| ▲ | MinimalAction 10 hours ago |
| Yes, I never understand this obsession for centralized services like Cloudflare. To be fair though, if our tiny blogs anyway had a hundred or so visitors monthly, does it matter if it had an outage for a day? |
|
| ▲ | ThunderSizzle 10 hours ago | parent [-] |
| I think partially is not having to worry about certs is a nice reason to hide behind the proxy. Also, to help hide your IP address, I guess. Of course, on the other hand, I know that relying on Cloudflare cert's is basically inviting a MITM attack. |
| |
| ▲ | huijzer 9 hours ago | parent | next [-] | | > I think partially is not having to worry about certs is a nice reason to hide behind the proxy. Use Caddy. I never worry about certs. | | |
| ▲ | ThunderSizzle 8 hours ago | parent | next [-] | | Interesting. I've done a lot of manual work to set up a whole nginx layer to properly route stuff through one domain to various self-hosted services, with way to many hard lessons when I started this journey (from trying to do manual setup without docker, to moving onto repeatable setups via docker, etc.). The setup appears very simple in Caddy - amazingly simple, honestly. I'm going to give it a good try. | |
| ▲ | immibis 3 hours ago | parent | prev [-] | | Or certbot-plugin-nginx if you prefer a bit less magic. |
| |
| ▲ | ptx 9 hours ago | parent | prev [-] | | Don't you need a cert anyway to secure the connection from Cloudflare to your server? | | |
| ▲ | omcnoe 8 hours ago | parent | next [-] | | Cloudflare explicitly supports customers placing insecure HTTP only sites behind a cloudflare HTTPS. It's one of the more controversial parts of the business, it makes the fact that the traffic is unencrypted on public networks invisible to the end user. | |
| ▲ | ThunderSizzle 9 hours ago | parent | prev [-] | | You could use a self-signed cert, since cloudflare doesn't care about that. |
|
|
