315
Cloudflare is bad. Youre right.
(lemm.ee)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 26 Jun 2024
315 points (100.0% liked)
Selfhosted
39877 readers
314 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 1 year ago
MODERATORS
Unless you are behind CGNAT; you would have had the same plug+play experience by using your own router instead of the ISP supplied one, and using DDNS.
At least, I did.
Yes, but it does expose your own IP address and thus where you live. Tunnels don't.
True, but the downside of cloudflare is that they are a reverse proxy and can see all your https traffic unencrypted.
Yes, but if you host a public site it might be a better option, the content is public anyway, and you won't get doxed if you publish something controversial. It's a trade-off, between keeping traffic private or keeping your IP private. Wireguard works best for private traffic, but you can't host a public site with that.
Of course you can! Nginx and wireguard on a VPS and actual services wherever you want.
@qaz @Darkassassin07 what are you even saying? Ip address doesn’t expose where you live. And better get off the internet right now if your concern is exposing your ip cause it was never secret to begin with.
Tunnels stop you from opening a port so nothing is exposed openly to the internet but it does not keep your ip private.
https://letmegooglethat.com/?q=geoip+lookup
This is also incorrect.
How do you imagine that geoblocking content works if IP addresses don't expose where you live?
qaz could be using any of dozens of different methods to obfuscate their IP from the wider internet to write their comment, Tor or a VPN to name just a couple.
Not entirely. CF can protect you from DDOS of up to a few millions of calls per minute. Your home router would melt with that traffic. They also act as a firewall if you enable the proxy dns feature. They do a sanity check before forwarding the call. Also a home router cannot do this. And there's more.
Both your ISP and CF will drop you like a hot potato if you're ever under that kind of attack.
CF has other features that are nice like, like WAF, bot detection, geo blocking, caching etc. But it's only a taste.
All their real services are paid and the whole reason they offer a free tier is to upsell you to their paid services.
@lemmyvore @f2sfljLhdtTZ You can geoock without CloudFlare.
@lemmyvore @f2sfljLhdtTZ cloud flare doesn't drop you in that situation, I've been using them for years and seen them quietly and contently mitigate attacks for my clients
Sure, cloudflare provides other security benefits; but that's not what OP was talking about. They just wanted/liked the plug+play aspect, which doesn't need cloudflare.
Those 'benefits' are also really not necessary for the vast majority of self hosters. What are you hosting, from your home, that garners that kind of attention?
The only things I host from home are private services for myself or a very limited group; which, as far as 'attacks' goes, just gets the occasional script kiddy looking for exposed endpoints. Nothing that needs mitigation.
@f2sfljLhdtTZ @Darkassassin07 Eveyone so worried about DDoS. They are not going to DDoS a resedential Ip address. Sure if youbpiss someone off they well they're going to do it even without selfhosting anything.
I can assure you that before I set up Cloudflare, I was getting hit by SYN floods filling up the entire bandwidth of my home DSL2 connection multiple times a week.
No. You are skipping DNS.
I didn't skip it, I installed ddclient.
Cloudflare is the devil!
As in, running software to update your DNS records automatically based on your current system IP. Great for dynamic IPs, or just moving location.