I have to say that was a great demo and break down of what cloudflare has to offer. I'm still a little old school and love the security features they have to offer, even for free. Great video, thanks!
We move to our home servers to manage our own data and reduce our costs. Yes a domain name isn't expensive but the full functionality of cloudflare can be expensive. Isn't there a way to secure our server without the added expense? Surely there is a way to enable ssl on our server without added expense?
There's LITERALLY no expense to this. Did you watch the video and/or read the title? I've NEVER paid for CloudFlare and I've been using them for about 8 years.
DB Tech Yes I understand it says free. But not really because a domain name isn't free. But domain names are under 10 bucks. But I shall give it a go as per your video. Good informative videos. I moved to my own server for this purpose. Thanks.
As an update I followed your video along with your reverse proxy video and so far all good. My question is how can I now get the nginx we server working with this as I am getting an internal error when trying to activate nginx in reverse proxy manager. Thanks.
Good primer on Cloud Flare. I think you mentioned in a reply to another comment, but I'm very interested in seeing how to update my Cloud Flare proxied IP address automagicly. I know you can do it through Duck DDNS, No-ip, etc but if you have a purchased domain that seems like an unnecessary step.
It looks like for proxies the IP, we need to enable Universal SSL. If this is enable I'm having issue with let's encrypt. It is using cloudflare SSL certificates.
You'll want to set CloudFlare's SSL settings to FULL. That will use CloudFlare SSLs on the internet/client side of things, but the NGINX SSLs will encrypt the data between your server/home to CloudFlare.
Awesome content. Question.....Have you encountered the issue that when a dns entry has proxied enabled you cannot access the site via local network, but can from outside. If set to DNS only, it works locally. For the life of me I cannot figure that part out. outside of that everything works great.
I've never experienced this. Some applications will only allow for accessing either via remote or local. NextCloud has the option, however, that allows you to have a local address AND a remote address so you can access it either way
@@DBTechYT I'm more curious as to why proxied would create this weird bug. it happens with all my apps and sites. DNS only allows local access, proxied does not... Wondering if it might be caching issue. Well, I will keep looking into this. I will update this thread and share for you and everyone my findings in case anyone else runs into this weird issue. For now proxied on ...use my local ip for internal access of apps. Thank you
Hey David just wondering if you could help. I am wanting to setup access to pi-hole via nginx reverse proxy and cloudflare. I am having issues with this as pi-hole needs /admin added to the url. Do you have any ideas??
Because when I first started using 1.1.1.1, I had a lot of issues on my network. I know it's gotten better, but I guess I'm more a creature of habit :)
you talk a lot of "home server" protected by this, but vast majority of the people out here have a normal isp connection with dynamic ip address, not static, so this is pretty much "useless" in real life "home server" setups... or am i missing something? It's more suitable for normal sites, not for example for a real HOME HOSTED home assistant or the likes... And, the fact that you can put in firewall rules to deny access to the hostname protected by cloudflare, does nothing to your REAL public ip address, which can be just accessed the same as before, knowing it or just going random... so this adds some sort of "false" security: it's secure as soon as you arrive to your home server passing THROUGH cloudflare servers, but your REAL server is anyway exposed to the internet exactly as before... great video, but needs some clarifications :) thanks!
There's no "false" sense of security here. "Bad guys" can't bypass CloudFlare's proxying unless they actually know your home's IP address. So the point is to set this up BEFORE you go around sharing links to your server so that they can't access your IP. That's the point of proxying. If you set it up correctly, people WON'T be able to find your home's IP address. As long as you treat your IP address like your social security number and don't share it, you should be fine. As far as dynamic IP addresses, I'm going to make a video showing how to deploy a CloudFlareDDNS container that will update your CloudFlare account any time your ISP changes your home's IP address.
I'd like to weigh in here. I believe @squalazzo is talking about the fact that many ISPs don't give their customers public IPv4 addresses anymore. Well at least thats the situation here in Germany, I don't know how it is in other european countries or the U.S.. You have to specifically ask for a public IPv4 address or otherwise you'll get a so called DS-Lite connection. Its a bit complicated to explain but in a nutshell you only get a "public" IPv6 address and an IPv4 address that you share with potentially hundreds of other customers. Every incoming and outgoing traffic is managed by the ISPs internal proxy/reverse proxy server however you wanna call it. An example: You want to send a request to a webpage. Your outgoing data is packaged in IPv6. Since most of the internet is still using IPv4 your request must be converted to IPv4. That is happening at the ISP's servers. Same thing happens with incoming traffic. And here is the big downside of DS-Lite. As I said the IPv4 address you have is shared with lots of other users and it is basically just the internal ISP server that routes all the traffic to each user via the IPv6 addresses that they have. And that is the problem because you cannot be reached directly through that IPv4 address you only have the unique IPv6 address. Sorry, I'm not that great at explaining stuff, but I think you two meant different things and I wanted to clarify that. :-D TLDR: it's hard to get a real public IPv4 address and most of the home server / self-hosted stuff requires such an IPv4 address to make it accessible from the outside. By the way great video David!
@ParaLux89 I was unaware that was going on with ISPs. I have no experience with ISPs outside the USA. With my provider, an IP is assigned to the modem that I rent from them, so I've basically got a static IP. I've had services that changed my IP every 14 or 30 days, but I've never had a shared IP when paying for internet. I'm not sure there will be a solution for the issue you're talking about until it becomes more of a problem here in the USA based on how things seem to go. I could be wrong and I'm completely open to being corrected if there is already a solution to this, but I wasn't even aware that it was an issue.
@@DBTechYT well it is here in Germany, and I assume squalazzo has the same problem at his location. Assuming of course that this IS his problem. :) But yeah it is a thing sadly. It seems ISPs are running out of IPv4 addresses (no joke). There are ways to circumvent the problems that come with DS-Lite but I don't know much about it.
I have to say that was a great demo and break down of what cloudflare has to offer.
I'm still a little old school and love the security features they have to offer, even for free.
Great video, thanks!
Glad it was helpful!
great video, no fluff, straight to the point for someone time poor like me, subscribed!
I was also hoping for this video. Thanks. 👍
Hope you enjoyed it! I've got another video coming about how to automatically update CloudFlare if your ISP changes your IP address.
Many thanks for talking about this topic!!
is there any similar dns provider like cloudflare? But should be proxied support.
Whenever I change it to proxied, it breaks the connection. Can't find my IP. Any suggestions?
Thanks for all your vids
We move to our home servers to manage our own data and reduce our costs. Yes a domain name isn't expensive but the full functionality of cloudflare can be expensive. Isn't there a way to secure our server without the added expense? Surely there is a way to enable ssl on our server without added expense?
There's LITERALLY no expense to this. Did you watch the video and/or read the title? I've NEVER paid for CloudFlare and I've been using them for about 8 years.
DB Tech Yes I understand it says free. But not really because a domain name isn't free. But domain names are under 10 bucks. But I shall give it a go as per your video. Good informative videos. I moved to my own server for this purpose. Thanks.
As an update I followed your video along with your reverse proxy video and so far all good. My question is how can I now get the nginx we server working with this as I am getting an internal error when trying to activate nginx in reverse proxy manager. Thanks.
Great video, thanks.
Glad you liked it!
Like the video, help me a lot, thanks.
Thanks.
Good primer on Cloud Flare. I think you mentioned in a reply to another comment, but I'm very interested in seeing how to update my Cloud Flare proxied IP address automagicly. I know you can do it through Duck DDNS, No-ip, etc but if you have a purchased domain that seems like an unnecessary step.
It's my next video :)
@@DBTechYT can you please link me to it?
Great video. Updating the isp change on cloud flare can you make a video on that maybe some type of script to update. Thanks
Yes, soon
@@DBTechYT thanks
Great video, how would this work when I dont have a static.
ruclips.net/video/Nf7m3h11y-s/видео.html
It looks like for proxies the IP, we need to enable Universal SSL. If this is enable I'm having issue with let's encrypt. It is using cloudflare SSL certificates.
You'll want to set CloudFlare's SSL settings to FULL. That will use CloudFlare SSLs on the internet/client side of things, but the NGINX SSLs will encrypt the data between your server/home to CloudFlare.
i enabled cloudflare to my domain and for some reason ssh quit working, even when i use the actual ip. Any idea what might of happened and how to fix?
You'll have to keep the servers actual IP secret and put that in where you are ( by the sound of it ) putting to proxied domain in putty.
Awesome content. Question.....Have you encountered the issue that when a dns entry has proxied enabled you cannot access the site via local network, but can from outside. If set to DNS only, it works locally. For the life of me I cannot figure that part out. outside of that everything works great.
I've never experienced this. Some applications will only allow for accessing either via remote or local. NextCloud has the option, however, that allows you to have a local address AND a remote address so you can access it either way
@@DBTechYT I'm more curious as to why proxied would create this weird bug. it happens with all my apps and sites. DNS only allows local access, proxied does not... Wondering if it might be caching issue. Well, I will keep looking into this. I will update this thread and share for you and everyone my findings in case anyone else runs into this weird issue. For now proxied on ...use my local ip for internal access of apps. Thank you
Hey David just wondering if you could help. I am wanting to setup access to pi-hole via nginx reverse proxy and cloudflare. I am having issues with this as pi-hole needs /admin added to the url. Do you have any ideas??
Why do you want to remotely access pi-hole? It's a really bad idea to give access to port 53 on your network.
How can you add NextCloud and its associated Docker containers to Traefik and put that behind proxied CloudFlare?
I made a video about it i think. I've since switched to NGINX Proxy Manager
@@DBTechYT Why did you switch?
NGINX is easier to use
I assume all firewall rules, DDoS, etc apply only to proxied IPs. Correct?
I don't think so. I think proxy only affects hiding your IP.
Why didn't you put TLS minimum version as 1.2?
Because CloudFlare knows what they're doing
With don't you chosse cloudflare DNS like 1.1.1.1 or 1.1.1.2 on your Windows network setup instead of Google ?
Because when I first started using 1.1.1.1, I had a lot of issues on my network. I know it's gotten better, but I guess I'm more a creature of habit :)
I think he has pihole as his dns server too for adblocking (served automatically from his router setup). I know I do :P
How to renew the free period of 90 days has expired please reply
CloudFlare should renew them automatically. If not, you may have to turn off proxied mode to get them to renew and then can turn proxy mode back on.
Hello.How to Make an Animated RUclips profile logo?
It's just an animated .gif
Any free domain you recommend?
No. Quit trying to be cheap. Go buy a domain like the rest of the world for about $10/year.
@@DBTechYThow about one time purchase?
you talk a lot of "home server" protected by this, but vast majority of the people out here have a normal isp connection with dynamic ip address, not static, so this is pretty much "useless" in real life "home server" setups... or am i missing something? It's more suitable for normal sites, not for example for a real HOME HOSTED home assistant or the likes...
And, the fact that you can put in firewall rules to deny access to the hostname protected by cloudflare, does nothing to your REAL public ip address, which can be just accessed the same as before, knowing it or just going random... so this adds some sort of "false" security: it's secure as soon as you arrive to your home server passing THROUGH cloudflare servers, but your REAL server is anyway exposed to the internet exactly as before...
great video, but needs some clarifications :) thanks!
There's no "false" sense of security here. "Bad guys" can't bypass CloudFlare's proxying unless they actually know your home's IP address. So the point is to set this up BEFORE you go around sharing links to your server so that they can't access your IP. That's the point of proxying. If you set it up correctly, people WON'T be able to find your home's IP address. As long as you treat your IP address like your social security number and don't share it, you should be fine. As far as dynamic IP addresses, I'm going to make a video showing how to deploy a CloudFlareDDNS container that will update your CloudFlare account any time your ISP changes your home's IP address.
@@DBTechYT thanks, wait for that then! Great!
I'd like to weigh in here. I believe @squalazzo is talking about the fact that many ISPs don't give their customers public IPv4 addresses anymore. Well at least thats the situation here in Germany, I don't know how it is in other european countries or the U.S.. You have to specifically ask for a public IPv4 address or otherwise you'll get a so called DS-Lite connection. Its a bit complicated to explain but in a nutshell you only get a "public" IPv6 address and an IPv4 address that you share with potentially hundreds of other customers. Every incoming and outgoing traffic is managed by the ISPs internal proxy/reverse proxy server however you wanna call it. An example: You want to send a request to a webpage. Your outgoing data is packaged in IPv6. Since most of the internet is still using IPv4 your request must be converted to IPv4. That is happening at the ISP's servers. Same thing happens with incoming traffic. And here is the big downside of DS-Lite. As I said the IPv4 address you have is shared with lots of other users and it is basically just the internal ISP server that routes all the traffic to each user via the IPv6 addresses that they have. And that is the problem because you cannot be reached directly through that IPv4 address you only have the unique IPv6 address.
Sorry, I'm not that great at explaining stuff, but I think you two meant different things and I wanted to clarify that. :-D
TLDR: it's hard to get a real public IPv4 address and most of the home server / self-hosted stuff requires such an IPv4 address to make it accessible from the outside.
By the way great video David!
@ParaLux89 I was unaware that was going on with ISPs. I have no experience with ISPs outside the USA. With my provider, an IP is assigned to the modem that I rent from them, so I've basically got a static IP. I've had services that changed my IP every 14 or 30 days, but I've never had a shared IP when paying for internet. I'm not sure there will be a solution for the issue you're talking about until it becomes more of a problem here in the USA based on how things seem to go. I could be wrong and I'm completely open to being corrected if there is already a solution to this, but I wasn't even aware that it was an issue.
@@DBTechYT well it is here in Germany, and I assume squalazzo has the same problem at his location. Assuming of course that this IS his problem. :) But yeah it is a thing sadly. It seems ISPs are running out of IPv4 addresses (no joke). There are ways to circumvent the problems that come with DS-Lite but I don't know much about it.