Ladvien's Lab

Latest Posts

Showing human-only content
Expose PostgreSQL Securely over the Internet using Cloudflare Tunnel
C. Thomas Brittain AI-Augmented

This guide walks through exposing a PostgreSQL server running on your local network securely over the internet using Cloudflare Tunnel and optionally a reverse proxy. The PostgreSQL server can live on a Raspberry Pi or any other machine in your home lab.

1. Prerequisites

  • PostgreSQL server (e.g. on Raspberry Pi or Ubuntu machine)
  • Static IP or DHCP reservation for the host
  • Cloudflare account with a domain (e.g. lolzlab.com )
  • cloudflared installed and configured on the local network
  • PostgreSQL server already configured and listening on a LAN IP

2. Configure PostgreSQL to Accept Cloudflared Traffic Only

On the machine ...

Building a Health Data Pipeline - iOS Auto Export to FastAPI & PostgreSQL
C. Thomas Brittain

This article walks through building a working health data pipeline that automatically syncs your Apple Health data to a PostgreSQL database using FastAPI. No fluff, just the code that actually works.

The Problem: Health Data are Trapped

ios-to-warehouse architecture diagram showing data flow from Apple Health to FastAPI to PostgreSQL

I've been wearing an Apple Watch for years, collecting thousands of data points about my heart rate, sleep, workouts, and more. But here's the thing—all that valuable data just sits there in the Health app, basically useless for any real analysis.

As a data engineer, this drives me nuts. I want to run SQL queries against my health data. I want to ...

Switch from Cloudflare Origin Certificates to Let’s Encrypt on Raspberry Pi with Cloudflare Tunnel
C. Thomas Brittain AI-Augmented

If you use a Cloudflare Tunnel (instead of a public IP), traditional Let’s Encrypt HTTP challenges will fail. This guide walks you through replacing a Cloudflare Origin Certificate with a Let’s Encrypt certificate using Certbot with the DNS-01 challenge and the Cloudflare API.

Prerequisites

Ensure you have:

  • A domain (e.g., self-sensored-api.lolzlab.com )
  • DNS managed by Cloudflare
  • A working Raspberry Pi with Nginx installed
  • sudo or root access
  • A Cloudflare account with API token permissions

Backup and edit your Nginx config: 

sudo cp /etc/nginx/sites-available/reverse-proxy.conf ~/reverse-proxy.conf.backup
sudo nano /etc/nginx/sites-available/reverse-proxy ...
Add HTTPS to Your Raspberry Pi with Nginx and Cloudflare
C. Thomas Brittain AI-Augmented

This guide walks through setting up a secure HTTPS connection between your local Raspberry Pi reverse proxy and Cloudflare using a Cloudflare Origin Certificate . This enables Full SSL mode , improving security end-to-end.

0. Prerequisites

  • Cloudflare account with a configured domain (e.g. <your-host-name>.com )
  • Cloudflared tunnel already running on your gateway device
  • Nginx reverse proxy running on a separate Raspberry Pi (e.g. 192.168.1.102 )
  • Cloudflare SSL/TLS mode set to Full (not Flexible)

1. The Architecture

The plan is to have several pieces of infrastructure.

  • Cloudflare - directs traffic from my domain down a tunnel into a Pi ...
Nginx Reverse Proxy on Raspberry Pi (Ubuntu Server)
C. Thomas Brittain AI-Augmented

I've recently setup a home server array using Raspberry Pis I've impulsively purchased over the years.

Currently I have the following setup:

  • A Pi with Postgres database
  • A pi with a network attached storage device
  • A Cloudflare tunnel to a Pi

It's Pi running the Cloudflare tunnel I also would like to act as a reverse proxy. This should allow the proxy to direct traffic to the correct place within the home network.

2. Prerequisites

  • Raspberry Pi running Ubuntu Server (proxy Pi)
  • Static IP set for the proxy Pi
  • Other Pis or home servers running web apps (e.g., at ...
Securely Expose Your Raspberry Pi 5 with Cloudflare Tunnel
C. Thomas Brittain AI-Augmented

Cloudflare Tunnel (formerly Argo Tunnel) allows you to expose your Raspberry Pi 5 services to the internet without port forwarding , without exposing your IP , and with automatic HTTPS —all for free.

This guide walks you through setting up a Cloudflare Tunnel to access a web service running on your Raspberry Pi 5 at home.

🔧 Prerequisites

To get started, you'll need:

  • A Cloudflare account (free tier is sufficient)
  • A domain name added to Cloudflare (e.g. yourdomain.com )
  • A Raspberry Pi 5 with Ubuntu (or compatible Linux)
  • A running web service (e.g., Flask app, Nginx, Node, etc.)
  • Optional: Static IP ...
Secure Remote Postgres with Cloudflare Tunnel + Access
C. Thomas Brittain AI-Augmented

This guide walks through exposing a private PostgreSQL server (e.g., running at 192.168.1.104 ) to the internet securely using Cloudflare Tunnel + Access — ideal for containers, cloud VMs, and codex environments.

This method is production-capable, free (under 50 users), and requires no inbound ports or static IPs.

1. Prerequisites

  • Home PostgreSQL server on 192.168.1.104
  • Another home device (e.g., Pi, NUC) at 192.168.1.102 running cloudflared
  • A domain managed by Cloudflare (e.g., lolzlab.com )
  • Remote client (Codex container, VM, laptop)
  • Installed:
  • psql
  • cloudflared

2. Configure the Cloudflare Tunnel (at home)

2.1 ...

Setting up a Raspberry Pi NAS
C. Thomas Brittain AI-Augmented

As a data engineer and solutions architect I'm often playing with data at home. Lately, I've been gathering image data for training some machine learning algorithms on no-reference automatic image quality assessment (no reference IQA). This problem seems to have been worked on by the group behind the LAION-Aesthetics dataset.

This dataset is massive (at least, to me). The full set is 1.2 billion images. And! I want every one of them. 😂

As a data engineer, I’m more familiar with ETL/ELT pipelines than managing raw filesystems. Let alone managing such a huge file based dataset. After ...