[Question] [SOLVED] Has anyone successfully setup lemmy in docker and using Cloudflare Tunnel?
Edit: Solved! See solution in comments
I’ve setup a self hosted lemmy docker and it works when accessing directly on the same subnet.
I don’t have ports opened in my firewall and my ISP don’t offer static IP so I rely on Clouflare tunnel as an alternative.
I’m able to load the front page, but can’t sign in. I don’t cache JavaScript through Cliudflare so I believe it’s relating to Websockets, but curious if anyone else has been able to get this working?
[...] is it basically like a dydns provider with cloud flare security?
It's similar but with dyndns clients are connected directly to your own IP address (which may occasionally change). Cloudflare Tunnel is what the name implies, a tunnel: you run a process (cloudflared) on your machine that connects to Cloudflare, and clients will connect to Cloudflare as well. Cloudflare does its thing with the connection, then sends it to cloudflared which forwards it to your actual server process.
Benefits compared to dyndns:
Your IP address is not publicly available (except to Cloudflare).
You don't need to open a port in your firewall/NAT (because it uses outgoing connections instead of incoming ones).
This is especially useful if you're behind CGNAT and can't open a port.
Supports all Cloudflare features (automatic HTTPS, available over both IPv4 and IPv6, security checks, etc.)
Downsides:
Cloudflare can see everything.
Does it have it’s own domain or is url some crazy hash looking string
Cloudflare provides two options: quick tunnels and permanent ones.
Quick tunnels are temporary but quick to set up: you just run cloudflared tunnel --url http://localhost, it tells you your URL is something like https://some-words-strung-together.trycloudflare.com, and when you stop cloudflared (or it loses the connection) that URL is gone and you can't get it back.
Permanent tunnels require more configuration, and you need to already own or control a (sub)domain for Cloudflare to manage. Internally it uses a "crazy hash looking string" domain, but that's just for configuration and not really user-visible. The main differences compared to quick tunnels:
You control what domain name it uses (yourdomain.com or sub.yourdomain.net or whatever).
This also means that domain name will stay the same if you ever need to restart the tunnel.
There appears to also be support for raw TCP, SSH and a few other protocols. I haven't used those and they may or may not be available in the free version.