I maintain a list[0] of solutions to this problem. Cloudflare Tunnel is what I currently recommend to most people. IMO it's the easiest way to expose services publicly on the internet. For example a website or shared Plex server.
Main downsides to Cloudflare Tunnel are no e2ee (Cloudflare decrypts all your traffic) and technically anything other than basic HTML websites (ie media streaming) is against their free ToS, though I haven't heard of that being enforced in practice.
If you're the only one ever using your services then I'd recommend Tailscale instead, which sets up a VPN using WireGuard along with slick auto p2p setup (NAT traversal, relays, etc).
Hi, I'm the author of the blog post being promoted here.
I love that list! I also use Tailscale for a lot of my personal private services as well as Cloudflare Tunnel, I think they're both really great :)
The concern about Cloudflare decrypting the traffic is valid, I just personally feel for a lot of public websites that's often fine especially if the hoster might have been using Cloudflare already anyway. If an individual doesn't want to use Cloudflare for their setup then that's fine and there are lots of cool pieces of tech they can consider!
> though I haven't heard of that being enforced in practice.
It happened here[0], and the reasoning for why they allow some free tier content is in their S-1[1]. Typically, even if you blatant file sharing or video streaming application in violation of 2.8, Cloudflare doesn't necessarily care as long as it's not too bandwidth intensive (eg. I wouldn't recommend having a dozen people streaming Plex from the outside internet).
Thanks for this. The thread is confusing because the user is quite upset and hostile and didn't seem to understand Cloudflare very well, but in the end this does indeed seem like a case of the site being shut down due to non-HTML ToS violation.
Consider adding Tor onion services to that list. The idea is that you run a Tor daemon that starts an onion service which can expose any TCP-based service. Communication is facilitated via another node, which makes it possible to host onion services behind NAT.
The relays only come into effect if the client isn't able to form a direct connection to the server. However most are able to do this without issue and its automatically for the most part.
Good to know, thanks. I used Plex as an example since more people know what it is, but in practice I would use Jellyfin for media streaming, since it's open source and doesn't use dark patterns. But you also need to manage tunneling yourself...
What about Slack's Nebula? Tailscale is not fully open source. I believe there is also headscale which is attempting to replace the closed-source parts of Tailscale. But I am curious about Slack's Nebula. Has anyone used it for anything like this?
In my biased opinion, the "easiest" solution currently is my own boringproxy, which I mention at the top of the list. Once you have the client daemon running on each of your devices (static executable with minimal CLI params and no config file), adding and removing tunnels is just a few clicks in the web UI.
It also has basic e2ee. The TLS certs never leave the client devices by default.
Even so I agree with you that this is still too much. I think a non-technical person should be able to write some content, go through a quick OAuth2 flow to point a domain name at that content, and have it just work. I'm currently working on building something more like that.
An hosting service is the only solution since otherwise the website will be down when the Mac is rebooted or moved if it's a laptop.
The service in this article is either for development purposes or for people who are running dedicated home servers (which means they have a Linux desktop that they keep on 24/7 without rebooting and are usually programmers and/or system administrators).
What's the goal? Does your grandma want to start a blog and you're talking about hosting the HTML from that folder, or do you want to be able to access the folder to read/write files, or something else?
I think our thread got too deep and it won't let me reply. Feel free to contact me directly through https://apitman.com or post on https://forum.indiebits.io if you want to talk more.
But to answer your question, you'll need to run a CLI daemon on your grandma's computer. Something like ngrok static files would probably be the easiest:
But since you're already setting up one daemon in that case, I'd use Cloudflare Tunnel and also run a basic webserver or WebDAV server alongside it to give you more control over how the files are hosted.
Also pretty sure you have to pay for custom domains with ngrok.
I'm not aware of a good solution to this currently, but it's a space I'm very interested in. The main problem is that the devices most people use these days (phones and laptops) are constantly being connected and disconnected from networks. So even if you solve the software problem and make a nice GUI program for your grandma to use which automatically handles TLS certs and tunneling, if she closes her laptop her blog goes down.
I think the way to do this may be to ship services as Android apps. Imagine something like self-hosted Google Drive that you install as an app on an old Android phone. After install you go through a quick OAuth2 flow to connect it to a subdomain and open a tunnel, and now you have 64-128GB of e2ee cloud storage. Just plug the phone in and leave it in a corner.
This concept can be applied to Nextcloud, Jellyfin, Plex, your grandma's blog, etc.
Overlay networks could offer a good solution here. Today if you have software on OP's grandma's laptop that starts a Wireguard tunnel to a relay host, the laptop can have a stable IPv6 address to which you can connect to. ZeroTier and Tailscale enable this as well.
If persistence is not key, what is the easiest way to do this? Like if I am on a phone with grandma and want to see a local HTML page from her Mac, what do my simplest instructions for her look like?
Main downsides to Cloudflare Tunnel are no e2ee (Cloudflare decrypts all your traffic) and technically anything other than basic HTML websites (ie media streaming) is against their free ToS, though I haven't heard of that being enforced in practice.
If you're the only one ever using your services then I'd recommend Tailscale instead, which sets up a VPN using WireGuard along with slick auto p2p setup (NAT traversal, relays, etc).
[0]: https://github.com/anderspitman/awesome-tunneling