to learn teleport if that's a more convenient way of exposing my services than cloudflare tunnels.
Please closer look at the cloudflare authentication settings
What is the app thet you used to draw in 3:00
Thanks for your great tutorial, if I have any questions where is the best place to ask?
thank you :) join our discord if you need help
@@christianlempa thanks I do 👍
Hello Christian what are you using for your data / network diagrams in this video?
excalidraw
i would look to have a look at the settings
Hello! Great video! Can such a solution be done without a third-party service such as cloudflare? Purpose: hosting services on the open Internet without port forwarding on the router.
Yeah! This will be my next step!
Nice! Let us know how it goes :)
@@christianlempa Update. I've bought a domain on Cloudflare. Connected it to my dedicated IP. And with configuring the firewall on the Mikrotik router I passed the traffic to my Kubernetes cluster on the Orange Pi5 boards. I'm a developer and just started to learn self-hosted Kubernetes.
Danke schön for your videos! They really help me a lot!
Thank you for sharing this with us.. Quick question.. Can I use it in selfhosted mail server ?
You're welcome! Maybe with using a TCP public host? I haven't tested it though.
@@christianlempa I tried with hestiacp but no luck there.. May be I have to troubleshoot something. (Hestiacp because it has builtin webmail function and it can run with smtp relay easly)
Would love to know what software you are using to do the drawing at the begining of the video (around 3 min)
Me 2 would love to know the software please
That's Excalidraw, specifically used inside Obsidian.
Obsidian is a markdown editor and knowledge management app with lots of extensions, one of them is Excalidraw. Excalidraw also exists as a standalone web app.
@@abuseifamina That's Excalidraw, specifically used inside Obsidian.
Obsidian is a markdown editor and knowledge management app with lots of extensions, one of them is Excalidraw. Excalidraw also exists as a standalone web app.
I used it as a VPN. For some sites that only serve certain country or regions, use Cloudflare to avoid being denied access.
hi there, thank you for the videos!!! Where can I find the dashboard you are using?
I think I used github.com/bastienwirtz/homer at that time; however, I just migrated to another dashboard gethomepage.dev/
I'd like more information on the "frontend" and "backend" networks. Seems some crucial information is missing..?
It's not that spectacular, they're basically two separate custom docker networks that i'm using :D
Hey Christian, just wanted to point out that your zsh history prefiller may have leaked a production token. I'm sure you probably noticed and it's all good, but just wanted to let you know
Hey Christian,
Thank you for the valuable insights you share on your TH-cam channel.
I have a question: Is it possible to forgo Traefik's SSL termination mechanism and instead utilize Cloudflare's HTTPS termination service to manage our certificates?
I'm curious about the advantages of integrating Traefik's DNS challenge with Cloudflare, especially when we have the option to enable Cloudflare's free SSL/TLS.
Thanks.
Any advice on allowing access to Postgres via Cloudflare tunnel??
I need too
Great video. Finding tunnels great for home use. I would like to enable more security, but can you think of a way to do this that still allows mobile apps (nextcloud) to access the tunnel? Would like to see a video about this.
PERFECT!!! PERFECT!!! PERFECT!!! THANK YOU!!!
Thank you :)
Great video - thank you. Have you been able to use a Cloudflare Tunnel to access Apache Guacamole?
Cloudflare tunnels are so good. Even have a ssh tunnel with two factor. No need to expose ports.
how I can view or monitor for example IP of the machine that connects and use my tunnel expose website? I dont see a monitor for activity on cloudfare dashboard
Hi Christian. Lovely content as usual, great work! What keyboard are you using?
Thanks! :) Keychron K3
What’s the software you use while creating diagrams document in real time ? Thanks !
I'd love to know this as well!
What software is that at the beginning? 😅
You mean the homelab dashboard? th-cam.com/video/9iTPm45EmxM/w-d-xo.html
Which local dns server do you use ? Please suggest some with gui
Do you know how to get portainer itself running behind traefik? I have my cloudflare tunnel and traefik connected but Portainer is the only one not working.
I will have to update my templates at some point to add the portainer configs for traefik, but that probably will need to wait until early next year. Check out the github.com/ChristianLempa/boilerplates for updates!
Great Videos! I have created a tunnel in the past for Plex, but recently when attempting to do so, I noticed that the localhost now ends with /web. Normally its localhost:port, but now localhost:port/web to access plex locally. Do you know how we can now tunnel with the /web, or even other's that have /ui?
Thanks for this. Fantastic material.
Your linked video on docker networks was great also.
However! 😂. It never explains your use and configuration of the backend and frontend networks. Where is that covered?
Thank you for all your videos! I did have one question, perhaps you discussed this in another video but I missed it - can you explain your rationale and usecase for your "frontend" and "backend" networks?
Have you figured out how to do that ? I have the same question, how to create the network service backend or fronted.
I have created one in portainer but it does not work.
Hey Christian, I tried setting up a public hostname to my local proxmox management IP, I get the cloudflare bad gateway error (host) and does it matter that the ''Origin Configurations" on the public hostnames page shows 0? Come a long way watchin your videos!
Some more info, I've installed the cloudflare tunnel on a promox Ubuntu server VM using the copy paste docker command.
@@joshuatheoder2196 same here, I get a 502 error as well but the local link works fine
Can I use this with a FTP client ? Like Transmit ?
nice tutorial. thanks
Glad you liked it!
hi @Christian Lempa, Thank you, I have a question, how do you install traefik plugin from Github? I also try to install it, but it's fail with invalid download
If I'm not mistaken here. So we don't need manually add new ingress on cloudflared tunnel dashboard ? Just label all container??
For someone just starting down this home lab rabbit hole would you recommend going this route for exposing services to the Internet for personal and public use or would you recommend a reverse proxy?
I wonder how to migrate to truenas scale EE and docker...
youre such a amazing guy
Thx xD
How do I connect the new tunnels with nginx proxy manager?
So, I have created the tunnel and it says it is working. I added nginx container and public hostname as you suggested. I head to that URL and it says: bad gateway at host.
Good video, many hints on what to follow - but you missed the disclaimer that CF is able to access all the traffic due to man in the middle, might be okay for pictures wouldn't want to put my nextcloud there...
Thanks mate, I left this part out because it didn’t felt well placed in here. I might do other videos on this part and alternative solutions though.
videos good . hey man i have questions how to i look domain user data usage and how to limited data ? ....... please help
Word of warning:
Streaming video or serving disproportionate amount of images is prohibited by CloudFlare. Watching your camera feeds will get your account terminated.
It is actually somewhere in their Tunnels agreement.
Thanks for sharing!
@@christianlempa No problem. I figured it from a youtube video about Blueiris and how some people lost their accounts over that.
I was about to put my Blueiris there, but now I rather just go with a VPN I already have (Nord has an internal feature they call Meshnet)
This might be a silly question. Can I use a domain that I own which points to a Wordpress website for example with this solution?
Sure you can do that
Great video! I would've really liked to see the deal with those private networks you can setup in Zero Trust. Not sure if the WARP client thing is the same as a simple custom WireGuard container/VM.
Muss man die DNS Server von cloudflare verwenden oder kann man manuelle DNS Einträge verwenden? Ich stelle mir vor, dass das ganze über cloudflare ihre DNS Server laufen muss......
Theoretisch könntest du auch eigene DNS Server verwenden, aber das würde wenig Sinn ergeben. Was du machen könntest ist eine eigene DNS Zone erstellen und diese dann an cloudflare delegieren.
Hi Christian, ich steh gerade vor der Frage wie es im Okt weiter geht mit Docker Umstellung bei TrueNas Scale. Habe gerade neu installiert und scheue nun wieder alles mit TrueCharts zu machen, da iX garantieren will die eigenen Apps zu Docker zu migrieren samt Einstellungen. Hast du da schon ein Plan?