„Inspired“ from https://lemmy.world/post/287146 and many related questions (also on reddit before).

Why don‘t people like opening Port 443 on their Homerouter? An open Port itself is not a vulnerability because nothing is listening on it, therefore there cannot be any connection established. When forwarding Port 443 From Router to e.g. The Homeservers LoadBalancer / Proxy, this Proxy is the final resolver anyways.

So why doing the more complex and more error prone Route via the VPS / Tailscale / CloudFlare?

I did that some years ago too, but just because i did not have an static IPv4 at home. But speeds were awful and i switched to Routerport + DynDNS and now everything is super performant.

  • stulli
    link
    fedilink
    English
    21 year ago

    I don’t like opening ports on my home router, because of the destination services behind the port forwarding. As long as those are secure there are no problems. But if a service has a vulnerability, someone could takeover my home network and creep around. That’s scary.

    When people use Cloudflare Tunnels to publish their stuff, they usually still have that problem. The idea is that Cloudflare is intrinsically safe and would block all attacks. I don’t necessarily agree with that. But I assume it’s safer than having no security layer between at all.

    • mirisbowringOP
      link
      fedilink
      English
      21 year ago

      But whats the difference between having the reverse proxy on a VPS pointing to you homelab via a VPN or having this Reverse Proxy directly attached to a port? Just from „takeover perspektive“ there should be no no difference

      • stulli
        link
        fedilink
        English
        21 year ago

        Yes, I agree. Security wise I also don’t see a benefit in hosting the reverse proxy externally. I believe a dynamic DNS provider with a low TTL for the DNS records should work as good or perhaps even better. Not better security wise, but simpler setup, more reliable.