Both Lemmy.world and my server rely upon Cloudflare for SSL, DDOS protection, CDN services, etc. I use it to provide me with a Cloudflare tunnel to get around not being able to forward ports.
Outages have put this dependance to question, and the same with recent news about the US government obtaining data through subpoenas. It’s a free service that takes care of many of the difficulties when it comes to hosting your service online, but everyone knows that free is not free.
What do you all think about Cloudflare?
Cloudflare is one of the secret ruling parties of the internet.
I don’t understand why so many Americans like to use it, even the ones who tend to think liberal and go for self hosting.
What are the alternatives?
And a VPS and any number of tunneling systems for the remote reverse proxy.
Rathole is my goto. But SSH forwarding, wireguard… There’s plenty, even ones that will entirely manage the reverse proxy on the VPS.
How will it help against ddos?
It doesn’t.
Have you ever been ddos’d? I haven’t.
I imagine if it happens, I’ll just switch off the VM.
If it’s actually a problem, then I’d see what the VM hosting company recommends. Ultimately they will have something in place so that if my VM gets targeted they can isolate it.
My sites get denied service. Oh well.
I’ve never had anything get so popular that I actually need the tooling that cloudflare offers. I’ve never had anything targeted in a way that cloudflare would protect against.
If that is actually a vector in your security and reliability analysis, then yeh. It’s probably the right tool for it.
And there are other competitors than just cloudflare if you actually need the protection, which should each be considered.
Regularly.
Great, use cloudflare or any number of other ddos mitigation services. Or get a larger peering connection and eat the ddos.
Edit:
And to be clear, my context for the suggestion was this part in OPs question:
Letsencrypt for SSL,
fail2ban for ddos protection,literally just a disk for cdn.F2B for ddos protection?! You have absolutely no idea what you’re doing. At all.
You’re right, I was writing this from the top of my head and remembered f2b as simply the banning one and didn’t properly check its capabilities for ddos. Sorry for that
Does fail2ban actually help?
In a strong enough DDOS, you need someone before you to stop the traffic, at which point you either have a good provider, or have to submit to someone bigger than you.
This is probably why so many people use cloudflare. Similarly to discord, their serivices can be found on several different platforms but they are the only ones who offer all of them for free.
deleted by creator