DEV Community: Ionut aka BlitzCloud

You need to stop using port forwarding right NOW !

Ionut aka BlitzCloud — Tue, 07 Mar 2023 18:03:27 +0000

TL;DR

In this article I will show an alternative to port forwarding. That offers the same configurability and is even more secure.

But why you may ask ?

Port forwarding was the way to go from the down of internet to allow inbound traffic from the internet to reach a machine(SSH) or a service on the local network, and will still be, but as tech enthusiastic I can say that the security might not be in the spotlight. But as the history shown us with every opened hole in the firewall comes at risk. You might be wandering how we can mitigate this issues. The obvious option is just not to expose anything to the world. Or to VPN inside your home network might work but with this set up you can expose any of your resources to the word.

What alternatives do we have to solve all this issues ?

After some research I discovered Cloudflare Argo Tunnels, the big advantage for me is that I can point a tunnel endpoint to one of the many domains or subdomains that i have already associated with my Cloudflare free account. With this service you have full control over your configuration and the security of your applications with the build in SSO platform.

If this cached your eye Let dive in ...

Go on the Cloudflare Zero Trust Dashboard > Access > Tunnels page
And create your first tunnel
Name it
Choose your environment and follow the instructions on how to configure
Choose your domain and the location of the service you want to host NOTE: You can also use Tunnels for SSH or RDP.
Bonus ! Cloudflare also provides a VPN service, that can be used to access your home network. To use it you need the Cloudflare Warp Client.

To wrap up in this article you saw how to configure a tunnel to expose your self-hosted services for free on the internet that doesn't require any port forwarding and based on my personal experience you could rely on this service as I do for more than a year

Why Cloudflare Argo Tunnels ?

Ionut aka BlitzCloud — Mon, 03 Oct 2022 17:13:13 +0000

Have you ever wanted to share a preview of a project with a client,friend or to open your own self hosted blog, without the security concerns of open ports ? Perhaps you might heard of solution like ngrok and localtunnel which might do the job for a temporary use case, but in these cases the subdomain is will be random.

1. What are Cloudflare Argo Tunnels ?

Cloudflare Argo Tunnels allows you to connect your services to the Cloudflare network without a public IP address, which is convenient for those who don't have a static IP.You need to install a lite weight demon that will route traffic from an to the internet from the local server.The daemon comes with a CLI from where you can create and administrate the tunnels once you are login.

2. How is working ?

3. Why Cloudflare Tunnels ?

Besides the security aspects, a cloudflare tunnel will allow you to route a huge variety of protocols throw their network like SSH,HTTP,HTTPS,UNIX and RDP.The presence of an intuitive web interface makes the tunnel management easier. For those of you that are working on a team an want internal tools expose to internet and don't have the time to deal with authentication the SSO tools that the Zero Trust platform has to offer comes in handy, beside this the administrator can limit the access to which apps each team has access to.

4. Before the installation process here are some requirements:

A domain name
A Cloudflare account
To add the domain to your cloudflare account

5. Setup:

After you added your domain to cloudflare you can begin the set up process.

Download and install the right executable.
Go to the Dashboard -> Access -> Tunnels and the create your first tunnel,after this you will be provided with a command to run the tunnel.

6. Advantages:

High securitu and customization
High avalibily
Free tier
No need for an static IP address
SSO tools

Here I should note that the in order to successfully receive other protocols then http and https both ends should run the cloudflare daemon or the WARP client,but elsewhere Cloudflare tunnels are a reliable, low effort, hight security solution for you to host your service on the internet, that can make use of other in house tools from Cloudflare.

Thx for staying that long and until next time 😀Codding.

Now you can run a code-server as a service.

Ionut aka BlitzCloud — Thu, 29 Sep 2022 14:47:54 +0000

As I mentioned in my last article, I said that code-server lacks a service to run it in the background or at startup. I build a systemd service to solve this issue.

If you want to have the code-server running n the background just follow this steps:

Create the systemd service with this command

sudo nano /etc/systemd/system/code-server.service

Paste the code below.

[Unit]
Description=Code-Server Service
After=network.target

[Service]
Type=simple
Restart=always
User= yourUser
ExecStart=/usr/local/bin/code-server

[Install]
WantedBy=multi-user.target

Start the service

sudo service code-server start

Check the status

sudo service code-server status

Optional enable the process at startup

sudo systemctl enable code-server

Now you should be able to take you safe development environment on your iPad or on your grandma slow computer,without being afraid that the server will stop.

VScode is now everywhere💻

Ionut aka BlitzCloud — Mon, 26 Sep 2022 16:25:07 +0000

I am sure that along your coding journey you heard at least one time about code-server witch it is great, but today I am gonna show an alternative solution to that that comes with a secure tunneling service, to eliminate the need of opened ports on the server side. Beside the web interface code-server allow you to connect your local instance of VScode to the remote environment. During the installation your GitHub account will be associated to the secure tunneling service this way only you can access that instance. The code-server can be run that its accessible only from the local network too.

Use cases:

Behind a firewall where you don't want to change the rules.
When ssh connections aren't allowed.
For students like me.

Advantages:

Hight security
Support for all VSCode extensions
Official support from Microsoft
Easy to deploy and access from remote locations
Support for AMD64 and ARM64.

Disadvantages:

The code-server source-code it's not opened source.
The service it is in a private preview and require to go throw a signup form

Setup:

Installation:

For linux and mac OS:

wget -O- https://aka.ms/install-vscode-server/setup.sh | sh

For Windows(AMD64):

New-Item "$HOME\.vscode-server-launcher\bin" -ItemType "directory" -Force
Invoke-WebRequest "https://aka.ms/vscode-server-launcher/x86_64-pc-windows-msvc" -OutFile "$HOME\.vscode-server-launcher\bin\code-server.exe"
[Environment]::SetEnvironmentVariable("Path", [Environment]::GetEnvironmentVariable("Path", "User") + ";$HOME\.vscode-server-launcher\bin", "User")

For Windows(ARM64):

New-Item "$HOME\.vscode-server-launcher\bin" -ItemType "directory" -Force
Invoke-WebRequest "https://aka.ms/vscode-server-launcher/aarch64-pc-windows-msvc" -OutFile "$HOME\.vscode-server-launcher\bin\code-server.exe"
[Environment]::SetEnvironmentVariable("Path", [Environment]::GetEnvironmentVariable("Path", "User") + ";$HOME\.vscode-server-launcher\bin", "User")

Run the code-server:

code-server

Continue the required setup.
Alternative you can run it just for the local network with:

code-server serve-local --host 0.0.0.0 --port 8080

Summery:

Code-Server it's great service for those of you that are familiar with the VSCode and want to have access to their tools and extensions. It's a nice to have service on your development machine with out exposing you to any unnecessary risks, but lacks a service to run it on the start up or in background and its use cases are narrow.