i love how You are progressively moving closer and closer to a proper enterprise setup. There is a real lack of beginner-friendly content on this type of stuff. New JS/TS type developers rarely get exposed to this kind of thing. You are doing great work.
cloudflare seems pretty interesting as a substitute to aws. Idk why aws don't have a bill limiting for people who just want to learn, test things and build side projects
Yeah true. I think they might just be hoping people incur larger bills than intended, and make extra money off those people. I would assume they have to deal with lots of charge backs though, so I don't know if that would be a net gain.
@@Dom-zy1qy They're very forgiving for small projects and will usually give you a refund like in Cody's case, I don't think they're actively trying to make an extra buck here.
Now that I think more about it maybe aws don't want to attract side project people or don't want to invest on it. For enterprise these problems aren't really problem they'll just buy a WAF plan.
Thank you for keeping us updated! I subbed since the original ddos attack. I was paranoid about this for my own projects, and then came across your videos!
It would be nice to see a mindmap, flowchart, etc. of the various possibilities of deployment. I've more familiarity with k8s and oddly enough most people think it's difficult but that's my biggest frame of reference because it's so easy to set up a new ingress, service and deployment for me now. I think these videos where you give a wide view of these topics are the most helpful for me at least.
When I worked for Amazon they seemed to have a pretty forgiving policy for people who accidentally used more than they thought they would. I would try talking to their customer service and seeing if you could get a refund for the high usage. Edit: that'll teach me to watch to the end before commenting 😅
They’ve said they would refund the charges. But going forward I’ve decided I’d rather just have my entire application die if I accidentally misconfigured something rather than to have to hope the hosting company will refund me before I need to declare bankruptcy 😂
5:50 most important advice for all. Be aware of unexpected costs if you don't setup correctly and not use the RIGHT tool for your project. It's pretty stressful to get $1.000 bill for nothing.
Have you played around with cloudflare workers? Looks like they've got everything I need to build an app these days, DB, queues/crons and serverless functions.
Hey Cody! I'm trying to set this up as well but running into some issues and I'm not sure what I'm doing wrong. Any chance you could do a quick tutorial from start to finish on this when you have some time?
Great video, a nice niche of tutorial content that really missing; moving from local dev env to real world deployment issues. At least vercel now added hard cap project pausing instead of the custom webhook being the only way to cancel.
Would Cloudflare tunnels work for projects deployed in Vercel (or similar services)? I currently have a project setup with a Cloudflare proxy after seeing your original DDOS video but this seems much more secure
I wouldn’t worry about it; if you have your app private and through cloudflare, it’s protected. Also I’d recommend setting up a waf rate limit rule so no one ip can hit your app over and over again
Ddos is a concern for anything that is charge per use. I’d personally add rate limiting to any api. Luckily an api usually requires auth which means you can easily ban anyone abusing and track by userId instead of ip.
Hey Cody, Can you clarify the stack you're using to avoid DDOS and secure your service for you site (Ex): - Hosting in Railway (No public access - Only private) - Secured your hosting with Cloudfared (Tunnel in Railway as service) - On cloudflare side, what do you have? Thanks a lot.
Cloudflare, point your domain to cloudflare and point cloudflare to your amplify distribution hostname probably. Although, if there isn’t a way to prevent traffic to your default amplify hostname, someone might still be able to hit your underlying distribution
@@WebDevCody cloudflare is asking for ipv4 for root domain and it doesn’t seem to support ALIAS like in Route53, is there any work around to make CloudFlare support amplify hosted link for root domain?
I think it kind of acts like your reverse proxy. You have the tunnel point directly to your running service on the machine. Meaning you don’t need caddy or nginx to setup certs or point to your service. You can still keep ssh enabled for your ip on the machine, but you don’t need to have open http ports I believe
Cloudflared CLI basically starts a reverse proxy (you can configure which domain goes to which address, if you run a VM, you use localhost:$PORT, Cody used Railway which starts up a second machine, that acts as a reverse proxy and routes to internal address), but you don't need to open http port on the machine, because you create a reverse tunnel (connect from the machine to cloudflare instead of cloudflare connecting to you), which minimizes the chance of you fucking something up. It's the same thing as ngrok or localtunnel basically, but meant for production instead of development.
Why is Railway so cheap compared to other services, offering 8GB and 8vCPU for $5/month, while you get only 512MB and 1vCPU with Digital Ocean's droplet for a similar cost?
Newer company trying to get customers probably. Also their bandwidth charges are 10x DO at $.10 a GB where DO is $.01 a GB. So maybe that cost difference let’s them provide more compute for less
As a freelance systems administrator, a little known secret of the hosting industry I had to find out is that X vCPUs can mean X amount of threads you have access to. The thing is, those threads are shared. Example: At some points you may be able to get 95% access to those threads, and at other times only 10%, effectively limiting your performance. Hence why virtual dedicated server (VDS) is a term but poorly used because some companies think a VPS and VDS are the same thing. Not accusing railway of anything because I have no evidence, but that's been my experience in the past with cheaper hosting services.
I'm not sure if it's me misunderstanding at this stage as I see lots of people taking that from their pricing page, but that doesn't seem to be the case - I feel like the railway pricing is quite confusing From what I can tell, they don't include 8GB and 8 CPU for $5/month - you are allowed to allocate up to 8GB and 8 CPU per service on the Hobby plan and the $5/month gives you $5 of usage. I have a small PHP app using 0.1 CPU and ~500MB ram including database - this comes to $6 last month (only recently moved so can't tell if I'm going to get charged yet) As it's usage-based pricing, If you used 8GB and 8 CPU you'd be charged $240 a month according to their pricing page
First of all first time commenting on to you keep up man lately discovered your great content 🫡secondly What I am currently curious about is after blocking public access did you remove the rate limits ?
i love how You are progressively moving closer and closer to a proper enterprise setup. There is a real lack of beginner-friendly content on this type of stuff. New JS/TS type developers rarely get exposed to this kind of thing. You are doing great work.
this type of thumbnails are far more interesting than recent ones
True, but they don’t get as many views 🤷♂️
@@WebDevCody use any just here for the knowledge ❤
In the Unix world, programs ending in d are usually daemons (like sshd, smbd, etc)
🧐 good observation
cloudflare seems pretty interesting as a substitute to aws. Idk why aws don't have a bill limiting for people who just want to learn, test things and build side projects
Yeah true. I think they might just be hoping people incur larger bills than intended, and make extra money off those people. I would assume they have to deal with lots of charge backs though, so I don't know if that would be a net gain.
@@Dom-zy1qy They're very forgiving for small projects and will usually give you a refund like in Cody's case, I don't think they're actively trying to make an extra buck here.
Now that I think more about it maybe aws don't want to attract side project people or don't want to invest on it. For enterprise these problems aren't really problem they'll just buy a WAF plan.
Thank you for keeping us updated! I subbed since the original ddos attack. I was paranoid about this for my own projects, and then came across your videos!
I feel so happy you saw my comment and even made a video about it haha!
I see all comments 😜 thanks for pointing it out
Thanks a lot ❤, I was able to setup a tunnel for my server running on digital ocean droplet using docker environment. Thanks for being my mentor ❤
More of this please! Great content!
It would be nice to see a mindmap, flowchart, etc. of the various possibilities of deployment. I've more familiarity with k8s and oddly enough most people think it's difficult but that's my biggest frame of reference because it's so easy to set up a new ingress, service and deployment for me now. I think these videos where you give a wide view of these topics are the most helpful for me at least.
Great video! I didn't realize how simple it was to setup cloudflare tunnels. Subbed!
Thank you Cody! I'm making a side project and I'm going to do this exactly
Genuinely cool content. Awesome to be along for the journey
When I worked for Amazon they seemed to have a pretty forgiving policy for people who accidentally used more than they thought they would. I would try talking to their customer service and seeing if you could get a refund for the high usage.
Edit: that'll teach me to watch to the end before commenting 😅
They’ve said they would refund the charges. But going forward I’ve decided I’d rather just have my entire application die if I accidentally misconfigured something rather than to have to hope the hosting company will refund me before I need to declare bankruptcy 😂
@@WebDevCody I 100 percent agree. I got a 2.5G up/down connection to my house recently so my hosting fees are paid upfront 🎉
amazing little series here, thanks so much!
at 1:01 u mentioned bandwith, do both incoming and outgoing charge money? or its only specific to outgoing?
Never knew about this, super helpful video. Thanks for sharing.
very interesting I had no idea this was possible. thanks for covering it !
Thanks a lot on so many video about infra...Im learning a lot your channel
5:50 most important advice for all. Be aware of unexpected costs if you don't setup correctly and not use the RIGHT tool for your project. It's pretty stressful to get $1.000 bill for nothing.
Have you played around with cloudflare workers? Looks like they've got everything I need to build an app these days, DB, queues/crons and serverless functions.
You get charged by the number of requests. Be careful with that.
don't go serverless, rather learn how to use linux w docker, much better in the long run and is more marketable
I’m moving away from serverless for my side projects. I don’t need infinite scaling
@@yarmgl1613 I usually do these for my projects, but how do I make them public? For atleast some users on them.
Good job love! I see someone already took my “good job babe” lol we are all vying to be your babe 😂❤
You’re the OG. They’ll never have anything over you babe
Hey Cody! I'm trying to set this up as well but running into some issues and I'm not sure what I'm doing wrong. Any chance you could do a quick tutorial from start to finish on this when you have some time?
Are you trying to apply it with next JS or something else?
Thank you for sharing!
Can you please make a series tutorial about cloudflare workers , such as building a website by using cloudflare workers.
was just about to write that on your other video :-) Thnx for you videos tho
R2 is definitely the future
would love to see a video about cf rules and stuff as well
Great video, a nice niche of tutorial content that really missing; moving from local dev env to real world deployment issues.
At least vercel now added hard cap project pausing instead of the custom webhook being the only way to cancel.
can you make a video on comparing S3 VS R2?
Looking forward to the s3 compatible R2 setup!
Would Cloudflare tunnels work for projects deployed in Vercel (or similar services)? I currently have a project setup with a Cloudflare proxy after seeing your original DDOS video but this seems much more secure
Since you are moving away from serverless are you also moving away from event driven architecture? (Sqs, sns, etc) and dynamodb
i was looking for someone to explain cloudflare and found your channel.I cant access your thumnail critique website for some reason.
good share again Cody
Thank you so much.
How do I test this kind of DDoS protection setup? Can I perform an attempted DDoS attack on my own service to see if it is indeed blocked?
I wouldn’t worry about it; if you have your app private and through cloudflare, it’s protected. Also I’d recommend setting up a waf rate limit rule so no one ip can hit your app over and over again
Thank you
Is DDoS a concern of yours regarding Convex?
Ddos is a concern for anything that is charge per use. I’d personally add rate limiting to any api. Luckily an api usually requires auth which means you can easily ban anyone abusing and track by userId instead of ip.
can this integrate with Vercel?
could you do a JavaScript challenges using codewars
Hey Cody,
Can you clarify the stack you're using to avoid DDOS and secure your service for you site (Ex):
- Hosting in Railway (No public access - Only private)
- Secured your hosting with Cloudfared (Tunnel in Railway as service)
- On cloudflare side, what do you have?
Thanks a lot.
Cloudflare I setup rate limits and inside my app I added various rate limits to all endpoints that hit my database. Database is also on railway
@WebDevCody what if you do a video talking about all together?
I've been following you and the way you express is very clear, thanks a lot
Does it work for SSE and http streaming?
I wouldn’t see why they wouldn’t
I’m currently using Route 53 with Amplify to host my Nextjs app. Do you have any suggestions for ddos prevention in this setup?
Cloudflare, point your domain to cloudflare and point cloudflare to your amplify distribution hostname probably. Although, if there isn’t a way to prevent traffic to your default amplify hostname, someone might still be able to hit your underlying distribution
@@WebDevCody cloudflare is asking for ipv4 for root domain and it doesn’t seem to support ALIAS like in Route53, is there any work around to make CloudFlare support amplify hosted link for root domain?
then does it mean vercel is good since they have DDOS mitigation.
Idk I thought aws had DDoS mitigation but here I am with a $1500 bill. I know vercel uses aws under the hood 🤷
One 👏of 👏 us 👏 one 👏 of 👏 us 👏
So tunnel is before reverse proxy? Can you still ssh into vps with ip address of vps?
I think it kind of acts like your reverse proxy. You have the tunnel point directly to your running service on the machine. Meaning you don’t need caddy or nginx to setup certs or point to your service. You can still keep ssh enabled for your ip on the machine, but you don’t need to have open http ports I believe
Cloudflared CLI basically starts a reverse proxy (you can configure which domain goes to which address, if you run a VM, you use localhost:$PORT, Cody used Railway which starts up a second machine, that acts as a reverse proxy and routes to internal address), but you don't need to open http port on the machine, because you create a reverse tunnel (connect from the machine to cloudflare instead of cloudflare connecting to you), which minimizes the chance of you fucking something up. It's the same thing as ngrok or localtunnel basically, but meant for production instead of development.
Love you babe
Aht aht aht ☝🏿 I don’t share like that lol 😅
🙌
Why is Railway so cheap compared to other services, offering 8GB and 8vCPU for $5/month, while you get only 512MB and 1vCPU with Digital Ocean's droplet for a similar cost?
Newer company trying to get customers probably. Also their bandwidth charges are 10x DO at $.10 a GB where DO is $.01 a GB. So maybe that cost difference let’s them provide more compute for less
As a freelance systems administrator, a little known secret of the hosting industry I had to find out is that X vCPUs can mean X amount of threads you have access to. The thing is, those threads are shared.
Example: At some points you may be able to get 95% access to those threads, and at other times only 10%, effectively limiting your performance. Hence why virtual dedicated server (VDS) is a term but poorly used because some companies think a VPS and VDS are the same thing.
Not accusing railway of anything because I have no evidence, but that's been my experience in the past with cheaper hosting services.
I'm not sure if it's me misunderstanding at this stage as I see lots of people taking that from their pricing page, but that doesn't seem to be the case - I feel like the railway pricing is quite confusing
From what I can tell, they don't include 8GB and 8 CPU for $5/month - you are allowed to allocate up to 8GB and 8 CPU per service on the Hobby plan and the $5/month gives you $5 of usage.
I have a small PHP app using 0.1 CPU and ~500MB ram including database - this comes to $6 last month (only recently moved so can't tell if I'm going to get charged yet)
As it's usage-based pricing, If you used 8GB and 8 CPU you'd be charged $240 a month according to their pricing page
Thank you, I didn't know that@@ikanexus
Thank you, I didn't know that.@@ikanexus
Can you please be my mentor🙏🙏🙏🙏🙏🙏🙏🙏
First of all first time commenting on to you keep up man lately discovered your great content 🫡secondly What I am currently curious about is after blocking public access did you remove the rate limits ?
No I kept rate limits on