[HN Gopher] Localtunnel - Easily share a web service on your loc...
___________________________________________________________________
Localtunnel - Easily share a web service on your local development
machine
Author : edward
Score : 55 points
Date : 2023-09-29 19:21 UTC (3 hours ago)
(HTM) web link (theboroer.github.io)
(TXT) w3m dump (theboroer.github.io)
| mkl95 wrote:
| Localtunnel used to be a nice tunnel. It has gone through some
| enshittification lately.
|
| > tunnel consent page now requires the tunnel creator's public IP
| in order to access tunnel content
|
| https://github.com/localtunnel/localtunnel/issues/598
|
| There are free non kafkaesque competitors out there.
| LoganDark wrote:
| > enshittification
|
| That is not enshittification by any means. Enshittification is
| screwing your users over for profit or something. That was an
| honest attempt to curb the amount of abuse reports and threats
| that the maintainer was receiving.
| mmcclure wrote:
| I think it's pretty hard to read this as anything other than a
| maintainer trying to stop malicious actors from abusing their
| project. You might not agree with how they're doing it, but
| calling this enshittification and kafkaesque feels pretty
| hyperbolic. Posting the comment here just in case folks don't
| click through: Hey everyone, It
| saddens me to be forced to add yet another annoying thing to
| the public localtunnel server but... As of 2
| minutes ago, all tunnels now require a real user to enter the
| endpoint IP address (which acts like your tunnel link's
| password) on the consent page. Showing and having the
| users click a continue button in order to access the tunnel
| content didn't really do too much to fight of people hosting
| phishing portals via localtunnel. I've also been getting an
| enormous amount of phishing/abuse notices from various
| organizations worldwide, forwarded notices from my hosting
| provider, and even have been put on notice that I will be
| responsible for costs related to removing IPs from various IP
| blacklists... I'm currently building an abuse
| reporting tool for these orgs to use that'll automate banning
| users hosting phishing portals but until that's built & tested
| this new password-protection way of abuse fighting will have to
| do. Sorry for any inconvenience...
| PS. If localtunnel doesn't work for your use case for whatever
| reason, feel free to checkout other alternatives like
| https://ngrok.io If anyone has any other
| suggestions on easy ways to fight phishing/malware portals from
| using this service, i'm all ears!
| yodon wrote:
| > enshittification
|
| And yet the link you shared explains precisely why it is we
| can't have nice things
| dewey wrote:
| What a weird complaint, all I can see there is that we can't
| have nice things because as soon as you put something online
| (image hoster, tunnel hosting,...) bad actors are going to
| abuse it and ruin it for everyone.
| tpmx wrote:
| I think it's sensible to use Cloudflare Tunnel for this purpose
| if you care about security and still need it to be free. It's run
| by a $21B company that has a lot to lose if they get caught doing
| anything bad with your data.
|
| https://blog.cloudflare.com/tunnel-for-everyone/
|
| They have being doing this for 2+ years as a marketing exercise,
| afaik.
|
| Downside: Their documentation honestly isn't the easiest to go
| through if all you want to do is to setup something ngrok-like.
| RockRobotRock wrote:
| I have been really digging Cloudflare tunnel. For my self
| hosted apps, I used to expose everything through a reverse
| nginx proxy listening on 80 and 443, but this is much more
| convenient. Their Zero Trust stuff is cool too, although not
| something I'm looking to pay for.
| kybernetikos wrote:
| > run by a company that has a lot to lose if they are caught
| doing anything bad.
|
| More and more these days I'm finding myself shut off from
| websites, and seeing the cloudflare page telling me that
| they've decided that I'm not allowed to visit them. The page
| gives me no way to argue that they've got it wrong, it suggests
| that I contact the site if I think that cloudflare have blocked
| me from it incorrectly, but that's pretty hard considering that
| they've just blocked me from it. It's not minor sites either,
| yesterday trying to access discord.com got me the cloudflare
| page from my desktop. Apparently my mobile internet connection
| isn't good enough for cloudflare either, since an enormous
| number of sites trigger the page on that.
|
| Cloudflare are one of the most disturbing things about the
| modern internet.
| RockRobotRock wrote:
| Just for the record using Cloudflare Tunnel doesn't mean you
| are using their WAF products (blocking) AFAIK
| tpmx wrote:
| ...caught doing anything bad [with your data] is so obviously
| what I meant. But hey, technically you found a hook!
|
| You probably have a good point about Cloudflare's effect on
| open web access on the internet, but.. that's not really what
| we are talking about here, is it?
| kybernetikos wrote:
| > but.. that's not really what we are talking about here,
| is it?
|
| I suppose I better make the link that I saw more clear. A
| lot of people use cloudflare services because they are
| free. I've done it myself. And in many case that would be
| fine. Cloudflare are in a unique position - partly through
| the reach those free services have given them, they now
| have an unusual level of power over the internet. Using
| cloudflare services gives them more power. I think before
| anyone uses a free cloudflare service, they should
| absolutely think about whether they're going to use that
| power wisely.
|
| This is particularly the case when there are good, free
| open source alternatives such as the service posted here,
| that you used as a jumping off point to talk about the
| cloudflare service.
| tpmx wrote:
| I see an open source client connecting to a service run
| by a private person with no full name disclosed. The
| source code of the service is published as open source,
| but that is not necessarily exactly what is running.
|
| If this can be shown to be incorrect I'm happy to correct
| this post.
| kybernetikos wrote:
| https://github.com/localtunnel/server MIT license
| tpmx wrote:
| Updated.
| Scarbutt wrote:
| What name registrars allow one to to create unlimited subdomains
| on the fly like how Localtunnel does it?
| thewataccount wrote:
| It's not the name registrar it's the dns server.
|
| You just use a wildcard dns record, and then the webserver uses
| the host header to determine which subdomain was used (for
| webservers at least).
| jmholla wrote:
| A registrar generally isn't involved in creating subdomains.
| You buy the domain and define subdomains on your DNS server.
|
| Your registrar may also provide DNS services and that's where
| such a limitation would come into play.
| iJohnDoe wrote:
| So glad to see the server component can also be self-hosted.
| Nicely done!
| jefc1111 wrote:
| Have been self hosting the server component for a few years to
| support some local dev workflows.Can confirm great satisfaction
| :)
| vorticalbox wrote:
| How does this compare to ngrok?
| astrodust wrote:
| Ngrok seems like an actual company, while this is...do we even
| know who/what runs this service?
| LoganDark wrote:
| Ngrok wasn't always an actual company, I miss the days when
| their service was affordable.
| astrodust wrote:
| It's certainly gone more "Enterprise", but it also paved
| the way for many other similar services to take hold.
| LoganDark wrote:
| Well, enterprises suck. It's all "contact us for this,
| contact us for that", low limits unless you pay large
| sums. Really not very attractive anymore. I miss the days
| when I could expose Minecraft servers for free. The
| cheapest plan of $10/mo is more than double what I pay
| for Firefox Relay & reMarkable Cloud combined.
|
| edit: nevermind, they've actually raised the cheapest
| plan to $15/mo! But they used to offer TCP addresses for
| free, and now they don't allow them at all unless you pay
| $15/mo for them.
|
| Anyway playit.gg exists.
| febeling wrote:
| Is this materially different from the alternatives?
|
| https://github.com/anderspitman/awesome-tunneling
| jeron wrote:
| Expose Yourself to the World has to be one of the funniest
| taglines
| dang wrote:
| It's great but too baity for HN so I put a phrase from the
| first sentence up there instead.
| jefc1111 wrote:
| I remember when I first read the tagline and thought it was a
| bit cheap, but later realised it's actually quite am accurate
| and appropriate description of the functionality.
| dang wrote:
| I agree, but the long tail will not be able to resist
| getting triggered.
| marcodiego wrote:
| I've grown using dial up internet in the 90's. At the time, once
| you "connected" you got a real IP you could share with anyone in
| the world. Run a service in your machine in your desk, pass your
| IP to a friend and that was all you needed. Of course, there were
| security implications and IP are a scarce resource now, but I
| liked the way it was then.
|
| IPv6, AFAIR, was promised to solve the scarcity of IP's. Every
| grain of sand could have a world reachable IP they promised us.
| What we got were CGNAT, hole punching, rendez-vous servers... If
| you want serve something "at home" these you'll have pay extra
| money for a "real IP" depending on your ISP.
|
| The current situation is bad and, considering interests of
| biggest companies that can I influence it these days, not
| improving anytime soon.
|
| I really miss the freedom I had in the 90's when I could run IRC
| server on my machine and tell my friends to connect (I actually
| did that!), when I could code a quick game and pass to my friends
| to play on-line. I see people buying security cameras and on-line
| switches, but what they are actually using are services which can
| be disabled or become paid as soon as it becomes profitable for
| the vendor.
|
| We need to be independent. We should be able run services on our
| machines and pass that to world without any special permission if
| we want. The possibility of running services should not be a
| hostage of a few billion dollar companies or deep pockets.
|
| The best solution I know so far for this problem is the TOR
| network, but it needs special software on both ends and some
| knowledge to use. It is time for us to start thinking about
| having the internet on our hands again.
| codazoda wrote:
| It's totally possible for many of us. I simply own a domain at
| Namecheap and hit their dynamic IP update endpoint to set the
| dns to point to my currently assigned IP. Mine only changes
| with router resets and such. I also forward some ports from my
| router to my machine's IP and set my machine to always get the
| same internal IP.
|
| I serve several websites from my home office on a little
| Raspberry Pi 400.
|
| Read more about the Raspberry Pi in my Bedroom at the URL
| below:
|
| https://joeldare.com/private-analtyics-and-my-raspberry-pi-4...
___________________________________________________________________
(page generated 2023-09-29 23:01 UTC)