I currently have a static IPv4 adress and am publishing my self-hosted services “the old way” using open ports on my router and firewall and pointing my domain directly to my IP address. My town is going to get fiber soon though, and it would be disproportionately expensive (more than twice as expensive) to have a static IP there, since I would have to upgrade to a business plan. I currently pay 5€ extra each month for my static IP. So I started researching, what would be the best way to host my services without needing a static IP. Luckily, anderspitman already did most of the work and researched numerous tunneling tools in his anderspitman/awesome-tunneling repository. I’ll merely pick the tools that sound promising, compare them by what’s important to me (more on that later) and hopefully decide which tool I’m going to use.
Requirements
I’m currently hosting quite some services. I also regularly test new things.
- Must be easy to configure (e.g. Caddyfile)
- Must be quick to change config (e.g. restart service)
- Must support SSH (for Git and SSH)
- Must be encrypted
- Must support custom domain-names
- Must support HTTPS and automatic certificates, though I’m okay keeping my Caddy as well
- Should support TCP/UDP (e.g. FTP)
- Should be open-source
- Should be low on resources
- Should be available on NixOS
- Should be configurable via Nix I’m also currently hosting Wireguard on my server. The tunnel could either be used to tunnel Wireguards’ ports to my server or just be a wireguard host as well. Actually wireguard might work as an encryption layer on top of a tool that’s not encrypted.
Evaluation
Cloudflare Tunnel
The first tool that came to mind, was Cloudflares tunnels. This is unfortunately closed-source, but that’s not a hard requirement for me. It’s also the first recommendation by anderspitman. So let’s test it: See 2024-10-31 - Thursday
frp
This is the top recommendation for an open-source solution by anderspitman. See 2024-10-23 - Wednesday
Results
| Criteria | Cloudflare Tunnel | frp |
|---|---|---|
| Open-Source | no | yes |
| Simple Management | yes (Web Interface) | yes (TOML file or Caddyfile) |
| Supports TCP/UDP | no¹ | yes |
| Support custom domain names | yes | yes |
| Encrypted Traffic | yes | yes |
| Automatic HTTPS | yes | external (e.g. Caddy) |
| Resource consumption (CPU) | ||
Resource consumption (Memory) | ||
| NixOS availability | yes, including configuration | yes, including configuration |
[¹]: See Non-HTTP applications. Is only supported using the WARP client that has to be installed on each client.