> SSL is done on the cloud, not on the pi.

And then the third-party doctrine applies and they can tap you without a warrant and nail you for your private friend message board where you discussed smoking a joint or getting an abortion, if cloudflare complies. A main advantage of self-hosted in the home is supposed to be basic 4th amendment protections.

It's illegal for the federal or state gov to read US mail correspondence or tap phone lines without a warrant and should be for digital stuff too, but the third-party doctrine totally undercuts it.

You shouldn't need "cloudflared". You could setup a 486 on a ISDN line, serve traffic without worry of needing SSL, being DDoS'd and all the rest. The WWW has become so unsettled that it's now become a basic requirement of needing SSL & Cloudflare for a static webserver. Not dissing the tech but it all makes the overhead so much more complicated.

I used to run an IRCd on 56k where it would disconnect you after three hours. With two modems timed just right you could dial-back in to the ISP on the second modem just as the other disconnected and have about a near second of downtime with no connection loss. Some of the best Quake 3 servers I played on were on 56K; truely a magical expirence now lost.

I run my home site off a 3-node Kubernetes cluster with 16-core CPUs and some tens of GBs of RAM each, off a business-class Internet connection with a static IP, and I'm still under no pretense that some arbitrary new restriction on behalf of Internet vendors won't render my setup useless one day.

Looks good. I guess that doesn't put much workload into home routers, which I assume is the real bottleneck with FTTH connections.

You can stick the cloudflared tunnel exit on the machine doing the hosting then the router performance is largely irrelevant

Yea this works great!