Closed xbdmHQ closed 1 year ago
github-actions[bot]
commented
1 year ago Hello! Your instance has been added to our monitoring system: https://stats.uptimerobot.com/89VnzSKAn/794478524 You need to wait 30 days before we add your instance, this is to evaluate that your instance will keep a good uptime for one month.
Make sure you double checked all the mandatory checks or this will slow down the process of adding your instance!
unixfox
commented
1 year ago About cloudflare, just so you are aware, technically under their terms it's not allowed to serve invidious behind their CDN: https://blog.cloudflare.com/updated-tos/
We at invidious do not care what you do with cloudflare as long as you follow our rules, but I just wanted to let you know.
xbdmHQ
commented
1 year ago About cloudflare, just so you are aware, technically under their terms it's not allowed to serve invidious behind their CDN: https://blog.cloudflare.com/updated-tos/
We at invidious do not care what you do with cloudflare as long as you follow our rules, but I just wanted to let you know.
I read it and I don't see it mention invidious?, And hosting it online without a CDN with serving content like videos etc is a bandwidth hog look at rumble, twitch, YouTube, all use CDN to reduce cost and bandwidth. I understand about the SearXNG no need to put it behind cloudflare, but now it will be unprotected to ddos, bots, etc. If you telling me to remove cloudflare on a video streaming frontend probably most stupid thing to do.
xbdmHQ
commented
1 year ago But i respect all cloudflare rules and invidious rules, It's been up for 2 months now so its fine. My account with cloudflare is pretty og and they know me in their discord server, I also have a proxy server so it won't get dmca notice takedown so it's all good
unixfox
commented
1 year ago From the blog:
Video and large files hosted outside of Cloudflare will still be restricted on our CDN
From https://blog.cloudflare.com/updated-tos/
See more in https://old.reddit.com/r/selfhosted/comments/13j4pft/goodbye_section_28_and_hello_to_cloudflares_new/
Like I said, we do not care what you do with cloudflare, we will allow your instance whenever it is on cloudflare or not, the invidious rules are not the same as SearXNG. I'm just letting you know that according to their rules, hosting invidious through cloudflare is not allowed.
(It's not because I'm also on searxng that it's the same people and rules behind.)
Please edit your messages, instead of creating new messages.
xbdmHQ
commented
1 year ago I also a 100% green renewal energy guy and privacy.
Hetzner & Cloudflare both are green renewal and help protect the earth: https://blog.cloudflare.com/understand-and-reduce-your-carbon-impact-with-cloudflare/ https://blog.cloudflare.com/cloudflare-committed-to-building-a-greener-internet/
But, add it my instance is ready for invidious. Cloudflare protects hack forums, proxies sites, scrapers, etc. I doubt they will remove a privacy youtube frontend that i don't upload or host content on, and even then the proxy server is setup to avoid dmca too...
xbdmHQ
commented
1 year ago You can add it
unixfox
commented
1 year ago You can add it
See above: https://github.com/iv-org/documentation/issues/402#issuecomment-1571294419
unixfox
commented
1 year ago Please remove any tracking related to that:
/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.jsPlease remove any tracking related to that:
/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Rocket Loader™ Improve the paint time for pages which include JavaScript.
EDIT: It is removed!
unixfox
commented
1 year ago Tracking still in place:
<script>(function(){var js = "window['__CF$cv$params']={r:'7eb47d6e19e53c74'};_cpo=document.createElement('script');_cpo.nonce='',_cpo.src='/cdn-cgi/challenge-platform/scripts/invisible.js',document.getElementsByTagName('head')[0].appendChild(_cpo);";var _0xh = document.createElement('iframe');_0xh.height = 1;_0xh.width = 1;_0xh.style.position = 'absolute';_0xh.style.top = 0;_0xh.style.left = 0;_0xh.style.border = 'none';_0xh.style.visibility = 'hidden';document.body.appendChild(_0xh);function handler() {var _0xi = _0xh.contentDocument || _0xh.contentWindow.document;if (_0xi) {var _0xj = _0xi.createElement('script');_0xj.innerHTML = js;_0xi.getElementsByTagName('head')[0].appendChild(_0xj);}}if (document.readyState !== 'loading') {handler();} else if (window.addEventListener) {document.addEventListener('DOMContentLoaded', handler);} else {var prev = document.onreadystatechange || function () {};document.onreadystatechange = function (e) {prev(e);if (document.readyState !== 'loading') {document.onreadystatechange = prev;handler();}};}})();</script><script defer src="[https://static.cloudflareinsights.com/beacon.min.js/v2cb3a2ab87c5498db5ce7e6608cf55231689030342039](view-source:https://static.cloudflareinsights.com/beacon.min.js/v2cb3a2ab87c5498db5ce7e6608cf55231689030342039)" integrity="sha512-DI3rPuZDcpH/mSGyN22erN5QFnhl760f50/te7FTIYxodEF8jJnSFnfnmG/c+osmIQemvUrnBtxnMpNdzvx1/g==" data-cf-beacon='{"rayId":"7eb47d6e19e53c74","version":"2023.4.0","r":1,"token":"ffa23e58de0842a39b3550cece6c9892","si":100}' crossorigin="anonymous"></script>Tracking still in place:
<script>(function(){var js = "window['__CF$cv$params']={r:'7eb47d6e19e53c74'};_cpo=document.createElement('script');_cpo.nonce='',_cpo.src='/cdn-cgi/challenge-platform/scripts/invisible.js',document.getElementsByTagName('head')[0].appendChild(_cpo);";var _0xh = document.createElement('iframe');_0xh.height = 1;_0xh.width = 1;_0xh.style.position = 'absolute';_0xh.style.top = 0;_0xh.style.left = 0;_0xh.style.border = 'none';_0xh.style.visibility = 'hidden';document.body.appendChild(_0xh);function handler() {var _0xi = _0xh.contentDocument || _0xh.contentWindow.document;if (_0xi) {var _0xj = _0xi.createElement('script');_0xj.innerHTML = js;_0xi.getElementsByTagName('head')[0].appendChild(_0xj);}}if (document.readyState !== 'loading') {handler();} else if (window.addEventListener) {document.addEventListener('DOMContentLoaded', handler);} else {var prev = document.onreadystatechange || function () {};document.onreadystatechange = function (e) {prev(e);if (document.readyState !== 'loading') {document.onreadystatechange = prev;handler();}};}})();</script><script defer src="[https://static.cloudflareinsights.com/beacon.min.js/v2cb3a2ab87c5498db5ce7e6608cf55231689030342039](view-source:https://static.cloudflareinsights.com/beacon.min.js/v2cb3a2ab87c5498db5ce7e6608cf55231689030342039)" integrity="sha512-DI3rPuZDcpH/mSGyN22erN5QFnhl760f50/te7FTIYxodEF8jJnSFnfnmG/c+osmIQemvUrnBtxnMpNdzvx1/g==" data-cf-beacon='{"rayId":"7eb47d6e19e53c74","version":"2023.4.0","r":1,"token":"ffa23e58de0842a39b3550cece6c9892","si":100}' crossorigin="anonymous"></script>
You clearly don't know, how Cloudflare works, and you are trying to degrade my security, if that is the case just decline and close this issue. Most of other instances has CVEs vulnerabilities found.
TheFrenchGhosty
commented
1 year ago Hello, 4 things:
Cloudflare doesn't inject any javascript for its DDoS protection to work, you are either miss-understanding how it works, or are lying on purpose.
You are trying to defend Cloudflare "Cloudflare protects hack forums, proxies sites, scrapers, etc." while forgetting that Cloudflare is one of the biggest spyware company. Which is ironic since you're using it on a software made primarily for a better privacy.
Your are loading: https://static.cloudflareinsights.com/beacon.min.js - cloudflareinsights.com is Cloudflare's tracking domain. beacon.js is the main tracker loader.
You are injecting JavaScript, none of this JavaScript is in https://github.com/WhateverItWorks/invidious-reworked - what you are doing is effectively an AGPL violation. Moreover none of this tracking JavaScript is mentioned anywhere, which also makes it a GDPR violation.
You are also arbitrarily blocking users:
I wont go into it more than that, since you seem to have no desire to discuss it and would rather imply things out of the people who develop the software you're using "You clearly don't know, how Cloudflare works, and you are trying to degrade my security".
Good bye.
3045
commented
1 year ago ... I wont go into it more than that, since you seem to have no desire to discuss it and would rather imply things out of the people who develop the software you're using "You clearly don't know, how Cloudflare works, and you are trying to degrade my security".
Good bye.
I apologise if that sounds as if it is the tone of my friend here, but English is not his first language and he might sound like he is being smug or dismissive. I want to address some of the points that have been made in your reply (and further, the thread itself)
- Cloudflare doesn't inject any javascript for its DDoS protection to work, you are either miss-understanding how it works, or are lying on purpose.
Whilst this is true, Cloudflare does use an invisible JavaScript to determine the risk score for clients with Bot Fight Mode turned on (see https://community.cloudflare.com/t/how-to-get-rid-of-scripts-invisible-js/362087/3)
- Your are loading: https://static.cloudflareinsights.com/beacon.min.js - cloudflareinsights.com is Cloudflare's tracking domain. beacon.js is the main tracker loader.
This is indeed a merit of a user selectable option, which should be disabled.
This also addresses your last point about the AGPL violation. Whilst I do not give a shit, you clearly do and a solution has been found.
You are also arbitrarily blocking users: ...
I can confirm this happens when my VPN is turned on too which looks to be down to some sort of blocklist.
I apologise myself if I sound rude or dismissive, however you said "Good bye" without even attempting to formulate a solution, I hope you both can work towards getting this resolved.
URL
https://yt.whateveritworks.org
Mandatory checks
/api/v1/stats) are enabledMaintainer chart
Host country
Germany
Man in the Middle
Cloudflare
Source code URL
https://github.com/WhateverItWorks/my-invidious-docker-compose
Analytics
Additional information
WhateverItWorks is commited to providing a private service to combat this censored internet we are living in.