Cloudflare is bad. Youre right.

Centralization is bad for everyone everywhere.

That bring said... I just moved my homeserver to another city... and I plugged in the power, then I plugged in the ethernet, and that was the whole shebang.

Tunnels made it very easy. No port forwarding no dns configuration no firewall fiddling no nothing.

Why do they have to make it so so easy...

Decronym Bot , (edited )

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
CF CloudFlare
CGNAT Carrier-Grade NAT
DNS Domain Name Service/System
HTTP Hypertext Transfer Protocol, the Web
HTTPS HTTP over SSL
IP Internet Protocol
NAT Network Address Translation
SSH Secure Shell for remote terminal access
SSL Secure Sockets Layer, for transparent encryption
SSO Single Sign-On
TCP Transmission Control Protocol, most often over IP
TLS Transport Layer Security, supersedes SSL
VPN Virtual Private Network
VPS Virtual Private Server (opposed to shared hosting)

[Thread for this sub, first seen 26th Jun 2024, 04:45]
[FAQ] [Full list] [Contact] [Source code]

Lawnman23 ,

Good bot.

Darkassassin07 ,
@Darkassassin07@lemmy.ca avatar

Unless you are behind CGNAT; you would have had the same plug+play experience by using your own router instead of the ISP supplied one, and using DDNS.

At least, I did.

f2sfljLhdtTZ ,

Not entirely. CF can protect you from DDOS of up to a few millions of calls per minute. Your home router would melt with that traffic.
They also act as a firewall if you enable the proxy dns feature. They do a sanity check before forwarding the call. Also a home router cannot do this.
And there's more.

lemmyvore ,

Both your ISP and CF will drop you like a hot potato if you're ever under that kind of attack.

CF has other features that are nice like, like WAF, bot detection, geo blocking, caching etc. But it's only a taste.

All their real services are paid and the whole reason they offer a free tier is to upsell you to their paid services.

Auli ,

@lemmyvore @f2sfljLhdtTZ You can geoock without CloudFlare.

whydoesnothingwork ,
@whydoesnothingwork@mastodon.social avatar

@lemmyvore @f2sfljLhdtTZ cloud flare doesn't drop you in that situation, I've been using them for years and seen them quietly and contently mitigate attacks for my clients

Darkassassin07 ,
@Darkassassin07@lemmy.ca avatar

Sure, cloudflare provides other security benefits; but that's not what OP was talking about. They just wanted/liked the plug+play aspect, which doesn't need cloudflare.

Those 'benefits' are also really not necessary for the vast majority of self hosters. What are you hosting, from your home, that garners that kind of attention?

The only things I host from home are private services for myself or a very limited group; which, as far as 'attacks' goes, just gets the occasional script kiddy looking for exposed endpoints. Nothing that needs mitigation.

Auli ,

@f2sfljLhdtTZ @Darkassassin07 Eveyone so worried about DDoS. They are not going to DDoS a resedential Ip address. Sure if youbpiss someone off they well they're going to do it even without selfhosting anything.

DaPorkchop_ ,

I can assure you that before I set up Cloudflare, I was getting hit by SYN floods filling up the entire bandwidth of my home DSL2 connection multiple times a week.

qaz ,

Yes, but it does expose your own IP address and thus where you live. Tunnels don't.

Lem453 ,

True, but the downside of cloudflare is that they are a reverse proxy and can see all your https traffic unencrypted.

qaz , (edited )

Yes, but if you host a public site it might be a better option, the content is public anyway, and you won't get doxed if you publish something controversial.
It's a trade-off, between keeping traffic private or keeping your IP private.
Wireguard works best for private traffic, but you can't host a public site with that.

Illecors ,
@Illecors@lemmy.cafe avatar

Wireguard works best for private traffic, but you can't host a public site with that.

Of course you can! Nginx and wireguard on a VPS and actual services wherever you want.

Aux ,

Your IP changes all the time, it doesn't matter. The best someone can deduct from your IP is the country.

qaz , (edited )

This is false. Some ISP's change IP's often, but some don't and sometimes geoip lookups can be really accurate. My IP has remained the same since I moved in, and a geoip lookup results in a coordinate less than a kilometer away. It does matter.

Auli ,

@qaz @Aux now you’ve just exposed where you live not your ipaddress. Nobody would have thought it was that close now they do.

Aux ,

I guess you live in a country with loads of spare IP addresses. Here in the UK they change every few days and IPs get rotated between all ISPs, so you can't even deduct which ISP I'm using. And sometimes my IP is not even a mainland UK IP, but some weird shit from across the world, because Empire, lol.

pirat ,

When looking up my static ip, the location I get is the one of my ISP, not my address. Do you happen to live nearby some central infrastructure of your ISP? (If it seems otherwise, I'm not trying to debunk what you said - I'm just asking curious questions!)

qaz ,

Yes, it seems to be a hit or a miss. I don't think I live near any central infrastructure or ISP, especially not this specific part of the city.

Auli ,

@qaz @Darkassassin07 what are you even saying? Ip address doesn’t expose where you live. And better get off the internet right now if your concern is exposing your ip cause it was never secret to begin with.
Tunnels stop you from opening a port so nothing is exposed openly to the internet but it does not keep your ip private.

princessnorah ,
@princessnorah@lemmy.blahaj.zone avatar

How do you imagine that geoblocking content works if IP addresses don't expose where you live?

And better get off the internet right now if your concern is exposing your ip cause it was never secret to begin with.

qaz could be using any of dozens of different methods to obfuscate their IP from the wider internet to write their comment, Tor or a VPN to name just a couple.

qaz , (edited )

Ip address doesn’t expose where you live.

https://letmegooglethat.com/?q=geoip+lookup

Tunnels stop you from opening a port so nothing is exposed openly to the internet^1^ but it does not keep your ip private^2^.

This is also incorrect.

  1. The entire purpose of CF tunnels is to expose sites on the internet
  2. CF tunnels (and services like it e.g. ngrok) rely on shared proxy servers that forward traffic based on HTTP host headers (which is why you can't forward arbitrary TCP traffic). The IP of the site will therefore have the shared IP of the company's proxy server instead of your own.
IsThisAnAI ,

No. You are skipping DNS.

lemming741 ,

I didn't skip it, I installed ddclient.

Cloudflare is the devil!

Darkassassin07 ,
@Darkassassin07@lemmy.ca avatar

and using DDNS

As in, running software to update your DNS records automatically based on your current system IP. Great for dynamic IPs, or just moving location.

art ,
@art@lemmy.world avatar

Their static website hosting is probably the best in the business. We seriously need some competition though.

lemmyvore ,

There are tons of CDNs out there.

Mora ,

Even when you host a HUGE static website (e.g. maps with thousands of image files). You can just throw it on R2 add a few transform rules, point a domain at it, and you are done. Also highlights the usability of Cloudflare compared to other solutions.

CarbonatedPastaSauce ,

I use Cloudflare as my registrar and public DNS. And only for that. Sorry but they don't get to peek at my network traffic.

nerdschleife ,
@nerdschleife@lemm.ee avatar

I use cloud flare tunnel for my home server too. Are there any viable and somewhat easy alternatives?

ANIMATEK ,

DynDNS? I'm not 100% sure what CF Tunnel does, but from my 2 min reading it seems that DynDNS would accomplish what OP described just as well.

f2sfljLhdtTZ ,

It might help to read it once more then 🙂

jjlinux ,

Oh, it's way more than what any dyndns can do.

exu ,
@exu@feditown.com avatar

Get a cheap VPS and set up a VPN of your choice.

cmnybo ,

Just make sure the VPS will shut down if the bandwidth is exceeded rather than giving you a big overage charge.

Audalin ,

Once configured, Tor Hidden Services also just work (you may need to use some fresh bridges in certain countries if ISPs block Tor there though). You don't have to trust any specific third party in this case.

qaz ,

Wouldn't that be slow?

Audalin ,

It would. But it's a good option when you have computationally heavy tasks and communication is relatively light.

vzq ,

Yes. Very slow. And only accessible from tor clients or tor2web/onion.to-like constructions. Which adds additional delay and errors.

There are things for which onion addresses are the right solution. This is not one of them.

thefactremains ,

Tailscale funnels

conciselyverbose ,

DNS names are restricted to your tailnet’s domain name (node-name.tailnet-name.ts.net)

I guess that's fine for some. Not a compromise I'm willing to make though.

Kuvwert OP ,

As soon as I can use my personal domains with tailscale funnel I'll be switching, I like tail scale a lot

h3ndrik ,

Port forwards in the router + DynDns.

hitagi ,
@hitagi@ani.social avatar

I also really like the tunnels feature. It makes self hosting at home easy for those under NAT/CGNAT or whatever it was called.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • kbinchat
  • All magazines
    •