Hi, I wanted to host a personal Lemmy instance online (for just myself, I don’t think I can take the upkeep for other users - please let me know if this is not possible) and wanted to understand how to “attach” a CDN service to it.
The idea behind doing this is that I’m in the US but I’m looking to host a server in Europe. I am looking into Cloudflare’s free CDN service, but it would be great if someone could point me towards how I can configure this setup to speed up the loading time for my Lemmy instance (which is going to be far away from me, geographically).
I would also like to know about your setups and how you have hosted Lemmy.
Thanks!
The reasons for having to use their nameservers is probably about getting some data in the process. But DNS queries are quite harmless compared to the MITM issue for the actual traffic.
Traffic proxied via CF uses their TLS certificates. Look up how HTTPS works, and you’ll understand that it means the encryption is terminated at Cloudflare.
For the record, CF DNS infrastructure is really solid. For something already public anyway, I’d use their services in a heartbeat. You get some WAF features and can add firewall rules like geoblocking, even on the free tier.
For sensitive data, I probably wouldn’t use the proxy service.
Ah, I think I’m starting to understand. Since they ask you to replace the default certificates with Cloudflare specific certificates, in order for these certificates to be authorised, the nameserver needs to be from CF.
But then, if they were to not use their own specific certificate, this would not be a limitation, yes? (As I imagine is the case with the more premium plans). In the case of the premium plans, how do they secure traffic and provide proxy/CDN services with just a CNAME?
A CNAME is just a DNS record that points to another DNS record, technically they could allow it for free users too.
I’d guess the point is they get info on what free users do with their DNS, to help make their paid services more appealing.
No offense, but you might be seriously overthinking this.