Hey everyone, just a quick question.
I’ve been selfhosting a number different web applications throughout the years. For most of them I would use Cloudflare Tunnels to expose them to the internet. I usually had one tunnel set up for my root domain and either a wildcard or multiple specific CNAME records pointing to the same tunnel. The tunnel would then terminate in a Docker container which shares a network with a Traefik instance, which then routes the traffic through a seperate network to the different application containers.
I was just wondering what your opinions on this are, considering this approach over a seperate tunnel for every application. This would eliminate the need for a shared network for Traefik, although I don’t consider this much of an issue.
Any opinion, input or recommendation is welcome! I’d love to hear about your setups, if you’re running something similar.
You must log in or register to comment.
I host my own tunnels on a vps, and i indeed use one tunnel for every app. There are only 3, so no big deal, but I wanted to make sure to expose only what I want to be exposed, as I have some more services running in my local network only.
I thought about something like that as well, but never tried it out (yet). Do you use WireGuard tunnels for that? Or something else?
Ideally I’d not expose most of the services to the public internet at all, since only me and some relatives need access to most of them. I have briefly looked into Tailscale or similar services for that, but again, haven’t tried that out yet, as that would (presumably) require changing quite a few things on both the server(s) and all of the clients…
After all, I’m just cosplaying as a sysadmin for the most part, so what do I know ;)
I’ve just started using cloudflare and self hosting, I have applications running in docker containers on separate ports, I setup a frontend with caddy on a separate board that only hosts caddy and reverse proxy to the apps and cloudflare in front of it all. Seems to work pretty well
I use cloudflare tunnel for each of my apps. Because it’s just so easy to setup in like 10 secinds. But there’s no need to have a different domain for each app. Subdomains of one main domain is fine.
I do use one domain with several subdomains (or simply a wildcard), that’s what I meant by the CNAME record(s). But I see that wasn’t completely clear from the post.
The setup time is not really a factor, more just the overhead of one tunnel and one Traefik instance vs multiple tunnels without Traefik. I might just do some basic “benchmarking” if you can call it that to see the CPU and (more realistically) memory impact.