Skip to content

Blog

mTLS

This post is all about requiring mTLS through a CloudFlare proxy. It's actually not very difficult to set up and is a great alternative to using zero trust.

CrowdSec CloudFlare Worker Bouncer.

Having CrowdSec installed on your local reverse proxy is vital for security. But if you have just having repeated attempts after repeated attempts through a tunnel such as CloudFlare tunnel, you're still going to get all of that traffic to your reverse proxy and see all of the 403 forbiddens in your logs. We can fix that with a CloudFlare Worker Bouncer.

Setting up Pangolin Passthrough

A couple of people expressed concerns about Oracle snooping in on their unecrypted traffic between SSL termination on pangolin and the Gerbil tunnel to their home server. In this post I will explore the prox and cons of using a Raw TCP tunnel to pass encrypted traffic through the tunnel without decrypting it.

Creating a VPS with Oracle's always free tier

I know everyone hates on Oracle but they certainly have the best free tier out there for virtual private servers (VPS). I'm setting up a VPS to create my own reverse proxy tunnel outside of my home network with Pangolin. This allows me to expose home lab applications indirectly, without exposing my public IP and opening ports. It's like we're setting up our own Cloudflare Tunnel, just without the benefit of its CDN and DDoS protections.