Follow

I want to host a HTML file under a domain I own, without needing any central server/organization and without a static IP.

What are my options?

So far, IPFS seems the best. I can put my file on the decentralized network by running my own node and use a TXT DSN entry to point that to my domain (docs.ipfs.io/how-to/websites-o)

Any other alternatives?

I'm looking for something simpler and accessible (explaining IPFS, even for techy people, takes a lot).

boosts appreciated ✨

@graf

That depends on Cloudflare, right?

I want to avoid central servers / organizations like Cloudflare, GitHub pages etc. I'm looking for something as decentralized as possible.

@jonatasbaldin note that doing it this way makes gateway.ipfs.io a single point of failure for your website. If it goes down, your website goes down, and fixing that requires you to modify your DNS, which might take a while to propagate.

I am working on something that does a similar thing, but in client-side JS:
gitlab.com/rysiekpl/libresilie
samizdat.is/

I think combining these approaches could be a winner. Hit me up if you'd like to test it out.

@jonatasbaldin also, the `gateway.ipfs.io` CNAME thing relies on CNAME-at-apex-domain, which is non-standard and basically only supported by CloudFlare:
serverfault.com/questions/6138

@rysiek @jonatasbaldin At risk of sounding stupid, isn’t the requirement of “without any central server” inconsistent with the use of DNS? Or does that bit relate only to the web hosting?

@neil can't speak for @jonatasbaldin but I'd say for me that bit mainly relates to web hosting.

DNS is a more mature space with somewhat stricter rules and with way more resilient infrastructure (both in technical and political sense).

For example, DNS anycast cloud operators would not even *dream* of "blocking" a zone delegated by a registry they service. Web CDN operators do an almost exactly analogous thing for websites they front for on a regular basis.

@neil @jonatasbaldin DNS system is also way more technically resilient, on the whole.

DNS DDoSes happen, and sometimes they do create disruption, but the sheer size of traffic needed to disrupt DNS operations of any reasonably-sized provider for long enough to cause TTLs to lapse and create actual problems for end users is... orders of magnitude higher than traffic that brings down a standard WordPress site (if you have a WP site, link it on fedi and see it struggle).

@neil @jonatasbaldin finally, mitigations against certain (let's call them that) attacks are already deployed with DNS. DNS-level censorship is seriously threatened by DNS-over-HTTPS and DNSSEC, for instance. Both Chrome/Chromium and Firefox deployed DoH already, meaning that state-level DNS censorship is becoming difficult.

At the same time, state actors can now easily afford the hardware to do DPI on the (unencrypted!) TLS ClientHelo and thus just drop HTTPS requests that they don't like.

@neil @jonatasbaldin ...thus disrupting either the ability of a user to reach a blocked website, or even the ability of the CDN to reach the back-end (I have seen both in the wild).

Finally, cost of DNS hosting is non-existent. Cost of HTTPS hosting for a website that needs to be able to handle traffic spikes and DDoSes can rise surprisingly fast.

Perhaps I should blog about this? :thaenkin:

@rysiek

damn that's a lot of knowledge on DNS, you should totally write that down in a blog!

@neil I think that DNS is decentralized enough for the web and probably a must have to make websites accessible nowadays, so that would be a requirement for me

@jonatasbaldin @rysiek It’s a fun one, as nearly every web censorship system starts with DNS!

@neil @jonatasbaldin true, but DNS became less useful for that over the last few years I feel.

Of course if the registry/registrar decide to (or are forced to) take a website down, the website goes down. But that's also true for any provider of any service, web hosting included.

On the other hand, it became much harder to censor a site on DNS level *without* registry/registrar cooperation. Azerbaijans and UKs of this world can't just block/alter queries, since more and more of them go through DoH.

@neil @jonatasbaldin but of course that's just my take on it, I'm sure I'm missing something here!

@rysiek @jonatasbaldin I don’t know the percentage of queries which go over DoH (specifically to a DoH resolver which does not do filtering). I suspect it’s still pretty low in the U.K., but may be higher elsewhere.

@rysiek @neil @jonatasbaldin Yes, that's exactly what I am afraid of. Once DNS-based "censorship" doesn't work for "most" cases any more, they will resort to other (more extreme) measures.

DNS "censorship" is so easy to get around...

@__h2__ @neil @jonatasbaldin that ship has sailed quite a while ago.

Places like Kazakhstan had TLS ClientHelo-based blocking deployed 5 years ago already -- I know this from my own experience of trying to keep media websites up and available there.

@rysiek @neil @jonatasbaldin But incompetent European countries like Germany and Iceland still do DNS-based blocking 😅

@__h2__ @neil @jonatasbaldin honestly, I am more concerned about Kazakh's access to independent media and Brits' access to sexual education material and anorexia support sites, than about Icelanders' and Germans' access to torrent sites.

And I am a *huge* fan of torrent sites.

@rysiek @neil @jonatasbaldin I agree, of course. I was just taking the whiny-nerd perspective in these toots.

Politically, a DNS block is as bad as anything else if the majority of people don't know how to circumvent it.

@rysiek

got it!

what do you think of corporations pushing the boundaries of RFCs like that?

if you haven't told me, it would take a long time to realize that the combination of CNAME-apex-domain is only valid at Cloudflare

@jonatasbaldin it's a classic Embrace-Extend-Extinguish, and I have no love for it at all.

And what I find as problematic is FLOSS projects like IPFS buying into that and promoting that.

I think more providers are starting to support CNAME-at-apex, but that's going to cause pain:
isc.org/blogs/cname-at-the-ape

That's one of the reasons I started LibResilient - to have a website on IPFS without relying on DNS hacks or going through centralized gateways.

@jonatasbaldin yes, i think that's the best option!
another one could be hosting in tor via onionshare <onionshare.org/> but then for routing the domain you'd have to use a tor-to-clearnet proxy like onion.ws/

@jonatasbaldin The other options I know of are Dat & (if you loosen criteria slightly) Tor Hidden Services. But I don't think those work outside of unmodified web browsers.

The Tor recommendation only does away for the need for a static IP address, making it easier to host the site at home.

@alcinnz yeah, I want things to be accessible enough, you know?

a solution that could be as simple as GitHub pages or Netifly 🤔

@jonatasbaldin have you considered hypercore (A.k.a DAT)? hypercore-protocol.org/
It's the foundation of Beaker Browser.
I personally host my website on https, but also on IPFS and Hypercore.
The main problem with those two technologies is the need of a specific client wich is not common yet.
Anyway, someone has to use a tech to make it reach mainstream.

@j thanks, I'll check it out!

I like ur last phrase, on mainstream tech. I really hope I can find a solution as simple as GH pages or Netifly, but I believe we are a long way from that 😓

@jonatasbaldin
A proxy service, DYNDNS, Yggdrassil, Tor, or HyperSwarm

HyperSwarm is new to me and I haven't had a chance to read up on it. Here's where I first heard it mentioned:

youtu.be/_Bil4wRwXyM 3:20

install tor and run the web server as an onion service. there are tor2web gateways that can make the page easily available on the suckers' web
Sign in to participate in the conversation
 Indieweb.Social

INDIEWEB.SOCIAL is an instance focused on the #Openeb, #Indieweb, #Fediverse, #Mastodon #Selfsovereign #identity (#SSI), #Humanetech and #Calm technologies evolution.