I mean, this and the reddit board are /r/selfhosted. We self-host, yet I see so much about people relying on 1.1.1.1 and Cloudflare’s proxy services that they never second-guess.
I don’t care about Cloudflare. My server doesn’t exist to use their proxies and services when the entire point is to divide from reliance on third-parties.
I already found Anubis, I’m sure many of you are familiar with it. Are there any other useful tools or similar that you guys have been using?
If you want DDoS protection you’re gonna need to work with someone who can swallow and filter a whole botnet’s worth of traffic and keep running. That takes some serious infrastructure.
I recommend Cloudflare for small businesses because their terms of service are actually decent, and blending their traffic into that stream makes their website indistinguishable from larger competition.
The next closest things are Pangolin (https://digpangolin.com/) and WireGuard. You’ll need to rent a server somewhere with a public-facing IP to run the server-side software (and DDoS protection is based on the services provided by your datacenter host). Pangolin has a UI similar to Cloudflare, but under the hood, it’s just Wireguard, so if you prefer more direct control, you can just set up a Wireguard tunnel by hand.
For myself, and my own needs, I don’t need all that. I just use DDNS* to point my DNS records to my home’s public ip address & use port forwarding to connect ports 80 & 443 to Nginx Proxy Manager. (When I add Anubis, I’ll port forward to Anubis and then have Anubis redirect valid traffic to Nginx Proxy Manager) This setup offers no protection against DDoS, but for what I use it for, I think it’s an acceptable risk (I’d either have to get someone’s attention and ire or just be cosmically unlucky)
*the server has a cron job to curl the DDNS refresh URL every hour.