Cloudflare and CHATONS Net Neutrality charter

Bonjour!

I was excited to learn of CHATONS earlier today and would be interested in offering static hosting to folks under the terms of the charter from my homelab cluster.

However I’m nervous about opening up my home internet connection (I don’t have the time to manage a DDoS attack, for example) so I’d want to forward requests to my homelab through Cloudflare (or something similar).

I thoroughly applaud CHATONS’ net neutrality requirement in the charter, and I know that Cloudflare has been accused of banning sites when strict neutrality requires that this never happens. (An article from their perspective here)

This line of when it is appropriate to not remain neutral is imprecise, and I believe always should be subject to rigorous discussion rather than any inflexible rule; how do CHATONS members consider Cloudflare in its role as a service and non-necessary intermediary for member sites?

1 Like

I have a self hosted CHATONS since 2019 and I have never had a DDoS. Basically we are too small to be interesting to attack :wink:

As far as I know Cloudflare is not compatible with CHATONS.

2 Likes

That’s great to hear! I’ll see what options I have for securing my cluster for un-proxied access; I depend on my internet connection for my job, so even a short attack (even something accidental, like me hosting a front-page of hacker news article) could be very problematic!

Is there any advice from the CHATONS community around things like this? (I have significant professional experience in this space, but I’d not want to turn this into a second job :sweat_smile: any advice for walking the line well would be useful!)

I only host my f0ondation’s home page (and our services), we will never be on hacker news front page.

You can have a VPN to break the link in case the used bandwith is too big or a good router (I use my ISP’s router which is quite good for some ISP in France). Somme CHATONS can sell you a CHATONS compliant VPN (and some non CHATONS like FDN: French Data Network).

To avoid it being a second full time job, you should:

  • Have somebody to help you (to be able to take some holidays)
  • avoid creating too many services (after 4 years Katzei will create it’s third service )
  • wisely choose your tech to be easy to maintain (katzei is based on proxmox/debian, simple and easy to maintain).

Hi @byjp, and welcome to our forum! :slight_smile:

Same as Meewan: I’ve been hosting services for local associations / initiatives for almost 20 years and never had to suffer a DDOS attack. Had a few bad experiences (e.g. one or two intrusion.s over that time period, and some unpleasant content to delete) but overall the attack model you describe is not one I’ve faced yet.

As for the second job concern, yeah. When you accept people on your server then you owe them some acceptable level of service, explicitly or implicitly. The Chatons have different approaches regarding that, ranging from sort-of SLA with users to a simple best-effort basis (« In case of an emergency, we care about humans above service. »). Everything in-between is fine as long as you are transparent, and your users know what to expect - that is, we recommend explicitly stating this rather counting on some implicit assumptions. Usually if you show dedication, they show patience, and it works well. Usually. Also, as Meewan mentions, sharing admin with someone you trust is definitely a game changer, both for the load and the availability (think vacations or week-ends).

Please keep us posted about how it goes for you!

1 Like

For sharing the admin, we have two servers in two place one in each admin appartement (and vpn to access each other network)