Fail2ban or crowdsec and general thoughts on security

Boringproxy looks fantastic. I’m begrudgingly using cloudflare zero tunnels at the moment and I’d like to switch.

I’ve got a dev server that clients check to add content on sometimes. The server is on my home network so I wonder how to protect it. A general password would help, but can be brute forced. Could I add fail2ban or crowdsec to throttle the login attempts?

Otherwise, how cloudflare zero tunnels work is otherwise really clever: The user have to give their email to receive a code. This way I can keep track of who’s online, but also it’s so much easier not having to send yet another password. Everyone remembers their own email. I work with people who don’t use password managers sometimes, for example. This I could potentially set up myself, I think, but I’m not sure how to hook it into boringproxy… Not sure this is a question, but more of a general thought.

Hey @joe_g, sorry for the super late response.

I’ve never used fail2ban or crowdsec (I’ve mostly heard of fail2ban in the context of ssh, and there using keys is a better approach), but in theory that could be a nice solution. I think you would just need your dev server to output logs in a proper format.

What, if anything, are you currently using to authenticate users to your server?

boringproxy doesn’t really have any authentication other than a single basic username/password per tunnel. Some other services on the tunneling list likely have more advanced options: GitHub - anderspitman/awesome-tunneling: List of ngrok alternatives and other ngrok-like tunneling software and services. Focus on self-hosting.