I honestly dont see how mail can be reliably self hosted, and be accepted by the majority of filters. Especially as we move farther and farther into the world of limited IPv4 availability.
All it takes is for your IP to be listed as spam, and a large number of companies out there are going to put you in junk, or worse drop you completely.
Add on top of that the issue of reliability, and I just can’t fathom hosting myself. It makes much more sense to me for email to be one of the only things you do third party.
I believe this is old information and any restrictions around serving none HTML content has been removed from their terms of service related to cloud flare tunnels.
Privacy/security: Cloudflare terminates HTTPS, which means they decrypt your data on their side (e.g. browser to cloudflare section) then re-encrypt for the second part (cloudflare to server). They can therefore read your traffic, including passwords. Depending on your threat model, this might be a concern or it might not. A counterpoint is that Cloudflare helps protect your service from bad actors, so it could be seen to increase security.
Cloudflare is centralised. The sidebar of this community states “A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.”, and Cloudflare is for sure a service you don’t control, and arguably you’re locked into it if you can’t access your stuff without it. Some people think Coudflare goes against the ethos of self-hosting.
With that said, you’ll find several large lemmy instances (and many small ones) use cloudflare. While you’ll easily find people against its use, you’ll find many more people in the self-hosted community using it because it’s (typically) free and it works. If you want to use it, and you’re ok with the above, then go ahead.
In addition to the above, most of the percieved advantages of CF are non-existent on the free tier that most people use. Their “DDoS protection” just means they’ll drop your tunnel like a hot potato, and their “attack mitigation” on the free tier is a low-effort web app firewall (WAF) that you can replace with a much better and fully customizable self-hosted version.
They explicitly use free DDoS protection as a way to get you in the door, and upsell you on other things. Have you seen them “drop your tunnel like a hot potato”?
Now obviously if their network is at capacity they would prioritise paying customers, but I’ve never heard of there being an issue with DDoS protection for free users. But I have heard stories of sites enabling Cloudflare while being DDoSed and it resolving the problem.
Any stories you’ve heard about websites enabling CF to survive DDoS were not on the free tier, guaranteed.
Please re-read the description for the free tier. Here’s what “DDoS protection” means on free tier:
Customers are not charged for attack traffic ever, period. There’s no penalty for spikes due to attack traffic, requiring no chargeback by the customer.
Will they use some of their capacity to minimize the DDoS effects for their infrastructure? Sure, I mean they have to whether they like or not, since the DNS points at their servers. But will they keep the website going for Joe Freeloader? Don’t count on that. The terms are carefully worded to avoid promising anything of the sort.
They also say “Cloudflare DDoS protection secures websites and applications while ensuring the performance of legitimate traffic is not compromised.”, with a tick to indicate this is included in the Free tier.
You are honestly the first person I’ve heard complain about Cloudflare failing to protect against DDoS attacks. However, I have no doubt that not having Cloudflare, I would fare no better. So still seems worthwhile to me.
The first point is only when you use the tunnel function, right ?
Because I noticed, if use the tunnel function (hiding your private ip) the sites gets an Cloudflare certificate, but if just using it as DNS (without tunnel) the page has my certificate.
If you use DNS with proxy it still applies, you should get a Cloudflare certificate then. But yes, if you use Cloudflare as DNS only, then it should be direct. I believe you get none of the protection or benefits doing this, you’re just using them as a name server.
The Cloudflare benefits of bot detection, image caching, and other features all rely on the proxy setting.
Also if proxying is enabled, your server IP is hidden which helps stop people knowing how to attack your server (e.g. they won’t have an IP address to attempt to SSH into it). You don’t get this protection in DNS only mode either.
Basically if you’re using DNS only, it’s no different to using the name server from your domain registrar as far as I can tell.
There’s a third point which is: Things in CloudFlare are publicly accessible, so if you don’t put a service on front for authentication and the service you’re exposing has no authentication, a weak password or a security issue, you’re exposing your server directly to the internet and bad actors can easily find it.
Which is why some services that I don’t want to have complicated passwords are only exposed via Tailscale, so only people inside the VPN can access them.
I have a cloudflare tunnel setup for 1 service in my homelab and have it connecting to my reverse proxy so the data between cloudflare and my backend is encrypted separately. I get no malformed requests and no issues from cloudflare, even remote public IP data in the headers.
Everyone mentions this as an issue, and I am sure doing the default of pointing cloudflared at a http local service but it’s not the ONLY option.
I’m not quite sure I get what you’re getting at. If you’re using Cloudflare (for more than just a nameserver), then the client’s browser is connecting to Cloudflare via a Cloudflare SSL certificate. Any password (or other data) submitted will be readable by Cloudflare because the encryption is only between the browser and Cloudflare. They then connect to your reverse proxy, which might have SSL or it might be unencrypted. That’s a second jump done by re-encrypting the data.
How does the reverse proxy help, when the browser is connecting to Cloudflare not to the reverse proxy?
Consider checking out XCP-ng. I’ve been testing it for a few days and I’m really enjoying it. Seems less complicated and more flexible than Proxmox but admittedly I’m still learning and haven’t even tried multiple servers yet. I would suggest watching some YouTube videos first. Good luck!
I want to like XCP-ng. Unfortunately my primary use case is VMs or containers working with attached USB devices. On Xen it seems like an absolute nightmare to passthrough USB or PCI devices other than GPUs (as vGPUs).
Even on Proxmox it has been frustratingly manual.
I’m planning to try out k8s generic device plugins. I don’t really need VMs if containers will cooperate with the host’s USB. I’m sure that will be a bit of a nightmare on its own and I will be right back to Proxmox.
I hope someone will tell me I am wrong and USB can be easy with Xen. I do prefer XCP-ng over Proxmox in many other ways.
Here’s their documentation. The tip suggests it may have been harder in the past but it doesn’t seem too bad now. Hopefully this is configurable in Xen Orchestra in the future.
For your Proxmox cluster shoot for three devices. With three devices you can do high availability which is a bonus but not something I though to do when I built my setup.
I need to re-ip both of my proxmox hosts and ran into a wall due to quorum. This could get me over that hump.
That being said, it was a failed experiment to put them in a cluster. I don’t use any of the cluster functionality and would love to destroy the cluster config w/o having to rebuild the proxmox hosts.
You don’t have to rebuild the proxmox hosts to remove the cluster. I made the same mistake last year sometime and was able to remove the cluster and each of the proxmox machines works as it should standalone. I don’t recall the exact steps but it was very easy. A quick search for “proxmox remove cluster” gave me this result and from what I recall these are the steps I followed as well. https://rostislavjadavan.com/posts/promox-delete-cluster
I have looked high and low for how to delete a cluster and have never stumbled on this page, thanks! Almost everything I found said I had to destroy proxmox and reinstall it.
Use Nextcloud AIO mastercontainer, set up joplin with Nextcloud sync (which is webdav). Use the builtin backup function in Nextcloud AIO container to backup nextcloud and the files it contains that are your joplin notes (and anything else you use nextcloud for).
I even use Nextcloud for its Gpoddersync app to keep my podcast subs/progress from Antennapod.
selfhosted
Newest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.