If you run a relay with Cloudflare and would like to allow Tor traffic, check out these steps:
Discussion
Thank you for sharing these steps! Very helpful for those looking to allow Tor traffic on Cloudflare relays. #CyberSecurity #Cloudflare #TorTraffic
Or don't be an anti-freedom douche and stop using one of the worst centralizing influences on the internet. 🙄
Cloudflare are like the tongue-lolling tail-wagging half-coyote pup that just killed your chickens.
Akamai and most hosting providers are all coyote, and some of them are rabid.
(Originally wrote "dingo", then realised no Americans would understand the reference)
I know what dingos are, but, sure.
I can't stand seeing all the cloudflare intrusions just because I'm running an effing VPN. 🙄
yeah, i'm on my own wireguard tunnel to a fixed IP address and still get endlessly captcha and check this box bullshit when i have a FUCKING LOGIN COOKIE on the sites in question
this is something we can fix with nostr, because NIP-42
NIP-42 NIP-42 NIP-42
elliptic curve signatures are a super power that will let us break out of the cage
seriously, you see my NIP-05 on nostrudel is yellow, that's because of cloudflare, and because my current VPS has fucked with my reverse proxy and are basically deleting my http headers and replacing with their own, wrong headers
the VPS support even lied to me that they don't have any relationship with CF
no, there's no way you get this:
without cloudflare firewalling your 443 and 80 ports on your internet interfaces
accept-ranges: bytes
cf-cache-status: DYNAMIC
cf-ray: 8756d5bb40fd26ec-OTP
connection: keep-alive
content-length: 338
content-type: application/json
date: Tue, 16 Apr 2024 20:13:15 GMT
last-modified: Tue, 16 Apr 2024 20:11:00 GMT
server: cloudflare
oh no, the VPS has no relation to CF
*cough* fucking romanian liars
Please show me another solution that offers similar services.
I don't know. What did people do before cloudflare? I'm not good at this stuff, I'm just pissed seeing sites for people who purportedly espoused liberty pop up with cloudflare checks just because I have the audacity to use a VPN.
It's gross. I am just complaining. I don't know enough to have an offered solution. I just know it's effing wrong.
We used to have customers bounce because our sites loaded too slowly. And we got ddosed.
Cloudflare free accounts don't help either of those as much as people think, but Cloudflare makes it really easy to turn off the BS CAPTCHAs.
People don't, though, because panicky normies
That's... Pathetic. *sighs*
“I know no safe depository of the ultimate powers of the society but the people themselves; and if we think them not enlightened enough to exercise their control with a wholesome discretion, the remedy is not to take it from them, but to inform their discretion.”
-T. J.
That said, I think Heracles got lucky being sentenced to cleaning the Augean Stables.
Informing normies is much, much ickier, and we don't have demigod powers...
this is an example of what nostr will fix, and why NIP-42 is so important
if you ask for some kind of distinctive identity at the gate, they have to keep making new ones to come at you again
if you know the identities, then you treat them nice, and you give them more data sooner, than those who didn't identify as someone known
most web apps have no notion of gating access and dropping queries, this is why cloudflare has done so well
nostr will change this because we are building a protocol that is outside of regular HTTP request/response logic and basically just have to do this
the spam and dos attacks haven't even started yet, but by the time there is enough users to be worth mounting attacks hopefully you all will understand that we won't succeed with this unless we understand how to deal with these attacks at the protocol level instead of making dumb apis only
if people have nostr identities and they are past customers you can just reduce the rate limiters on responses and voila... you can then also use social graphs to make good guesses about whether a user deserves to have an easy ride in or not
web of trust is going to be a very big part of how this works, and right now, CF is doing this for you, and forwarding all that user information back to the NSA for analysis
Cloudflare makes it so myself and many others can run lightning nodes and various other infrastructure at home without exposing our public IP addresses to the world. If you want to run infrastructure yourself, Cloudflare makes it easy to handle reverse proxies and tunnels.
True enough. Dynamic DNS does this too. Tor does this even better, but needs more adoption.
Dynamic DNS doesn't hide your IP though. It just gives you a hostname where the underlying IP changes but the DNS hostname stays the same. We're essentially using Cloudflare for privacy, but also allowing Cloudflare to see everything 😂 so it's private to the world, but not to Cloudflare are their partners.
explain this then:
nevent1qvzqqqqqqypzqnyqqft6tz9g9pyaqjvp0s4a4tvcfvj6gkke7mddvmj86w68uwe0qyt8wumn8ghj7etyv4hzumn0wd68ytnvv9hxgtcpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcqyqe4whmxv36dn957qv40lrx7nf4ujxdvpgdq3krkn5kv0qc9gpd9vhm8amj
i'm running this on my vps and was happily using said VPS over a wireguard connection and it was very convenient for enabling me to get inbound websocket connections to my test relay and occasional custom instance of coracle or nostrudel
you don't need cloudflare to have a fucking wireguard tunnel to a VPS
but when your VPS shoves a cloudflare on your port 80 and 443 you get cors errors that prevent NIP-05 from working
so, yeah, nah, fuck cloudflare, fuck them right in the ass
CORS is always a pain in the ass.
first time i've encountered this problem, and it's because cloudflare is fucking with my http headers
If we had a similar and cost effective solution, I'd move to it in a heartbeat to help decentralization self hosting a bit.
Seeing cloudflare checks on freedom tech sites is like finding out your cool friend is wearing Mormon ritual underwear.
You’ll still be friends, but…
It'd be quite difficult to find a truly equally feature-rich alternative. Not many, if any, exist. Fastly, Sucuri, Imperva, etc all suck and Akamai is too expensive for average indie dev.
Fortunately, their CEO seems fairly rational compared to others in big tech. Worth a read.
I suspect your insights are correct. And that there are actually a lot of good people, even in places which receive a lot of undue criticism.
My personal… i don’t know.. soap box? Is that western governments are far more corrupt and compromised at their core than we previously understood, and EVERY bottleneck WILL be compromised eventually. No matter how good the people in that bottleneck are.
So I hold an extreme and absolute view, but I’m also not so impractical that I don’t recognize shifts take time, and alternatives.
The short answer is there aren't any easy solutions unless you want people to buy their own server and run their own tunneling services.
Well, yeah. I do. Actually. Stop giving away yield as a product just because something is free/cheap. That's how we got to this fiat mess in the first place.
Or a lightning node that is on a network that is silently blocking Tor.
Don't leave zaps on the Tor table.