Best Reverse Proxy for Cloudflare
from selfhostingperson@sh.itjust.works to selfhosted@lemmy.world on 27 Feb 14:42
https://sh.itjust.works/post/33517108

I’ve used nginx proxy manager as a reverse proxy for a while now and want to switch because some set ups don’t work well with it. Tried nginx as a reverse proxy but seems kinda complicated and I just don’t really like it… I’ve heard good things about Caddy and how it automatically does the certs for you but heard it doesn’t mesh well with Cloudflare proxy or something along those lines. Caddy is definitely a contender.

What’s a good reverse proxy for a set up using Cloudflare?

Also, a bit off-topic, but is Cloudflare’s proxy really needed? I heard it’s insecure to self host sites without Cloudflare because you’re exposing your ip address and leaving yourself vulnerable but is it really bad to self host without Cloudflare?

#selfhosted

threaded - newest

MangoPenguin@lemmy.blahaj.zone on 27 Feb 14:59 next collapse

If you exclusively use cloudflare tunnels you don’t need a proxy on your end unless you want to do split-horizon DNS for local access.

But otherwise, nginx, caddy, traefik, npm, etc… all work fine with Cloudflare. Personally I’m using Traefik and Caddy on my setups right now.

Also, a bit off-topic, but is Cloudflare’s proxy really needed? I heard it’s insecure to self host sites without Cloudflare because you’re exposing your ip address and leaving yourself vulnerable but is it really bad to self host without Cloudflare?

Up to you, cloudflare is a recent thing and hosting was done without it just fine before it came along. Personally I don’t use cloudflares proxy very much, I just use it mostly for DNS management.

Xanza@lemm.ee on 27 Feb 16:38 next collapse

Caddy. Hands down. No question.

Everything else works fine. Caddy works fine as well, but it’s also super easy.

I heard it’s insecure to self host sites without Cloudflare because you’re exposing your ip address and leaving yourself vulnerable

There’s a lot more to it, and this is only a small part of it, but yes. This is technically true.

but is it really bad to self host without Cloudflare?

Cloudflare is nice to have, but it honestly sucks. I run a private dns stub resolver with my own blocklists (because I don’t trust anyone else to do it) and I have Google DNS, Cloudflare DNS, and a few other DoH resolvers as the upstream source. My stub resolver is set to send requests to all the upstreams at once, and to take the results of the one that responds first. Tracking through prometheus shows that Cloudflare has not once (!) had its results chosen because its average RTT is 700ms. Everyone else is in the sub 100ms range.

Cloudflare was cool until it got popular.

yournamehere@lemm.ee on 27 Feb 19:18 next collapse

i stopped using those. too much hassle. just using tunnels now.

retro@infosec.pub on 27 Feb 19:56 next collapse

I’m interested to hear what doesn’t work with NPM

selfhostingperson@sh.itjust.works on 27 Feb 21:14 collapse

Well, one thing that doesn’t really work nicely with NPM is Snikket.

K3can@lemmy.radio on 27 Feb 19:58 collapse

What’s a good reverse proxy for a set up using Cloudflare?

Having a reverse proxy behind your reverse proxy is a little redundant, but should work fine. My preference after trying several was nginx. The config takes a little to get used to, but it has a ton of features.

is Cloudflare’s proxy really needed?

Not at all.

Cloudflare just makes configuration a bit easier, especially if you’re behind CGNAT. I wrote a little about them here: blog.k3can.us/index.php?post/2025/02/Cloudflare-f…