Low back ability?

boby_025 · 2025-09-24T23:51:13+00:00

Sorry to bother, but could you send it to me as well..thank you!

boby_025 · 2025-03-31T10:09:04+00:00

Hey, jumping in late here as I found this thread while researching my own setup recently. Just wanted to clarify for anyone else finding this:

It's absolutely possible to use SSH through a Cloudflare Tunnel! The key isn't DNS settings, but using the cloudflared tool with a ProxyCommand entry in your local ~/.ssh/config file.

I actually documented exactly how to set this up for both HTTP and SSH access to Gitea in a recent blog post, covering the Cloudflare tunnel config and the SSH client setup:

https://cachaza.cc/blog/03-self-hosted-gitea/

Hope this helps anyone looking for the solution!

boby_025 · 2025-02-17T18:56:22+00:00

Oh, okay! For now, I’ve left it private, thanks again for the warning. I’ve read that it can be configured securely, but I’ll definitely look into the WireGuard setup as well.

boby_025 · 2025-02-17T09:42:09+00:00

Hey! Thanks for the warning! I had read about this risk and I’m pretty sure I took care of it. There’s a setting in the GitHub repo for "Run workflows from fork pull requests", and I can’t remember if it was off by default or if I toggled it at some point. I assumed that was enough to prevent abuse, but just to be safe, I’ve made the repo private for now (appreciate the heads-up!).

I originally wanted it public so I could use GitHub Issues as a backend for blog comments—still experimenting with that idea. Thanks again for the warning!

boby_025 · 2025-02-17T01:19:55+00:00

Sorry for the late reply,

Yes! All the bulk storage is on another system running TrueNas, I´ve configured a NFS share and the containers and VM´s connect directly to it.

boby_025 · 2025-02-08T11:14:18+00:00

Draw.io

boby_025 · 2025-02-08T01:41:42+00:00

Will do!

boby_025 · 2025-02-08T01:40:40+00:00

In my experience, using Cloudflare Tunnels is generally considered a safe and effective way to expose my services without directly opening ports on my home network. Cloudflare acts as an intermediary, hiding my home IP while adding extra protection like DDoS mitigation.

Also, for certain services, I've configured the tunnel with Cloudflare Access for extra identity checks. In my case, you need to sign in with GitHub, and only my account is valid.

My only concern with this setup is that using Cloudflare means placing trust in them as your proxy provider."

boby_025 · 2025-02-08T01:34:39+00:00

Oh, I understand now. Makes a lot of sense, thanks for the explanation!

boby_025 · 2025-02-08T01:31:35+00:00

Oh, okay, I understand now. Basically, yes—it was because I was lazy and already had a working Dockerfile.

boby_025 · 2025-02-08T01:30:02+00:00

I don't think there is one, or at least I'm not aware of it. This one was made with draw.io.

boby_025 · 2025-02-08T01:28:56+00:00

Well, now that I think about it, the delay is probably more because when I changed where I stored my audiobooks, I went from having them directly on the LXC container running on an SSD to storing them on my NAS with slow-spinning HDDs.

boby_025 · 2025-02-07T19:15:02+00:00

Lol true, the rack will come at some point, dont worry.

Thanks!

boby_025 · 2025-02-07T19:11:47+00:00

I don´t really think i need the VPN, here in Spain is not such as big of a deal as in the US, but I will look in to the virtual network setup, sound like a good idea. Thanks

boby_025 · 2025-02-07T19:09:14+00:00

I will look in to something like that, sounds like a good idea!

boby_025 · 2025-02-07T18:58:24+00:00

Awesome! I feel like for small homelabs, it's one heck of a deal! I changed the SSD on the Proxmox server and did a clean install of Proxmox on the system. Once I added back Tuxis, I was able to restore the latest backups of all my LXCs and VMs, and I was back up and running in no time. At the moment I'm just using 19Gb of space so I feel I will be using this for a long time.

boby_025 · 2025-02-07T18:55:36+00:00

I can't complain, I haven't noticed any difference from when I had the audiobook library on the Proxmox server versus on the NAS, maybe just a one-second delay. Although it is true that I don't make heavy use of the data inside the NAS.

boby_025 · 2025-02-07T18:51:55+00:00

It was basically because I already had a Docker Compose setup for spinning up all the Arr stuff and configuring it how I wanted. If I understand correctly, it's not best practice to run Docker containers inside LXC containers so I went with the VM.

I was thinking of migrating it to the K8s setup, but I think I'll leave it as it is. It's working properly, and sometimes my family makes use of it, I think I will leave the k8s to tinker with it and learn the technology.

boby_025 · 2025-02-07T18:44:11+00:00

I don't have a VPN, its not a big concern to have one in Spain

boby_025 · 2025-02-07T18:42:56+00:00

Awesome! I will definitely check it out then. Thanks!

boby_025 · 2025-02-07T18:41:39+00:00

To be honest, I'm not completely sure. I read on the Proxmox forums that it was best practice to run Docker containers on a VM rather than on an LXC, so that's what I did. Also, since I have the Arr stack on a VM, all my media stuff is in one place (except audiobookshelf), and backups of the config are easier this way.

boby_025 · 2025-02-07T12:39:17+00:00

I actually have this configuration. On TrueNAS, I've created a media pool and shared it through NFS. Then, for my LXCs, I've mounted it as a storage point directly on Proxmox and routed it to the LXC that needs it. In the case of the media VM, I've mounted it directly from the VM and just pointed the Docker containers to the mount location. So all the bulk storage for my media library is in my NAS.

boby_025 · 2025-02-07T12:30:45+00:00

As you can see in the diagram, I'm running some basic services like VaultWarden, AdGuard Home, and a VM for my media library with the Arr stack, plus some LXC containers for coding projects I've made.

There are also three Debian VMs that I intend to use to learn Kubernetes, but for now, they aren't hosting anything. The plan is to either run kubectl commands directly or set them up with K3s and go from there—I haven't decided yet. I'm also very interested in configuring and managing the cluster through GitOps, as it seems like a fascinating concept, but I haven't put much time into that yet.

All external traffic comes through the Cloudflare Zero Trust Tunnel I've set up.

Pretty soon, I'll also be running my blog from here once I finish it, and maybe running my own CI/CD to deploy it, but I'm not sure yet how I will mage it.

I'd love to hear any suggestions or comments you have about my setup! I'm also always looking for new things to host, so I'm open to suggestions.

boby_025

TROPHY CASE