We used to expose the dedicated servers directly (i.e. no CDN at all), and while that was fine latency-wise, the lack of DDoS protection was really the limiting factor. E.g. Hetzner will just blackhole your subnet if you get DDoSed.

It feels rather unviable nowadays to run a business without some CDN/DDoS protection service in front of your website.

yeah, but dealing with DDoS is easier in terms of DMCA unlike with CDNs because it's you hosting it, not the service provider (this is how Cloudflare avoids DMCA when you cache with them iirc)

so if you can just find a good dedicated server provider that won't cut you off, maybe that's a potential solution?

just my 2 cents though