Centralization is bad for everyone everywhere.

That bring said… I just moved my homeserver to another city… and I plugged in the power, then I plugged in the ethernet, and that was the whole shebang.

Tunnels made it very easy. No port forwarding no dns configuration no firewall fiddling no nothing.

Why do they have to make it so so easy…

  • Darkassassin07@lemmy.ca
    link
    fedilink
    English
    arrow-up
    24
    arrow-down
    1
    ·
    5 months ago

    Unless you are behind CGNAT; you would have had the same plug+play experience by using your own router instead of the ISP supplied one, and using DDNS.

    At least, I did.

    • qaz@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      5 months ago

      Yes, but it does expose your own IP address and thus where you live. Tunnels don’t.

      • Lem453@lemmy.ca
        link
        fedilink
        English
        arrow-up
        11
        ·
        5 months ago

        True, but the downside of cloudflare is that they are a reverse proxy and can see all your https traffic unencrypted.

        • qaz@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          edit-2
          5 months ago

          Yes, but if you host a public site it might be a better option, the content is public anyway, and you won’t get doxed if you publish something controversial. It’s a trade-off, between keeping traffic private or keeping your IP private. Wireguard works best for private traffic, but you can’t host a public site with that.

          • Illecors@lemmy.cafe
            link
            fedilink
            English
            arrow-up
            3
            ·
            5 months ago

            Wireguard works best for private traffic, but you can’t host a public site with that.

            Of course you can! Nginx and wireguard on a VPS and actual services wherever you want.

      • Auli@twit.social
        link
        fedilink
        arrow-up
        1
        arrow-down
        2
        ·
        5 months ago

        @qaz @Darkassassin07 what are you even saying? Ip address doesn’t expose where you live. And better get off the internet right now if your concern is exposing your ip cause it was never secret to begin with.
        Tunnels stop you from opening a port so nothing is exposed openly to the internet but it does not keep your ip private.

        • qaz@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          5 months ago

          Ip address doesn’t expose where you live.

          https://letmegooglethat.com/?q=geoip+lookup

          Tunnels stop you from opening a port so nothing is exposed openly to the internet1 but it does not keep your ip private2.

          This is also incorrect.

          1. The entire purpose of CF tunnels is to expose sites on the internet
          2. CF tunnels (and services like it e.g. ngrok) rely on shared proxy servers that forward traffic based on HTTP host headers (which is why you can’t forward arbitrary TCP traffic). The IP of the site will therefore have the shared IP of the company’s proxy server instead of your own.
        • Norah - She/They@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          2
          ·
          5 months ago

          How do you imagine that geoblocking content works if IP addresses don’t expose where you live?

          And better get off the internet right now if your concern is exposing your ip cause it was never secret to begin with.

          qaz could be using any of dozens of different methods to obfuscate their IP from the wider internet to write their comment, Tor or a VPN to name just a couple.

      • Darkassassin07@lemmy.ca
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 months ago

        and using DDNS

        As in, running software to update your DNS records automatically based on your current system IP. Great for dynamic IPs, or just moving location.

    • f2sfljLhdtTZ@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      9
      ·
      5 months ago

      Not entirely. CF can protect you from DDOS of up to a few millions of calls per minute. Your home router would melt with that traffic. They also act as a firewall if you enable the proxy dns feature. They do a sanity check before forwarding the call. Also a home router cannot do this. And there’s more.

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        11
        ·
        5 months ago

        Both your ISP and CF will drop you like a hot potato if you’re ever under that kind of attack.

        CF has other features that are nice like, like WAF, bot detection, geo blocking, caching etc. But it’s only a taste.

        All their real services are paid and the whole reason they offer a free tier is to upsell you to their paid services.

        • DaPorkchop_
          link
          fedilink
          English
          arrow-up
          1
          ·
          5 months ago

          I can assure you that before I set up Cloudflare, I was getting hit by SYN floods filling up the entire bandwidth of my home DSL2 connection multiple times a week.

      • Darkassassin07@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        ·
        5 months ago

        Sure, cloudflare provides other security benefits; but that’s not what OP was talking about. They just wanted/liked the plug+play aspect, which doesn’t need cloudflare.

        Those ‘benefits’ are also really not necessary for the vast majority of self hosters. What are you hosting, from your home, that garners that kind of attention?

        The only things I host from home are private services for myself or a very limited group; which, as far as ‘attacks’ goes, just gets the occasional script kiddy looking for exposed endpoints. Nothing that needs mitigation.