External access via CGNAT network.

Erm yeah that’s hard to pick one · Saturday at 12:33

I have a server that hosts a webpage for anyone I give the domain address to view. We’ve moved and I am using a 5G mobile data for the internet which is a CGNAT IP.

What can I do to make my my site accessible again.

Erm yeah that’s hard to pick one · Saturday at 13:56

Caged said:
Tunnel | Zero Trust App Connector

Connect applications, servers, and other resources to Cloudflare's network via encrypted outbound tunnels. No publicly routable IPs or VMs required.

www.cloudflare.com

Oh wow that might work. I guess Cloudfare would would give me a static IP I can use on my DNS for the hosting sofe of things and presume there is some config on the software from Cloudflare for it to connect to my server

Erm yeah that’s hard to pick one · 2024-11-18T09:02:04+0000

the-evaluator said:
Not quite. It's all FQDN based and configured in the Cloudflare portal.

The IP addresses behind the FQDN's are reasonably dynamic (dual homed too, so there will be IPv4 & IPv6 addresses) so forget about accessing stuff by IP. You'll also have to have a domain that lives on Cloudflare's DNS servers, you can't have your DNS elsewhere and use that domain for Cloudflare tunnels. Initially I bought a new domain through Cloudflare just for the tunnel access but have since moved all my domains over to Cloudflare.

Software wise you need to install cloudflared somewhere at your end of the tunnel. I've got it on the same Raspberry Pi that I'm running PiVPN (note to self - investigate alternatives) and it's working fine.

I see they offer a docker option so that works. Shame about the domain. That might be a problem. I do have ZeroTier. I wonder if I can do anything with that.

Thank you for a good quality reply covering some details.

Erm yeah that’s hard to pick one · 2024-11-18T09:21:58+0000

the-evaluator said:
Yeah, there's several ways you can run cloudflared.

Needing a domain on their DNS servers wasn't a problem for me, they sell domains at cost (I think) so I just had to remember to use mydomain.cloud instead of mydomain.com for accessing stuff at the home end of the tunnel.

The domain is the issue now for me. Dam

Erm yeah that’s hard to pick one · 2024-11-18T09:38:41+0000

the-evaluator said:
Bummer, so Cloudflare Tunnels might not be an option. A shame as it works really well.

I might have to bodge something to test and play. Can’t see much info without being in and having accounts for cloudflare domain on it

Erm yeah that’s hard to pick one · 2024-11-18T11:21:46+0000

the-evaluator said:
I'd somehow missed the mention of website on the OP, so yeah, I shouldn't have thought that using a different domain would be non trivial!

Massive when your service/product is known by its name.

Erm yeah that’s hard to pick one · 2024-11-18T12:21:29+0000

the-evaluator said:
I see the problem

By chance cloud flare doesn’t give you an IP you can use do they. Now if they do that would world a so can update my host on the dns to use that like in was at home

Erm yeah that’s hard to pick one · 2024-11-18T13:56:41+0000

On Holiday said:
Why not just use regular web-hosting or a VPS for this?

Because there is a large amount of hardware attached to the server that’s makes the server what it is and also the location of it.

the-evaluator said:
Not as far as I know. There is of course an IP address behind the FQDN (2 x IPv4 & 2 x IPv6) but I haven't tried doing anything with them directly. If I get a chance later this afternoon I'll see what I can do with them.

I'm fairly sure they're quite dynamic though and I see a 300s TTL.

Fact looking at my DNS settings for my domain I could use the cloudflare site as well.

Caged said:
You don't have to change your domain or transfer it anywhere, the only requirement is that you use Cloudflare as your name server.

Oh right got that option as well on my domain.

Erm yeah that’s hard to pick one · 2024-11-19T10:56:46+0000

I just sat down to give this a go and stuck right away as after making the account and logging in the section you need is pretty hidden. I think i was doing it right but right away limited on network names and then it wanted payment even for a free option which is a joke. Not something I was willing to do. Nor could I find anything on youtube for it.

I did try my Zero Tier option via DNS and that works but need to have ZT on the accessing device so that defeated the object