I’ve recently found myself without much to do (short version: the company that my company was contracting to went into voluntary administration just before Christmas, while Ada and I were away in Melbourne), so I’ve had a little bit of time on my hands to do some work on the site infrastructure, free from meetings and corporate wankery. YAY!
One of the things I’ve wanted to do for a while now is setup some form of edge-node caching and geo-DNS to get the various sites we host closer to you folks who use our instances.
And yes, there’s Cloudflare… and Akamai… and Bunny.net… however as a safe-haven for vulnerable minorities, and with the geo-political situation the way it is these days, we really need to be super careful about where we terminate your connections. Who are the intermediate people who can see and collect your data. Who can switch our servers off at a moment’s notice, suspend the domain names, shut us down?
Until recently we’ve known that we are slow on the edge, but we controlled all our own hardware, and we’ve not had the capacity to do much about it.
So over the last few days, I’ve taken the time to setup a bunch of edge nodes, migrate DNS away from third party providers, move domain name registrars.
The end result is that (with a few minor site interruptions) now we have our own CDN that we control all the way from DNS resolution until you hit the database on our dedicated servers. Your traffic is encrypted all the way through, our core infrastructure isn’t exposed to people who sniff around to see who they can try to report us and shut us down, nobody else can see your browsing it in transit, and for people not in or around Finland, it’s noticeably faster to load the site and click around.
To make sure you’re all fully informed, I’ll carefully disclose our decisions and new structure.
Firstly our edge servers are on Vultr and DigitalOcean. These 2 providers from our research seem to be quite neutral and non-politically aligned, and neither one by themselves can take us entirely down, and neither one of them are where our core infrastructure is located.
Secondly our edge locations have been carefully chosen to be regions that are outside jurisdictions where we can currently see political turmoil, overly zealous conservatism and fascist activity. We’ve chosen Toronto Canada, Sydney Australia, Amsterdam Netherlands and Frankfurt Germany as our edge node and DNS server locations.
Thirdly we’ve moved our domains into EuroDNS registrar to minimize the chance that the USA pressures companies to take action against our domains. EuroDNS is a large company headquartered in Luxembourg, and with no ties to the US itself, it’s parent company or any sibling companies, this gives us comfort that they can resist any political pressure which may be applied.
If there’s any interest in how we setup the infrastructure, let me know and I can make a separate technical post about it.
EDIT - here it is: https://lemmyverse.link/lemmy.blahaj.zone/post/36690717
I would love a technical post!
If I’m having intermittent connection issues recently where’s the best place for me to provide further details?
For those having issues (intermittently), it was likely due to some rate limiting problem I had with unwrapping forwarded IPs from some edge nodes.
Fixed now, so you should be good from now on, also for those in South America who had to transit all the way up to Canada, you now have an edge node in São Paulo that will be a little closer to home, and not have to squeeze through Miami transit.
works great now, thank you for your effort on this!!
If you can let me know what region you’re coming from, that will help (country if possible and you’re comfortable with that, and in a DM if you prefer)
I’m having the same problem with Piefed Blahaj right now, west coast USA. Sometimes it’s both PBZ and LBZ that perpetually try to load for me, and sometimes it’s just one or the other 🤷♂️
DM sent :) thanks!
And now Piefed is up
but I can’t see the earlier reply from my Lemmy account,if any of that is meaningful info. Thanks for your work regardless! o7edit: and there it is, literally seconds after I post, lol
Here. Or a DM to me or Kaity.
Or you can grab us on matrix if you use it
The amount of effort you must’ve put into the background research alone is incredible.
Thank you so much for your pre-emptive attempts to protect us.
this sounds really cool, but unfortunately, now receiving errors accessing from any carrier in my country, and my vpn provider is blocked too. only able to access via tor :( what’s the best way to look into that?
Hopefully fixed now. (see https://lemmy.blahaj.zone/comment/18602435)
Thanks. Kaity will have a poke around when she’s up and out of bed for the day and see what can be found
If you can let me know what region you’re coming from, that will help (country if possible and you’re comfortable with that, and in a DM if you prefer)
More technical details would be fantastic, this must have been a significant undertaking, from the resesrch to the implementation. I’d be glad to be able to learn from it.
This is awesome. Thank you for doing so much to protect people here.
You asked for it, so here it is:
Fuck yeah, this is awesome!
Sounds great, I’m a cloud engineer so if you need any more help I would be glad to.
Also would a non professional US edge node be possible?
I truly feel for all of you in the US at the moment. However in terms of hosting things, I’m staying right away from any place where the US government can come and seize, monitor or tap literally with zero effort or consequence.
So no, A US edge node is not possible.
You rock. Thank you so much.
I know very little networking wizardry, but id also love a technical post! This is cool stuff
The effort and work you put into making the best choices to keep people safe® is truly inspiring. I’ll add my voice to those who’d love to see a technical document but only if its not going to add substantially to your load.
awsome!!
Damn, nice
