Cloudflare Tunnels vs VPS

Looking at self hosting email and other things (not here to debate self hosting email, I am doing it for a reason). From a security standpoint, it seems like it would be “better” to point the domain at a VPS then use tailscale to the home lab then reverse proxy to servers versus using tunnels. For the VPS, I was looking at AWS Lightsail and I could get 1GB memory, 2vCPU, and 2TB transfer/month for $5/month.

To me, VPS, seems more “secure” as it eliminates some of the security concerns Tom pointed out in his Cloudflare tunnel video for such a low cost.

Curious on everyone’s thoughts.

There are limitations to using cloudflare tunnels. You might want to examine that. Also think about all your mail traffic being passed through another company before it reaches its destination.

If you are looking at high security I would recommend proton mail. Not debating, just a suggestion

I agree that a VPS at the front of a tunneled connection to your services is a great way to go. I’ll add that do be careful in choosing your VPS if mail hosting is a priority. There are a lots of IPs on blocklists that will make sending mail a real hassle. And I’ve heard tales that AWS addresses are high on those lists. Definitely do some due diligence before diving in.

I didn’t think about that. Thanks for the info!

The only other option I can think of is exposing my IP but I have not found a way to mask my IP address in the meta data for email.

I host my mail server in a VPS directly and I just made sure it had a clean IP at mxtoolbox.com. There are some services that do smtp relaying (mailgun and sendgrid come to mind) that could be good options, too.

Thank you for the advice. I think I’ll end up using the VPS for head scale hosting and keep everything local. Do you have a specific VPS you prefer?

Considering your specific scenario, using a VPS like AWS Lightsail for self-hosting services may indeed offer a good balance of security, reliability, and ease of setup, especially at a low cost. However, it’s essential to ensure proper security measures are in place regardless of the chosen approach, such as regular updates, strong authentication, encryption, and monitoring.

Ultimately, the best choice depends on your specific requirements, technical expertise, and comfort level with managing infrastructure. You may also want to consider factors like scalability, performance, and support options when making your decision.