Why Nostr Relays Should Avoid Using Cloudflare
Cloudflare is a controversial company to some, considering that they have taken steps to block sites and organizations that promote specific ideas or topics. While I am not supporting any of these organizations, there is a deeper issue with using Cloudflare in front of public relays. For people running personal ones, it does have the advantage of obfuscating your home IP address. But this post is focused on people providing general public relays.
One of Nostr's selling points is clients' decentralized (distributed?) architecture using relays. Relays help to avoid the centralization issue witnessed by Twitter, Facebook, and other social media companies. We build this whole decentralized architecture to put it behind a centralized company's network?
Some of the Biggest Relays Using Cloudflare for DNS/Proxying: – nostr.wine – relay.damus.io – relay.snort.social – X.nostr.land
The above is not an exhaustive list, but you can check your relays by going to a site like digwebinterface.com, choosing Type: NS, and checking Authoritative.
You can also choose Type: A and do an IPWhois.
Relayable.org will never use Cloudflare. However, we use cloud providers like Amazon Web Services (AWS). But the overall architecture allows us to quickly spin up Docker containers for a new relay and load up a copy of the DB in an automated fashion using Ansible and Terraform. Then it is a matter of repointing DNS to the new relay. Creating new relays can all be done in a couple of minutes, which makes the cloud or VPSs relays are running on not as much of an issue. Finally, we back up the DB offsite on safe harbors of encrypted storage.
I'm not encouraging people not to use the above relays. However, putting relays behind Cloudflare is not a feasible approach to a censorship-resistant network. It is a good idea to make sure you have a good mix of relays, with some (but not all) using Cloudflare.
I'd be glad to help any relay admins move off Cloudflare. We will add much more documentation on Relayable.org to be completely transparent in our configs, architecture, and operations.
Follow me on Twitter