297
Cloudflare is bad. Youre right.
(lemm.ee)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 26 Jun 2024
297 points (93.5% liked)
Selfhosted
40330 readers
150 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 1 year ago
MODERATORS
The trouble with cloudflare is that there is just one. It’s one of the best registrars out there, the only free/cheap and usable DNS host (have you seen what route53 charges per zone??). That without getting into the whole tunnels and DDoS mitigation end of things, which is nearly unique at any price point.
The problem with cloudflare is that we’re missing three other cloudflares to move to if they decide to pull evil shit.
The bigger trouble is creating a CDN has a stupidly high barrier to entry. You literally need your own data centers across the world, your own server infrastructure, the man power to manage it, etc.
You could try to host it on a cloud provider but you’d go bankrupt even quicker. Unless someone were to try to build a co-op run CDN, it’s just not gonna happen without a profit motive and a large amount of capital.
That’s true. The bizarre paradox of the centralization of edge infrastructure is real.
That said, the other edge-lords (haha) could offer similar functionality, but they chose not to.
I once realized so many of my favourite businesses were cooperatives. I started thinking of what other co-ops I could start and grow. The excitement faded once I realized it would have to not be about the money.
Coops are still about the money. They're about saving money by sharing resources with fellow workers/consumers, and maintaining democratic control over the company. You're not going to get rich from a coop (without embezzlement), but you and your coowners will be cutting out the middle man. Obviously, it only makes sense for industries that you're heavily invested in.
Car making without the tracking bullshit!
I feel like something like https://www.storj.io/ is on the path to what we would want/need?
There might be some additional requirements for a true CDN to ensure data is closer to where it's needed and in as many regions as needed though with the right amount of bandwidth. The data gets stored all over the place, but that doesn't mean its optimal. But they do seem to claim it's faster on their website...
Edit: For those not wanting to click, TLDR is they use excess storage around the world and make it accessible anywhere, and safe from failures. People with excess storage can join the network if they have enough storage/bandwidth and pass some tests. Their API is S3 compatible.
I mean the optimal cdn is maximally distributed to reduce load and latency right. Unfortunatly the web was not built in a manner that supports this.
Eg if we could have a single url for the same object that could be served by any server that is part of the fediverse then the fediverse itself would be an optimal cdn.
Perhaps we should take some notes from peertube. Plus more legitimate bit torrent content on the internet as a whole is hardly a bad thing make the isp's jobs harder for places without net neutrality.
Look up Anycast when you get a chance.
I consulted with professor gpt and it seams that it's basicly just giving the same ip address to multiple servers meaning that any of said servers can serve as that ip.
Also it seems said ips require paying large sums of money to isps. My poiny was more that with the current mainstream internet (http websockets etc) it would require you to run a local service/proxy that can interpret a global id and route to basicly any small server with said resource. Unfortunatly i dont think its possible to build such a thing that would just work across browsers if embedded into a standard webpage.
It's not the only free DNS service.
It's only a good registrar if you don't care about privacy and you're ok with their selection of TLDs (selected only from registries without privacy).
The free accounts do not benefit from DDoS protection. Re-read their terms of service, they're vague on purpose. If you were ever DDoS'ed (I don't know who would bother btw but that's another discussion) they'd just drop you.
You can establish the tunneling thing on your own with any VPS.
You can and should diversify your services and spread them to different providers that are easy to switch. I've been with "all in one" providers before, they inevitably end up leveraging their convenience into all sorts of crap. But until you get burned a couple of times they look really good.
can i get some alternatives. currently basically using cf pretty much just for dns, but would really like to switch
desec.io
that looks great, thanks o/
EDIT: looks like you can only manage 1 domain before having to contact their support
As it is run by volunteers, they probably want to keep corporate (or domain hoarders) off their platform unless they pay.
makes sense, they support plenty of donation options, if that's suggested/a requirement to let me transfer in more than 1 :)
Contact support and tell them how many you need and they'll try to accommodate you. There were a lot of people abusing the service and hosting hundreds of domains so now they're making everybody request them explicitly unfortunately. They've also had to suspend their .dedyn.io DDNS service indefinitely because of the abuse.
That's why we can't have nice things.
Please read up on DNSSEC because you will be required to turn it on for every domain you host with them.
https://community.letsencrypt.org/t/dns-providers-who-easily-integrate-with-lets-encrypt-dns-validation/86438
I'm not seeing bunny.net on that list, it has a DNS service with API. They have a minimum account maintenance fee of $1/mo and when you load up your account you have to load a minimum of $10. So basically it's $1/mo for which you get a lot of DNS and CDN service included (20M DNS queries and 100GB transfer).
I wish they supported my country's two CCTLDs but other than that I'm very happy. I would never buy any of the crazy vanity TLDs anyways.
I mostly own .com domains and two CCTLDs domains.
Check out desec.io als an alternative
That sure does seem to tick a lot of boxes. I’m going to check it out!
I've moved a couple of domains to dnssec and it's great, simple DNS.
Well it's cloudflare, not cloudsflare. Maybe overcasthosting, or sunblockservers...
So I need to make a VPS setup script to install bind for DNS and wireguard or openvpn and push it to gitlab/GitHub?
I am not sure what that would accomplish.
I have all that, but I still use cf for a ton of stuff.