3 comments

[ 3.6 ms ] story [ 18.5 ms ] thread
(comment deleted)
> The classic approach [Internet -> Router -> Server] is a recipe for disaster

I never really get that. If my router gets updates and the only thing I do to it is forward one port to the server, I don't really see how wrong it can go?

The Cloudflare tunnel doesn't change the fact that there is a server exposed to the Internet. And adding a reverse proxy in front of the server does not necessarily make it more secure, does it?

I mean, if I cannot update my router and open a single port properly, should I trust myself to setup a reverse proxy?

I also expose some of my homelab through the cloudflare tunnel.

Every IP, except a choice few, are banned before any request reaches my router.

I don't need to worry about filtering using my limited bandwidth and resources, cloudflare firewall does it for me.