Skip to content

privacy

Remote access options for self-hosted services

Running self-hosted services behind a router that allows port forwarding is mostly as simple as forwarding a few ports, mainly 443 for everything over HTTPS and port 80 for automatically renewing Let's Encrypt certificates.

Otherwise, being behind a router that either doens't allow port forwarding, or just doesn't work well, or being behind CGNAT, may require the use of some sort of tunnels to route inbound traffic using outbound connections. This can also be useful even in the above case, when multiple systems need to be reachable on port 80.

Cloudflare tunnels do not enable access on port 80.

Cloudflare redirects port 80 to 443, to upgrade HTTP connections to HTTPS. That means ACME HTTP-01 challenges to renew Let's Encrypt certificates need to be routed to the relevant port (80 or 32080) based on the request path; see Let's Encrypt via tunnel.

Adopting Firefox and Bitwarden as daily drivers

Google Chrome has been my daily driver for a really long time; so long, in fact, that all I remember was the initial frustration when it first came out without a release for the GNU/Linux platforms. I don't remember why, or even whether, I was so eager to jump ship, and at this point I can only guess that the old ship was the one I'm preparing to jump back to: Firefox.

It seems on-line life has gotten a wee bit more comp-lic-ated that it was back in 2008, when smartphone apps were a new thing, YouTube had only 720p video, and Spotify was brand new...