Please educate us idiots regarding Homelab video streaming

I’m so utterly confused, I just don’t even know if I want to deal with Cloudflare anymore…

Talking Points:

  1. I initially got excited about the tunnel, but then realized it’s basically a MITM attack. Don’t want to argue about that…:thinking:

  2. I’ve already set up name servers, rules, and DNS protection.:hugs:

  3. Seems to be a great free service to hide my origin server IP and redirect different CNAME entries to different web servers on my home network.:wink:

  4. Been learning about Nginx proxy to route it all correctly. Everything seems so great, and so awesome. Super excited!:smiley:

  5. Now I’m being told and reading everywhere that looking at my IP cameras with the orange-loud thingy service enabled would be a violation of the TOS. :cry:

  6. All I want to do is access my home assistant, blue Iris server, traccar server, another fancy stuff and mask my public IP.:face_with_monocle:

  7. But I can’t do this because apparently I’m going to violate the TOS. If it is actually a violation then why in the world is there an entry on the official blog post? Why would you tell people about setting up pet cameras through the tunnel and or proxy service if they’re going to get banned when they do it?:triumph:

  1. Can I actually achieve what I want to achieve or should I just figure out something else?:face_with_spiral_eyes::roll_eyes::confounded:

In the exact same way that proxying the record would be…? Any service who generates the certificate and holds the private keys would meet your criteria for a MITM attack.

If you don’t want that then the rest of your questions are null since proxying the record goes against your first concern.

If I generate my certificates and install them on my server and my clients then it is end to end encryption. Obviously nothing’s perfect. If I use the tunnel then Cloudflare is decrypting the traffic between the server and the client regardless of the SSL certificates, because the tunnel has to have access to the certificates. Unless you’re trying to say that even with just the DNS proxy service Cloudflare is able to decrypt the end-to-end encryption between server and client?

Even if I wanted to use the tunnel it still violates the TOS, in regards to 2.8. So I’m mainly curious why the Cloudflare blog wants people to set up IP cameras at home and view them through the tunnel.

Or through The DNS proxy service, for that matter. Either or.

Of course - that’s how Cloudflare, and any reverse proxy that provides security solutions, will work.

Tunnel or not, that has no bearing on it. Unless people are connecting directly to your origin then they are hitting Cloudflare and receiving a Cloudflare provisioned (or customer provided) certificate which Cloudflare has the private keys for.

This is so they can view the body and headers of a request to do the caching and security aspects of the traffic flow. The Web Application Firewall wouldn’t be doing a whole lot if it couldn’t see inside a request.

The trust placed in Cloudflare as a result of such a scenario is why https://www.cloudflare.com/privacypolicy/ and https://www.cloudflare.com/trust-hub/compliance-resources/ exist.

There’s something in the middle like you already eluded to - Cloudflare. It’s not end-to-end at all if it’s not connecting directly to your ‘end’ and going through a service that performs SSL termination.

If you don’t want Cloudflare in the mix, the record must be DNS Only (:grey:) which bypasses Cloudflare entirely and goes straight to your origin. But you can very much trust Cloudflare with your traffic, in my opinion.

As for if it’s against the ToS, the wording is that disproportionate non-HTML usage is against the self-serve terms. Specifically 2.8 Limitation on Serving Non-HTML Content

I’m not a Cloudflare representative so I can’t tell you if it would or wouldn’t fall under that.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.