Hi everyone

Thanks for all the advice on buying a domain. Its a big week for me. Getting on grapheneos, buying a domain, and I also recently started self hosting my contacts and calendar. I love this way of life.

My original plan was to one of the xyz 1.1111b domains for $1 a year but most of the feedback I got said just go with cloudflare. Its a lot more money than I had planned but all the security features are baked in and I feel that’s worth the extra money.

Here are my questions. I use the latest version of truenas community

  1. How do I connect my domain to my server apps? I’ve got a series of apps I’d love to he able to access without tailscale and solely use the domain.
  2. I have heard the term DNS a million times but don’t really understand it. What do.I need to know about DNS to keep security up and stay protected
  3. I’d like to let family access my media server, are there any considerations I need to make?
  4. How can I use one domain to access multiple services on my server? Do I need to pay extra for subdomains?

Thank you for any advice

  • foggy@lemmy.world
    cake
    link
    fedilink
    English
    arrow-up
    5
    ·
    9 hours ago

    That’s a gatekeeper-ass take. It isnt sad in any way shape or form. What an elitist proclamation.

    If you build your own infra internally and want a billion dollar industry to be your point of entry because you’re not confident in hardening a vps or don’t wanna pay for that on top of everything else (yet), so the fuck what?

    REEEE YOU MUST OWN ALL OF YOUR INFRA

    🙄

    Get bent. If cloudflare goes down again (for another whole handful of minutes, the horror!!) they are clearly ramping to make the jump to a VPS when the finances and/or cybersecurity chops feel ready and the needs arise. “Sad”? Please. Get off your high horse. You make the rest of self hosters look bad.

    • non_burglar@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      7 hours ago

      I mean, there’s a difference between not gatekeeping when talking about cloudflare and completely waving Cloudflare’s banner on your front lawn.

      • Cloudflare has full access to your traffic, and privacy is a very strong motivator for a good chunk of self-hosters.
      • You might also be interested in Cloudflare’s unending string of bad actor captcha redirects that Cloudflare inexplicably won’t resolve, for all their 800lb gorilla strength in warding off DOS volumetric attacks.
      • Another thing you would think Cloudflare has resolved: captcha hell.

      So yeah, I wouldn’t have phrased it the way original comment was phrased, but holy cow, bro… Cloudflare is far from perfect and the people that will have existential problems with Cloudflare are very likely to be self-hosters.

      • foggy@lemmy.world
        cake
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 hours ago

        I’m not out here to Stan for cloudflare. It’s just a totally valid tool for the job, there are valid reasons to use it, and as we agree, it’s not productive to tell a newcomer that their choice of meeting their needs is “sad”

        In fact, it’s an unwelcoming thing to say. If we want folks to stop using cloud services, we can’t shame the valid paths to get there.

    • Jason2357@lemmy.ca
      link
      fedilink
      English
      arrow-up
      6
      ·
      8 hours ago

      Sorry to have made you upset. I consider Cloudflare to be the “gatekeeper” here.

      I have seen all the walkthroughs and it looks like the worst of both worlds -false sense of security and more complexity and weird non-transferrable knowledge than first glance. I suggest they use a VPN to connect to anything you can’t secure easily, as there are lots of options, and far smaller attack surface than a Cloudflare “protected” (hint: its not protected from anything but the lazyest automated attacks) proxy.

      Note: I understand moderate sized businesses using Cloudflare because DDOS attacks for ransom are a thing and a days outage can cost a lot of money. But its a protection racket and I don’t blame victims.

      • foggy@lemmy.world
        cake
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 hours ago

        I think you missed my point. You are mistaking your preferred architecture with moral superiority.

        Cloudflare is not “gatekeeping” someone from self-hosting. It is an optional tool. A person choosing to use it because they are new, budget-conscious, or not ready to expose services directly is not sad, fake self-hosting, or somehow philosophically impure.

        You can absolutely argue that Cloudflare has tradeoffs. That is fair. It adds dependency, abstraction, and vendor-specific knowledge. It is not magic security dust. No disagreement there.

        But telling a beginner “this is sad” because they are using a mainstream protective layer while learning is exactly the kind of gatekeeping that makes self-hosting communities hostile to newcomers.

        Also, “just use a VPN” is not a universal answer. VPNs are great for private admin access. They are not always the right solution when someone wants family members to access media or services without managing VPN clients, device support, troubleshooting, and onboarding. Different threat models, different usability needs.

        The helpful response would have been: “Cloudflare can be useful, but understand what it does and does not protect you from. Don’t expose admin panels. Use MFA, strong auth, least privilege, good backups, updates, reverse proxy rules, and keep anything sensitive behind a VPN.”

        That is useful advice.

        “This is sad” is just self-hosting purity signaling.

        I have tagged you as “selfhosting gatekeeper” for future reference.

    • lightnsfw@reddthat.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 hours ago

      There’s nothing wrong with wanting to keep corporations out of your stuff. Everything ran by them is constantly enshittifying. It’s their nature to do so. What happens when cloudflare rugpulls you?

      • foggy@lemmy.world
        cake
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 hours ago

        There’s plenty wrong with shaming people en route to that path for not being 100% there.

        That is all I said.

          • foggy@lemmy.world
            cake
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 hours ago

            this is sad

            They literally led by throwing shame unto OP.

            That’s how they opened their response.

            It is not sad. Suggesting it is sad is a “gatekeeper-ass thing” to say.

            • lightnsfw@reddthat.com
              link
              fedilink
              English
              arrow-up
              2
              ·
              4 hours ago

              Saying something is sad isn’t shaming it. It’s saying it makes you sad. Which can be caused by whatever depending on the purpose. You wouldn’t say someone expressing that at a funeral was shaming the deceased would you?

              • foggy@lemmy.world
                cake
                link
                fedilink
                English
                arrow-up
                1
                ·
                4 hours ago

                I think your life is sad.

                Let me know how you took that.

                Welcoming? Adversarial?

                • lightnsfw@reddthat.com
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  4 hours ago

                  Well, I’d say you’re right, but I don’t know how you could have enough information about me to make such a determination just from this short conversation.

                  • foggy@lemmy.world
                    cake
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    4 hours ago

                    Right. And nor does Jason have enough info on OP.

                    So it comes across, as I said, as a “gatekeeper-ass” thing to say in the context of OPs journey to self hosting.

                    Where they are is in no way “sad”. Except if you’re being an adversarial gatekeeper dick about purity.