Everything you wanted to know about using Cloudflare Zero Trust Argo tunnels for your personal network

Everything you wanted to know about using Cloudflare Zero Trust Argo tunnels for your personal network. For those like me who were still confused even after reading the article, I think this is the lowdown:

  • ZT tunnels let you expose private resources/services to the internet (or your users) via Cloudflare’s edge network. You install cloudflared on an internal host, and register a “tunnel” so that requests to a hostname or IP get forwarded securely into your network (similar to tailscale).
  • Unlike classic VPNs (which open full network access) or traditional Cloudflare tunnels (which merely publish a service), this approach adds granular access control; you can define exactly who can access which resource, based on identity, device posture, login method, etc.
  • It also solves NAT/firewall issues often faced by P2P-based overlays (e.g., Tailscale) by routing everything through Cloudflare’s network, avoiding connectivity failures when peer-to-peer fails.

For in-browser auth you can then use Cloudflare Access, or you can install the cloudflare Warp client which is a VPN-like thing that would give you full control over the access to whatever service(s) you were exposing this way.

  • lIlIlIlIlIlIl@lemmy.worldEnglish
    211·
    3 days ago

    Would you be willing to share more about your position? I’ve been happy with their service, but want to be fully informed about who I’m doing business with

    • Helix 🧬@feddit.orgEnglish
      192·
      2 days ago

      They’re protecting scammers and other bad actors, their infra is run by junior DevOps “engineers” and every now and then they find another way to fuck half the internet.

      They’re part of what’s wrong with USA-centric hosting nowadays.

      Others posted good articles and thoughts aswell :)

        • guynamedzero@piefed.zeromedia.vipEnglish
          14·
          2 days ago

          I can’t remember the exact technical details of it, but that’s how links are generated for non-Latin languages. If you go to the actual site it will display as the intended url

        • bdonvr@thelemmy.clubEnglish
          71·
          1 day ago

          It is - that’s just how URLs in non-latin fonts look unfortunately. URLs, (and a ton of tech infrastructure) is hugely English/latin script biased.

          The URL is Japanese.

          • deltapi@lemmy.worldEnglish
            4·
            1 day ago

            I just asked 2 IT guys “hey, do you know what punycode is?” And the answer I received was “I’ve heard of it but don’t know what it is.”
            Thank you for informing me, but I’m far from alone in not recognizing it or having knowledge of what punycode is.

    • Technus@lemmy.zipEnglish
      138·
      3 days ago

      Could start with the fact that they go down about once a month now and take half the Internet with them.

        • Technus@lemmy.zipEnglish
          3·
          1 day ago

          I know, after I posted that I was looking at their outages and worrying that my 1/month estimate too much of an exaggeration cause they hadn’t had a big one in a bit.

      • lIlIlIlIlIlIl@lemmy.worldEnglish
        72·
        2 days ago

        Ah OK, so when you said “terrible company” you meant performance? I’ve had great performance with them so far fortunately

        • Helix 🧬@feddit.orgEnglish
          71·
          2 days ago

          For me it’s reliability and generally scummy business practices.

          They protect scammers and sell big data centres solutions that protect from DoS attacks 🤡

      • Holytimes@sh.itjust.worksEnglish
        72·
        2 days ago

        That’s less a problem with cloud flare it self and more just a issue of anything the scope and scale of what they have become. Even a better company would face the same issues.

        It’s fair to argue that they we should spread things out more to make them more resilient.

        But that’s more a knock against centralization than the service at hand. It’s also fair to show that they’re good enough that they were able to reach this point. Or more accurately. Everyone else was worse so they reached this point.

        It always feels like blaming cloudford at this point is much like blaming the horse for its Rider.