I wonder if there are any good, community supported alternatives to cloudflare tunnels. Lots of people want to self-host stuff, but maybe they don't want to expose their home IP address to the world, and spinning up and configuring a vps is both perhaps too expensive and overkill if you just need to tunnel.
It would be cool if there was a co-op or something that could offer a service like that for a price point somewhere around $10/yr.
An added bonus would be NOT terminating SSL at endpoint
fuchsiaaaaaaaaaaaaaaaaa
@rgegriff I started on https://git.pixie.town/f0x/waasig/ (Wireguard as a Service, i guess) a while ago but didn't get too far, to facilitate the hosting part of a setup like this, through an easy GUI for (user-level) management.
Not doing SSL termination makes multi-tenant setups a bit more limited especially over ipv4, but using SNI could maybe provide this I think?
@rgegriff yeah SNI really seems interesting for this, in my first toot I was about to type that this is impossible without ssl termination, and then I vaguelly recalled SNI existing from some corner of my brain haha. Seems it's even supported by nginx nowadays
@f0x Yep. The real trick would be to see if it has broad support at the application layer. I want to target email and ssh (and maybe rdp?) AT LEAST.
Balancing that against doing as little processing at the endpoint as possible would be beneficial, since then the main limiting resource would be bandwidth. You could potentially have a small handful of VMs out there routing traffic for a TON of low-traffic personal services running on old machines and pis and whatever at people's homes.
@f0x People would need domains, which raises the barrier for users a bit; though I guess I could give out friendly-ish subdomains and they could CNAME/ALIAS them to friendlier things if they wanted to go that extra mile.
@f0x I think that's where there is work to be done. Wrapping something like wireguard in a nice package, handling all the web infra stuff, and making something like this very very easy, maybe even integrated with selfhosting platforms like yunohost.
You also made a good point about the ip issue. Not being able to route at layer 7 was stumping me, so thanks for bringing up SNI! That just might work. Will have to do more research