maybe it’s a bad idea to put the entirety of the backbone of the internet on one or two private companies.
Cloudflare’s dominance is a huge problem exactly for this reason. Having a single point of failure is a huge risk, and it’s surprising that governments don’t view this as being a matter of national security.
As a side note, and not to “well ackshully”, but Cloudflare isn’t a backbone provider. But your point still stands lol.
they dont because they have no clue about anything technological.
Cloudflare is providing national security services to western governments. Look at where it is located and the laws it must abide by.
It’s blows my mind that it’s so obviously bad to do and yet here we are
Not only because it’s a single point of failure, but also because it’s a single point of surveillance.
Cloudflare can read and even modify the communications everyone has with sites behind its HTTPS service. And it can monitor people’s browsing through its DNS-over-HTTP service. And it can fingerprint people’s browsers through any of its services that use JavaScript, such as its CAPTCHA-like thing.
Also the irony that some “is it down”-detectors using Cloudflare are also down.
Who’s willing to bet it’s DNS ?
not Lupus?
deleted by creator
The status page is overloaded and just gives http 504 errors. Kind of ironic that a cdn provider gets that type of error.
Works for me now as well. I guess it was a temporary thing. Still not something you would expect.
Pretty quiet on lemmy without .world and .ca and whatever else. I’m glad to see beehaw still up.
Glad to see it doesn’t use cloudflare.
All three instances I have accounts on use CF. I was beginning to think it was my client I was using or they suddenly implemented the “Great Firewall of USA” and figured out a way to block Lemmy instances.
deleted by creator
Also .radio . They’re fantastic.
both lemmy.world and lemmy.ca are working for me right now? Maybe they’ve come back up.
Even though I don’t host anything important, I’m still glad I found alternative ways to hosting my own stuff without the use of any of Cloudflare services.
I’ve noticed over time that the self-hosted communities have been suggesting Cloudflare Tunnels less and less since Trump and his gang took over America. Maybe this latest outage will push more people to not recommend Cloudflare again in the future.
I still remember when I first got into self-hosting and being mocked pretty hard for questioning the use of such a large centralized service like Cloudflare. I’m glad I persisted and kept learning in my own direction but that still was very demotivating at the time.
I think the only thing that is very had to replicate from cloudflares ia ddos protection since they take the hit instead.
True.
My self-hosting strategy is wildly alternative and not one I speak much about publicly. I’m the only person connecting to my own domain so as long as I continue to practice shutting the fuck up, I can get away with using multiple layers of obscurity rather than fiddling with third party solutions.
I check my logs daily and the only activity I ever see is my own. Since I am not hosting anything critical or sensitive, I have the opportunity to experiment this way without much risk to myself.
The way I’m set up, I am not concerned with DDOS attacks because it would fail to get past the Dynamic DNS. If I were hosting a social media platform or something more public, then I would need to take stronger measures to protect myself and that data.
The only thing I use CloudFlare for is encrypted DNS stuffs, other suggestions for this?
Thanks for the rec, I’ll have a gander, and try it out next day I have free!
I do want to write up a guide about how to setup Caddy + DeSec.io but I don’t have the time at the moment. If you have any questions, feel free to ask. I can try to help where I can.
I’ll leave you this previous post I made, you might find some additional information in there if you get stuck. https://lemmy.dbzer0.com/post/51117983
Also, someone suggested using a wildcard cert for the use of any sub-domain names. I chose to learn and use that because it helps obscure my services. If you have any interest in security, it might interest you. It terms of security, it’s not the absolute way to protect yourself, but I think it helps when combined with other security measures. If you read the comments in the post, you should get some more insight about it.
Europe, pleeeeaaaasssseee! Get off of this infra!
It is not just Europe the entire world should stop using American companies for everything. Amazon, Microsoft, and cloudflare. A big portion of the internet is US dependent. Russia and China seem to realize how big of an issue this is, Europe still too dependent.
sure, i’m with you. i just happen to be in Europe.
I think they’re starting to realize it, a lot of European govt agencies have been migrating from Windows to Linux distros
Had to get that account back as piefed.zip, piefed.social and lemmy.zip cannot be accessed.
Cool to see other people still able to access the Threadiverse
Ye we’re not relying on cloudflare for precisely this reason.So much of the “decentralized” internet just got brought down by one providing failing.
Thank you as always for your service!
Edit: surprisingly https://anarchist.nexus/ seems to use CF
shakes fist tenchikeeeeeeeeen!!!
😄
ikr signing into my slrpnk.net account was like going to an old home I hadn’t been in for a while.
No issue on slrpnk.net
Discuss.online is still going strong!:-)
On the other hand, the only Piefed instance that is still up is https://piefed.blahaj.zone/ it seems
I’m willing to move away from cloudflare if only I can expose servers without a global IP and needing to open port on the router side. Do anybody know how to do this?
Or maybe I should move to somewhere I can setup port-forwarding?
VPS+VPN, this is what I do.
VPS has public IP and runs WireGuard “server”* and a reverse proxy (and fail2ban…). Reverse proxy points to my home computer over the WireGuard link. No open ports on my home router.
For private facing/LAN-only services I just don’t have an entry in the VPS reverse proxy. DNS on the router points everything to my local server, so if at home I access everything directly. To access internal services remotely requires VPN (i.e., WireGuard to the VPS).
Works well; I have a tiny free tier VPS but even so, no complaints.
*Yes I know there are no wg clients or servers, only peers, but it plays a server-likr role.
I’ve been thinking about this setup but it depends on external server after all…
Yes, but you can run multiple VPS, from different providers, simultaneously.
What I like is that while it does depend on an external provider, it doesn’t depend on a specific external provider. Any VPS with a public IPv4 would work.
I wish I could afford multiple VPS
If you search around you might find free ones. Oracle has/had a free tier (though it’s Oracle, so…).
Maybe Pangolin is what you are looking for.
So it’s basically the same as what https://startrek.website/u/qjkxbmwvz described above … but with extra security features?
You could use something like tail scale
Tailscale is definitely the most frictionless solution. But you will then rely on tailscale instead of cloudflare, so not ideal. You can also host Headscale so you do not have to rely on them either.
I’ve never heard of headscale. Can you hook this up to a domain like you can with cloudflare tunnels? That was my main reason for using it. Being able to just hand my family member a domain to point to and see audiobooks
Yes you can, easiest is called tailscale funnel, you’ll just get a url leading to whatever you have hosted. Slightly more complicated is either installing tailscale on family devices and use it as a VPN (so your service is safely shielded from the public internet ), or you can use a reverse proxy on a cheap/free tier VPS.
Tailscale is fine, problem is I have to keep my phone connected to the tail network, which drains the battery. I do have a tailscale subnet router running under my network so I can fix things remotely.
Just use wire guard. This is what tunnels is and this is what tail scale uses
I should really move my domains away from CloudFlare…
T-thanks cloudflare!!!
Gotta get 1 of our 5 a day in :3
Ah, the famous service that is too big to ever fail, fails again…
Ahhhh, feels so good to be proven correct.
Stop using centralised services, especially botnet like ones that protect fascist harassers.
