02:16 <TimMc> Speaking of Cloudflare tunnels, I may have to switch ISP in a month and I'm not sure if the new one will block inbound 443. Any recommendations for software I can run on a VPS, or a service I can pay for directly, that would give the same functionality?

02:17 <TimMc> I don't need to protect against DoS or whatever, I just need to forward 5-10 ports down a reverse tunnel. (Maybe. Hopefully not!)

02:17 <ocdtrekkie> Do you know which ISP it will be? Should be able to look at their terms in advance.

02:17 <TimMc> Comcast/Xfinity. 80 and 443 aren't on their blocked port list, but I only trust their documentation so far.

02:18 <TimMc> Some people say they *do* block those ports inbound, but I *think* that's just when you use the ISP-supplied modem/router.

02:19 <TimMc> In any case, I'd like to have an option up my sleeve in case whatever ISP I'm using starts blocking.

02:19 <ocdtrekkie> Depending you may end up on their supplied router anyways. If you're concerned about the data cap, renting their modem is cheaper than getting unlimited on your own equipment.

02:20 <ocdtrekkie> At least it was last time I priced it.

02:20 <TimMc> I think my default would be "stand up an EC2 instance, and learn about tailscale and iptables real fast".

02:21 <TimMc> Data cap isn't an issue. And I'd be using my own modem and router -- I already have them and they should be compatible.

02:21 <ocdtrekkie> Tailscale Funnel just got announced two days ago, but I don't know if it would work with our DNS scheme

02:22 <ocdtrekkie> I ran my Sandstorm on a nonstandard port for a long time because of this problem but it was a pain to fix all my links everywhere when I moved to 443.

02:23 <ocdtrekkie> And obviously it was impossible to static web publish to 443 that way which was sad.

02:31 <TimMc> Tailscale Funnel looks like something that might work in the future, though.

02:32 <TimMc> Right now you can't even bring your own domain name to it, but I bet they'll change that. Definitely something to keep an eye on!

02:32 <ocdtrekkie> oooh, what about Workers?

02:33 <TimMc> I really want to avoid Clouflare, for various reasons.

02:34 <ocdtrekkie> okay, hmmm, probably can at least find a cheaper VM than EC2 somewhere, but yeah, I think that's probably the right direction to move in if you need to.

02:35 <ocdtrekkie> r/selfhosted has people talking about how they do those setups all the time

02:35 <TimMc> There's a good chance I could pull a favor from a friend and just route from one of their boxes as a temporary measure. :-)

02:35 <TimMc> nice