Is this materially different from the alternatives?
I think it's sensible to use Cloudflare Tunnel for this purpose if you care about security and still need it to be free. It's run by a $21B company that has a lot to lose if they get caught doing anything bad with your data.
https://blog.cloudflare.com/tunnel-for-everyone/
They have being doing this for 2+ years as a marketing exercise, afaik.
Downside: Their documentation honestly isn't the easiest to go through if all you want to do is to setup something ngrok-like.
> run by a company that has a lot to lose if they are caught doing anything bad.
More and more these days I'm finding myself shut off from websites, and seeing the cloudflare page telling me that they've decided that I'm not allowed to visit them. The page gives me no way to argue that they've got it wrong, it suggests that I contact the site if I think that cloudflare have blocked me from it incorrectly, but that's pretty hard considering that they've just blocked me from it. It's not minor sites either, yesterday trying to access discord.com got me the cloudflare page from my desktop. Apparently my mobile internet connection isn't good enough for cloudflare either, since an enormous number of sites trigger the page on that.
Cloudflare are one of the most disturbing things about the modern internet.
...caught doing anything bad [with your data] is so obviously what I meant. But hey, technically you found a hook!
You probably have a good point about Cloudflare's effect on open web access on the internet, but.. that's not really what we are talking about here, is it?
> but.. that's not really what we are talking about here, is it?
I suppose I better make the link that I saw more clear. A lot of people use cloudflare services because they are free. I've done it myself. And in many case that would be fine. Cloudflare are in a unique position - partly through the reach those free services have given them, they now have an unusual level of power over the internet. Using cloudflare services gives them more power. I think before anyone uses a free cloudflare service, they should absolutely think about whether they're going to use that power wisely.
This is particularly the case when there are good, free open source alternatives such as the service posted here, that you used as a jumping off point to talk about the cloudflare service.
I see an open source client connecting to a service run by a private person with no full name disclosed. The source code of the service is published as open source, but that is not necessarily exactly what is running.
If this can be shown to be incorrect I'm happy to correct this post.
Just for the record using Cloudflare Tunnel doesn't mean you are using their WAF products (blocking) AFAIK
> $21B company that has a lot to lose if they get caught doing anything bad with your data
Say what? Companies get caught doing this all the time and nothing seems to happen.
Doing bad things with your data certainty does not seem inversely correlated to the market cap of the company doing it. They might have 'a lott to lose', but they also have a lott of lawyering and a lott of political clout protecting their rackets.
I have been really digging Cloudflare tunnel. For my self hosted apps, I used to expose everything through a reverse nginx proxy listening on 80 and 443, but this is much more convenient. Their Zero Trust stuff is cool too, although not something I'm looking to pay for.
I am building and running something similar. But it doesn't involve installing anything. - https://pinggy.io
I thought I might do a shameless plug of my own project, Tunnelmole. It's also on NPM, but provides single executable binaries if you don't have NodeJS installed.
Client: https://github.com/robbie-cahill/tunnelmole-client
Server: https://github.com/robbie-cahill/tunnelmole-service
Previous HN discussion: https://news.ycombinator.com/item?id=34968649
Localtunnel used to be a nice tunnel. It has gone through some enshittification lately.
> tunnel consent page now requires the tunnel creator's public IP in order to access tunnel content
https://github.com/localtunnel/localtunnel/issues/598
There are free non kafkaesque competitors out there.
I think it's pretty hard to read this as anything other than a maintainer trying to stop malicious actors from abusing their project. You might not agree with how they're doing it, but calling this enshittification and kafkaesque feels pretty hyperbolic. Posting the comment here just in case folks don't click through:
Hey everyone,
It saddens me to be forced to add yet another annoying thing to the public localtunnel server but...
As of 2 minutes ago, all tunnels now require a real user to enter the endpoint IP address (which acts like your tunnel link's password) on the consent page.
Showing and having the users click a continue button in order to access the tunnel content didn't really do too much to fight of people hosting phishing portals via localtunnel. I've also been getting an enormous amount of phishing/abuse notices from various organizations worldwide, forwarded notices from my hosting provider, and even have been put on notice that I will be responsible for costs related to removing IPs from various IP blacklists...
I'm currently building an abuse reporting tool for these orgs to use that'll automate banning users hosting phishing portals but until that's built & tested this new password-protection way of abuse fighting will have to do.
Sorry for any inconvenience...
PS. If localtunnel doesn't work for your use case for whatever reason, feel free to checkout other alternatives like https://ngrok.io
If anyone has any other suggestions on easy ways to fight phishing/malware portals from using this service, i'm all ears!> enshittification
That is not enshittification by any means. Enshittification is screwing your users over for profit or something. That was an honest attempt to curb the amount of abuse reports and threats that the maintainer was receiving.
What a weird complaint, all I can see there is that we can't have nice things because as soon as you put something online (image hoster, tunnel hosting,...) bad actors are going to abuse it and ruin it for everyone.
> enshittification
And yet the link you shared explains precisely why it is we can't have nice things
My setup to do the same:
- small Hetzner instance
- my domain's dns pointing to that instance
- frps[1] running on that instance
- frpc running on my local machine and connected to the cloud frps
How does this compare to ngrok?
Ngrok seems like an actual company, while this is...do we even know who/what runs this service?
Ngrok wasn't always an actual company, I miss the days when their service was affordable.
It's certainly gone more "Enterprise", but it also paved the way for many other similar services to take hold.
Well, enterprises suck. It's all "contact us for this, contact us for that", low limits unless you pay large sums. Really not very attractive anymore. I miss the days when I could expose Minecraft servers for free. The cheapest plan of $10/mo is more than double what I pay for Firefox Relay & reMarkable Cloud combined.
edit: nevermind, they've actually raised the cheapest plan to $15/mo! But they used to offer TCP addresses for free, and now they don't allow them at all unless you pay $15/mo for them.
Anyway playit.gg exists.
$15/mo is silly considering I could easily rent a VPS for that price
Yeah, I had a VPS for $13/mo. What's even sillier is that you could rent a VPS for $4/mo (Kamatera) and then use SSH tunneling to forward any port you want to your local machine. In fact, I've done that too.
P.S. would not recommend Kamatera for IPv6 or email. They simply don't have IPv6, and you'll have to fight with their support to get a PTR record made if you want to run a mail server. I really do mean "fight", I had to create 5 or 6 tickets before they would let me wade through 2 or 3 different agreements to assure them that I wasn't going to use it for spam.
What name registrars allow one to to create unlimited subdomains on the fly like how Localtunnel does it?
It's not the name registrar it's the dns server.
You just use a wildcard dns record, and then the webserver uses the host header to determine which subdomain was used (for webservers at least).
A registrar generally isn't involved in creating subdomains. You buy the domain and define subdomains on your DNS server.
Your registrar may also provide DNS services and that's where such a limitation would come into play.
So glad to see the server component can also be self-hosted. Nicely done!
Have been self hosting the server component for a few years to support some local dev workflows.Can confirm great satisfaction :)
Expose Yourself to the World has to be one of the funniest taglines
It's great but too baity for HN so I put a phrase from the first sentence up there instead.
I've grown using dial up internet in the 90's. At the time, once you "connected" you got a real IP you could share with anyone in the world. Run a service in your machine in your desk, pass your IP to a friend and that was all you needed. Of course, there were security implications and IP are a scarce resource now, but I liked the way it was then.
IPv6, AFAIR, was promised to solve the scarcity of IP's. Every grain of sand could have a world reachable IP they promised us. What we got were CGNAT, hole punching, rendez-vous servers... If you want serve something "at home" these you'll have pay extra money for a "real IP" depending on your ISP.
The current situation is bad and, considering interests of biggest companies that can I influence it these days, not improving anytime soon.
I really miss the freedom I had in the 90's when I could run IRC server on my machine and tell my friends to connect (I actually did that!), when I could code a quick game and pass to my friends to play on-line. I see people buying security cameras and on-line switches, but what they are actually using are services which can be disabled or become paid as soon as it becomes profitable for the vendor.
We need to be independent. We should be able run services on our machines and pass that to world without any special permission if we want. The possibility of running services should not be a hostage of a few billion dollar companies or deep pockets.
The best solution I know so far for this problem is the TOR network, but it needs special software on both ends and some knowledge to use. It is time for us to start thinking about having the internet on our hands again.
It’s totally possible for many of us. I simply own a domain at Namecheap and hit their dynamic IP update endpoint to set the dns to point to my currently assigned IP. Mine only changes with router resets and such. I also forward some ports from my router to my machine’s IP and set my machine to always get the same internal IP.
I serve several websites from my home office on a little Raspberry Pi 400.
Read more about the Raspberry Pi in my Bedroom at the URL below:
https://joeldare.com/private-analtyics-and-my-raspberry-pi-4...
> It's modeled after my nostalgia for the Renegade BBS I ran in my bedroom as a teen.
The Pi Stats Dashboard is lovely. I like how the whole display is the dashboard, with large (and retro) fonts, clear colors. I also like your pragmatic approach of using dynamic IP direct to a home server. It inspires me to build one of my own to keep track of web domains. Thanks for sharing!
> Run a service in your machine in your desk, pass your IP to a friend and that was all you needed. Of course, there were security implications and IP are a scarce resource now, but I liked the way it was then.
When I was a 1337 h4x0r as a teen I ran a port scan on the IPs from my ISP (Road Runner), and found a VNC iirc that was hosting some windows system that was a quake 2 or quake 3 server.
I saw players. I changed gravity to -100, waited, then +1000 or something like that. I was amused. They learned a lesson.
Mixed blessing though. While back I was trying to host a game (I think Terraria) . I had done it on my old ISP but not my new one. For the life of me I couldn't connect.
That's when I learned about CGNAT. At first I was kinda ticked (ended up using free tier NGrok which worked great). Now I'm kinda happy because it makes my home network rather difficult to get to from the outside which is a security feature I think I like better than the freedom.
> which is a security feature I think I like better than the freedom.
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
"At the time, once you "connected" you got a real IP you could share with anyone in the world."
"What we got were CGNAT, hole punching, rendez-vous servers..."
How was the real IP shared in the 90s. Was it via search engine.
Today, one can use TOR (hidden service) to run a "rendez-vous" server. To be clear, I mean a user-controlled rendezvous server, not the rendezvous servers run by the TOR project. TOR hidden service provides a free, world-reachable IP.
The user-controlled rendezvous server is a daemon running on the user's computer. It does not need to pass traffic. It serves only as a way to share a "real IP" (and a port number).
The peer-to-peer connection can then take place outside of TOR.