Are you using cloudflares protection or proxy? That orange toggle next to the a record?
If so, then cloudflare is acting as a middle man and will use their SSL certs.
Are you using cloudflares protection or proxy? That orange toggle next to the a record?
If so, then cloudflare is acting as a middle man and will use their SSL certs.
Ohhh wow I can't believe I forgot about that, I feel so dumb hahaha.
Are there any benefits to keeping this switched on? Other than than the security I mean, is the tradeoff between privacy and security worth it in your opinion?
That's something you'd have to decide in your threat model.
Do you think cloudflare, which is trusted by many, many large organizations would do anything malicious with your traffic? It's unlikely, but if that is something your concerned about them turn it off. I don't think for most self hosted services it's necessary but I also don't think it matters either way.
Good point, I'll leave it on then. Thanks for your help!
You can disable cloudflare's tls termination by setting the DNS record to DNS only. Be aware that this then bypasses their cdn, probably making things slower, and bypasses most of the security they put in place for you.
Other cdns may or may not do similar. It's hard to do WAF when you can't see the traffic.
Note that a registrar and a cdn are different things. It's possible to remain on cloud flare for your domain registration and DNS while using a different cdn.
Ah I see, thank you for the reply!
What would you recommend? I like the idea of the privacy but having that security does also sound good...
The way I see it, using their Zero Trust tunnels and such, the benefits out weigh any perceived threat from them. They handle so much traffic anymore, my little bit of data isn't even going to be a small blip in their infrastructure. They assess the traffic for threats on the fly, they aren't going to attempt to keep a copy of everything their system see's, that would be just way to much to deal with. Hell of a lot better than a marketing company (Google) holding your email and the like.
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!