Hey guys, For my home server I am using a Cloudflare domain name to access it, but I noticed today that my connections are secured using the Google Trust Services LLC certs, rather than the Let’s Encrypt certs Nginx Proxy Manager uses… so I’m assuming that cloudflare is having a ball sniffing all my traffic before forwarding my requests to my server…

Is there a way around this? Do other registrars do this??

Thanks!

  • forbiddenlake@fedia.io
    link
    fedilink
    arrow-up
    11
    ·
    1 year ago

    You can disable cloudflare’s tls termination by setting the DNS record to DNS only. Be aware that this then bypasses their cdn, probably making things slower, and bypasses most of the security they put in place for you.

    Other cdns may or may not do similar. It’s hard to do WAF when you can’t see the traffic.

    Note that a registrar and a cdn are different things. It’s possible to remain on cloud flare for your domain registration and DNS while using a different cdn.

    • 🅱🅴🅿🅿🅸OP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Ah I see, thank you for the reply!

      What would you recommend? I like the idea of the privacy but having that security does also sound good…

      • Scott@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        The way I see it, using their Zero Trust tunnels and such, the benefits out weigh any perceived threat from them. They handle so much traffic anymore, my little bit of data isn’t even going to be a small blip in their infrastructure. They assess the traffic for threats on the fly, they aren’t going to attempt to keep a copy of everything their system see’s, that would be just way to much to deal with. Hell of a lot better than a marketing company (Google) holding your email and the like.