cross-posted from: https://feddit.de/post/10554932
I am looking something to connect to my server from outside my local network.
I am on a shared IP and my ISP doesn’t have port forwarding.
Cloudflared tunnel.
Rent a cheap vps and do something like I did with ssh tunneling, or wireguard VPN, between home and the vps:
https://wiki.gardiol.org/doku.php?id=router:ssh_tunnel
(Sorry I keep posting links to my wiki but the whole point was writing once)
If you’re the only one connecting to the server, I would recommend something like Tailscale. Everything will be encrypted and you won’t need to forward any ports to the public internet.
If other people need to access it, an option might be https://hoppy.network. I haven’t tried it myself, but it looks like it would be pretty slick if it works well.
Wouldn’t Tailscale funnel achieve what they want? https://tailscale.com/kb/1223/funnel
I think it depends on what kind of services they are using as I think Funnel is designed for HTTPS traffic, no UDP or custom ports.
Ah yes. Good point. I haven’t used it myself yet as I’ve not had reason too. Just on my list of Tailscale things to try out
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters HTTP Hypertext Transfer Protocol, the Web HTTPS HTTP over SSL NAT Network Address Translation SSL Secure Sockets Layer, for transparent encryption UDP User Datagram Protocol, for real-time communications VPN Virtual Private Network nginx Popular HTTP server
[Thread #646 for this sub, first seen 31st Mar 2024, 17:45] [FAQ] [Full list] [Contact] [Source code]
I can recommend rathole ( https://github.com/rapiz1/rathole ).
All it does is port forwarding. Easy to configure, easy to reason about, easy to dockerise.
If you need reverse proxying, you have to set that up either on the public server, or on local infra (chances are, you already have reverse proxy locally so rathole just needs to forward 80/443).If its only for personal access (ie, you dont want services actually accessible by the internet) i can recommend tailscale for that. Its an auto-configuring wireguard VPN whose main selling point is NAT traversal. Very easy to set up, and very reliable.
Why rathole and not ssh tunneling? The latter exposes only one port (that you are already exposing anyway) while the former requires an additional port.
What is the actual benefit of rathole? I an asking genuinely.
Hmm, fair.
I liked it cause i could dockerise it next to nginx and do SNI forwarding.
It had obvious and declarative config, which helped me get a redundant tunnel set up. Its great at auto-reconnecting.
I have never used ssh tunnels. Maybe its just as easy as using rathole. Learning ssh tunnels might have been a better path for me.
But rathole clicked, has been rock solid with 0 tinkering or tweaking, the config files make sense, its easy to in a docker container…So, i cant really answer your question.
Fair, setting up ssh tunnels with autoreconnect and such is indeed more complex.
I think 1 big advantage is that rathole can work over a websocket connection.
So, if obfiscating, having to go via HTTP proxies, or whatever… rathole will still work.This is a great reason, I didn’t know, but its interesting.
I’m personally a big fan of bore. It’s easy to setup/use and there’s a free public instance operated by the developer.