BasedFlare - New Cloudflare-like service

stefeman

@fatchan said:

@stefeman said:

Can you just share your plugin version as "no lisence" separately? Should not be an issue as long as you dont bundle it. Otherwise this entire thing is pretty much unusable as intended.

I rather not do that publicly, it is technically copyright infringement and there are too many contributors on the repo to get all their permission. Eventually, I can release a freshly rewritten version. For now, it sounds like people were able to implement another DNS server anyway, see below. It just needs to read from redis after all, nothing special.

@Neoon said: It works, it gets a certificate but its unable to upload the certificate to haproxy.

Probably this is because the fetch call is passed agent which is a https agent, but your dataplaneapi url is http. You can try to remove it, or configure dataplaneapi to use https and add a certificate. You can set ALLOW_SELF_SIGNED_SSL=1 in env and use a self signed cert in dataplaneapi, or install a trusted certificate.

Would you be able to PM it to me? I wish to deploy this for LET/LES users only for free, and wont compete with you. Ideally i'd like to deploy the most compatible version with future updates as well from your git.

Neoon

@fatchan said:

@Neoon said: It works, it gets a certificate but its unable to upload the certificate to haproxy.

Probably this is because the fetch call is passed agent which is a https agent, but your dataplaneapi url is http. You can try to remove it, or configure dataplaneapi to use https and add a certificate. You can set ALLOW_SELF_SIGNED_SSL=1 in env and use a self signed cert in dataplaneapi, or install a trusted certificate.

I just edited agent.js for now and changed https to http.
Seems to be used for internal calls only anyway, so looks fine too me.

At some point I will switch it to https.

https works https://1.neoon.net/
However the bot page is kinda broken.

DNS Record management supported also.

Certs still stored locally in the DB, so you can just reuse them again, neat.

kait

@Neoon said: However the bot page is kinda broken.

What is broken about it?

Great work setting it up so fast. told you the DNS panel is amazing

Neoon

@kait said:

@Neoon said: However the bot page is kinda broken.

What is broken about it?

It works now, I switched it back to argon2.
Might be that I modified agent.js before, I should switch the rest to https internally.

kait

@Neoon said: It works now, I switched it back to argon2.

Hmm, I use sha256 at it works perfectly fine, argon2 also worked. So would be weird if that would be the issue. Hope you get it working

Neoon

@kait said:

@Neoon said: It works now, I switched it back to argon2.

Hmm, I use sha256 at it works perfectly fine, argon2 also worked. So would be weird if that would be the issue. Hope you get it working

It was more like a stuck, stale haproxy config.
It should not give you "Client sent an HTTP request to an HTTPS server."

Rather it should give you something like what it is currently.
"Error 1001" since I don't have that domain on CF but just point it to 1.1.1.1:80

https://1.neoon.net/
Like what it does right now.

I restarted haproxy but that won't fix it.
So I ended up rebooting the entire machine.

Worked.

I had 2 different backends added to a domain.
I clicked delete on one, booth vanished.

This results in a stuck haproxy config.
I checked /maps to see what haproxy has been configured with, could not find the stuck config there.

sillycat

@Neoon said: https works https://1.neoon.net/

> uses basedflare
> uses cloudflare

fatchan

@Neoon said: This results in a stuck haproxy config.
I checked /maps to see what haproxy has been configured with, could not find the stuck config there.

If you restarted haproxy twice it would have worked. Its a bug related to backends.map. Dataplaneapi is automatically syncing it to disk and this breaks the logic in one of the lua init functions. I forked dataplaneapi to allow excluding some maps (which is also important to prevent syncing of huuuge maps like geoip). See here: https://github.com/fatchan/dataplaneapi/blob/master/configuration/map_sync.go#L48

(Looks like i havent pushed my change that adds backends.map to that list, lol. Will update my fork tonight.)

Neoon

You forgot to mention that the cluster config is inside the mongodb.

The variable in the .env file never gets read.
Explains why my second server in the cluster never updated.

There is a cluster management for the db inside the Panel.

However you can add new clusters but you can't edit existing ones, which you need since your script reads only from the first element of the list.

Easily fixable with a smol python script though, works for now.

Turbo_Pascal

Is this still being worked on?

@stefeman said:

@fatchan said:
Thanks for the comments and criticism everybody.

Yes, the name will probably change but I think it's funny for now. I'm surprised people are so serious in thinking there is a political statement in the name. It's seriously a meme, don't think about it any deeper than that. Be like jmaxwell :^) Anyways, the website is incomplete and nothing is final. Currently I have some smaller websites testing it to find issues and make suggestions.

The goal is not to be a cloudflare competitor. They offer a free ($0) service, have bazillions of dollars of infrastructure, investment, and many many employees. This is built for a different purpose.

It's primarily a software project, with a few components:

• HAProxy with Lua to extend it for some L7 filtering capabilities and dataplaneapi for remote control of webservers
• CoreDNS with some forked plugins for geoDNS and reading records from redis for the nameservers
• Grafana, loki, etc for some statistics and logging
• A custom control panel for managing it One reason I started this project is that I often see people asking what is a good "free speech" hosting provider, domain registrar, etc. The answer is NONE. There is no such thing because even T1 providers can and will censor you without any court order, bypassing even the hosting provider themselves. See KiwiFarms for example. (Fun fact, Kiwifarms is using my haproxy-protection project linked in OP to protect their .onion site)

I wanted a system where I can quickly plug in dedicated servers/vms from anywhere and control them all in a single location for a sort of home grown CDN. With all components self-hosted. Its a best-effort approach for a hostile environment and I'm having fun with it

I'm trying to make a free version of this right now with no paid plans, ever.

It's pretty hard to get this up and running as tutorials are not as clear as I'd wish xD

I have roped in @Neoon today to solve it xD

Expect LES/LET free service thread later after I have set up plenty of infra and tested it prior with high traffic live sites.

stefeman

@Turbo_Pascal said:
Is this still being worked on?

@stefeman said:

@fatchan said:
Thanks for the comments and criticism everybody.

Yes, the name will probably change but I think it's funny for now. I'm surprised people are so serious in thinking there is a political statement in the name. It's seriously a meme, don't think about it any deeper than that. Be like jmaxwell :^) Anyways, the website is incomplete and nothing is final. Currently I have some smaller websites testing it to find issues and make suggestions.

The goal is not to be a cloudflare competitor. They offer a free ($0) service, have bazillions of dollars of infrastructure, investment, and many many employees. This is built for a different purpose.

It's primarily a software project, with a few components:

• HAProxy with Lua to extend it for some L7 filtering capabilities and dataplaneapi for remote control of webservers
• CoreDNS with some forked plugins for geoDNS and reading records from redis for the nameservers
• Grafana, loki, etc for some statistics and logging
• A custom control panel for managing it One reason I started this project is that I often see people asking what is a good "free speech" hosting provider, domain registrar, etc. The answer is NONE. There is no such thing because even T1 providers can and will censor you without any court order, bypassing even the hosting provider themselves. See KiwiFarms for example. (Fun fact, Kiwifarms is using my haproxy-protection project linked in OP to protect their .onion site)

I wanted a system where I can quickly plug in dedicated servers/vms from anywhere and control them all in a single location for a sort of home grown CDN. With all components self-hosted. Its a best-effort approach for a hostile environment and I'm having fun with it

I'm trying to make a free version of this right now with no paid plans, ever.

It's pretty hard to get this up and running as tutorials are not as clear as I'd wish xD

I have roped in @Neoon today to solve it xD

Expect LES/LET free service thread later after I have set up plenty of infra and tested it prior with high traffic live sites.

Yes it is. Im finalizing stuff, so this weekend or by monday hopefully.

dosai

@stefeman said:

@Turbo_Pascal said:
Is this still being worked on?

@stefeman said:

@fatchan said:
Thanks for the comments and criticism everybody.

Yes, the name will probably change but I think it's funny for now. I'm surprised people are so serious in thinking there is a political statement in the name. It's seriously a meme, don't think about it any deeper than that. Be like jmaxwell :^) Anyways, the website is incomplete and nothing is final. Currently I have some smaller websites testing it to find issues and make suggestions.

The goal is not to be a cloudflare competitor. They offer a free ($0) service, have bazillions of dollars of infrastructure, investment, and many many employees. This is built for a different purpose.

It's primarily a software project, with a few components:

• HAProxy with Lua to extend it for some L7 filtering capabilities and dataplaneapi for remote control of webservers
• CoreDNS with some forked plugins for geoDNS and reading records from redis for the nameservers
• Grafana, loki, etc for some statistics and logging
• A custom control panel for managing it One reason I started this project is that I often see people asking what is a good "free speech" hosting provider, domain registrar, etc. The answer is NONE. There is no such thing because even T1 providers can and will censor you without any court order, bypassing even the hosting provider themselves. See KiwiFarms for example. (Fun fact, Kiwifarms is using my haproxy-protection project linked in OP to protect their .onion site)

I wanted a system where I can quickly plug in dedicated servers/vms from anywhere and control them all in a single location for a sort of home grown CDN. With all components self-hosted. Its a best-effort approach for a hostile environment and I'm having fun with it

I'm trying to make a free version of this right now with no paid plans, ever.

It's pretty hard to get this up and running as tutorials are not as clear as I'd wish xD

I have roped in @Neoon today to solve it xD

Expect LES/LET free service thread later after I have set up plenty of infra and tested it prior with high traffic live sites.

Yes it is. Im finalizing stuff, so this weekend or by monday hopefully.

Are you forking and making changes?

FatGrizzly

@stefeman said:

@Turbo_Pascal said:
Is this still being worked on?

@stefeman said:

@fatchan said:
Thanks for the comments and criticism everybody.

Yes, the name will probably change but I think it's funny for now. I'm surprised people are so serious in thinking there is a political statement in the name. It's seriously a meme, don't think about it any deeper than that. Be like jmaxwell :^) Anyways, the website is incomplete and nothing is final. Currently I have some smaller websites testing it to find issues and make suggestions.

The goal is not to be a cloudflare competitor. They offer a free ($0) service, have bazillions of dollars of infrastructure, investment, and many many employees. This is built for a different purpose.

It's primarily a software project, with a few components:

• HAProxy with Lua to extend it for some L7 filtering capabilities and dataplaneapi for remote control of webservers
• CoreDNS with some forked plugins for geoDNS and reading records from redis for the nameservers
• Grafana, loki, etc for some statistics and logging
• A custom control panel for managing it One reason I started this project is that I often see people asking what is a good "free speech" hosting provider, domain registrar, etc. The answer is NONE. There is no such thing because even T1 providers can and will censor you without any court order, bypassing even the hosting provider themselves. See KiwiFarms for example. (Fun fact, Kiwifarms is using my haproxy-protection project linked in OP to protect their .onion site)

I wanted a system where I can quickly plug in dedicated servers/vms from anywhere and control them all in a single location for a sort of home grown CDN. With all components self-hosted. Its a best-effort approach for a hostile environment and I'm having fun with it

I'm trying to make a free version of this right now with no paid plans, ever.

It's pretty hard to get this up and running as tutorials are not as clear as I'd wish xD

I have roped in @Neoon today to solve it xD

Expect LES/LET free service thread later after I have set up plenty of infra and tested it prior with high traffic live sites.

Yes it is. Im finalizing stuff, so this weekend or by monday hopefully.

Gang up with @FlorinMarian

Neoon

@Turbo_Pascal said:
Is this still being worked on?

I still wait on some fixes, that can brick haproxy.
I would not use that in "production" yet.

I got it working (https://1.neoon.net), posted the guides and scripts.
But yea, still have to make a working guide for the Panel install.

FlorinMarian

@FatGrizzly It looks good but I can say that the ETA is useless because both on Desktop and on mobile devices the time increases and decreases until the puzzle is solved, I think it would be better to replace the message with something like "We will immediately connect you to the desired page.. ."

BilohBucks

Any updates? I would deploy it on my server to test it how it works

sillycat

@BilohBucks said:
Any updates? I would deploy it on my server to test it how it works

https://gitgud.io/fatchan/haproxy-protection/

fatchan

@sillycat said:

@BilohBucks said:
Any updates? I would deploy it on my server to test it how it works

https://gitgud.io/fatchan/haproxy-protection/

Also the control panel: https://gitgud.io/fatchan/haproxy-panel-next/

You can dm me for any help or questions :^)

endercat

Oh, it doesn't seem to welcome me, shouldn't there be a selection box here to verify that I am human? It directly refused my access

Fubukibox

@endercat said:
Oh, it doesn't seem to welcome me, shouldn't there be a selection box here to verify that I am human? It directly refused my access

Have you checked that you used a different browser like FF or a different chrome browser? Incognito mode?

Fubukibox

Been lurking on this thread for a while and still configuring mine on a LXC container on my homelab anyways. I could have misconfigured something in the config for it to loop fail or something. Eh anyways I'll try to fix that later

Turbo_Pascal

Sorry if this has been answered already, but does this service aim to hide web host IP addresses in the manner of Cloudflare's DNS proxies? (I know this might be a dumb question but I'm asking anyway.)

@Fubukibox said: Have you checked that you used a different browser like FF or a different chrome browser? Incognito mode?

It would be helpful to know whether private browsing modes are allowed. Is incognito browsing possibly forbidden here?

My workflow depends on accessing web-based services within the guest mode of a Chromebook.

Neoon

@Turbo_Pascal said:
Sorry if this has been answered already, but does this service aim to hide web host IP addresses in the manner of Cloudflare's DNS proxies? (I know this might be a dumb question but I'm asking anyway.)

@Fubukibox said: Have you checked that you used a different browser like FF or a different chrome browser? Incognito mode?

It would be helpful to know whether private browsing modes are allowed. Is incognito browsing possibly forbidden here?

My workflow depends on accessing web-based services within the guest mode of a Chromebook.

Its essentially a reverse proxy, so yes.
I still got my demo running https://1.neoon.net/ it points to 1.1.1.1 but you can't tell if it wasn't a CF error site.

Turbo_Pascal

Is this link supposed to demonstrate a failure of access? That's what it looks like every time I follow it. Based on your IP address provided, I'm guessing it's a little like pointing to 192.0.2.1.

@Neoon said: I still got my demo running https://1.neoon.net/ it points to 1.1.1.1

Neoon

@Turbo_Pascal said:
Is this link supposed to demonstrate a failure of access? That's what it looks like every time I follow it. Based on your IP address provided, I'm guessing it's a little like pointing to 192.0.2.1.

@Neoon said: I still got my demo running https://1.neoon.net/ it points to 1.1.1.1

I fucked around with gdnsd, it does point to 1.1.1.1 if it can't resolve the origin IP.
Especially if you request via IPv6, the .mmdb does not have any IPv6 entries.

The fallback is to 1.1.1.1
edit: Should be disabled, however probably takes time to clear

fatchan

@endercat said:

Some countries are blocked on my instance

@Turbo_Pascal said: Sorry if this has been answered already, but does this service aim to hide web host IP

Yes

@Turbo_Pascal said: would be helpful to know whether private browsing modes are allowed. Is incognito browsing possibly forbidden here?

They are allowed