Replacing CloudFlare Tunnel with a self-hosted server
Until this week, search.feep.dev was served via Cloudflare and Cloudflare Tunnel. The only reason for this was that Feep! runs on a server in my living room, and I didn’t want to expose my home’s IP address to the entire world.
But Cloudflare is a large and complicated service, and really the only thing I actually need is a reverse proxy to forward HTTP requests. I already have a personal server for my website; now that it has a tunnel to the server Feep! runs on, I’ve been meaning to switch my setup for a while.
Doing this turned out to be quite easy:
since I already had Nginx and Certbot set up,
I just had to add a new server section to my config
and configure it as a straightforward reverse proxy:
server_name search.feep.dev;
location / {
proxy_pass http://100.123.45.67:4280;
# for compat with Cloudflare; TODO change this to X-Real-IP
proxy_set_header CF-Connecting-IP $remote_addr;
}
I could have run Tailscale in a sidecar container like I did for my GitLab setup, but I decided to keep it simple and use the Tailscale I already had on the host.
After this change, Feep! is now entirely self-hosted. (It’s not a 100% production-grade setup, but then again very little about Feep! is; my general philosophy for this project is to favor simplicity, though that often results in a fairly robust system just because there are fewer things to go wrong.) At some point I may also set things up so my server also handles static pages and assets without needing to forward those requests, but for the moment I’m happy to have made my setup just that little bit easier to manage.