Self-Hosted Main

504 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

Service: Dropbox - Alternative: Nextcloud
Service: Google Reader - Alternative: Tiny Tiny RSS
Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Awesome-Selfhosted List of Software
Awesome-Sysadmin List of Software

founded 1 year ago

MODERATORS

communick@selfhosted.forum

How are so many sites OK with using cloudflare when they are basically a MITM? (alien.top)

submitted 10 months ago by spottyPotty@alien.top to c/main@selfhosted.forum

87 comments fedilink hide all child comments

Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?

you are viewing a single comment's thread
view the rest of the comments

[–] ms_83@alien.top 1 points 10 months ago (8 children)

Because it’s not always about the encryption. I use Cloudflare tunnels because they are a good way of exposing sites to the internet without exposing my IP or opening ports, which means I don’t have to worry as much about DDoS or other attacks and therefore I don’t need to spend as much effort defending against them.

Even Cloudflare decides to inspect my traffic (and seriously why would they care about a tiny hobbyist website) it’s not like it gives them full access to everything, there are other controls you can use depending what your site is for.

Honestly what I don’t understand is why some on this sub have such strong objections to Cloudflare. Like I get they are a terrible company in a lot of ways, but name a tech company that isn’t?

[–] GolemancerVekk@alien.top 1 points 10 months ago

I use Cloudflare tunnels because they are a good way of exposing sites to the internet without exposing my IP

What difference does that make? I only ever heard one realistic reason for hiding your IP, which was a guy living in a suburban neighborhood with static IPs where the IP indicated his house almost exactly.

If you have a dynamic IP it will get recycled. If you get a static IP it will eventually get mapped to your precise location, Google & other big data spend a lot of time doing exactly that.

or opening ports [...] or other attacks

If your services are accessible from the internet they are accessible... doesn't matter that you don't open ports in your local LAN, there's still an ingress pathway, and encrypting the tunnel doesn't mean your apps can't get hacked.

I don’t have to worry as much about DDoS

How many DDoS's have you been through? Lol. CF will drop your tunnel like a hot potato if you were ever targeted by a DDoS. If you think your $0/month plan is getting the same DDoS protection as the paid accounts you're being super naive. Let me translate this page for you: your DDoS mitigation for $0/mo amounts to "basically nothing". Any real mitigation starts with the $200/mo plan.

load more comments (7 replies)