🌫️✨ `Spaces`: Support a WAF or proxy for a Space

[anaulin]

• https://github.com/zinc-collective/convene/issues/1154

From a conversation setting up new spaces for client ZTN:

I use Cloudflare on the front-end and while Cloudlfare recommends using the "Flexible" encryption setting, however when attempting to sign in with the "Flexible" encryption setting it would respond with a 422 (I can get more logs if you'd like). If I switch to "Full" it works temporarily, and then starts throwing an error that the SSL certificate is not valid after a short period of time (About 15m). If I disable Cloudflare's proxy completely everything works as expected. I think it's fine for now for me to leave the domains with Cloudflare proxying off; but it would be nice if a WAF/Proxy worked with Convene out of the box.

[zspencer]

From a distribution-of-effort/competence perspective; it would be lovely if the CDN/WAF is something the Neighborhood provides to Clients, rather than something they set up on their own. That said,

Ideally, this would work on any Space, regardless of whether they have a Domain or not.

Theoretically, Cloudflare-for-SaaS offers 100 hostnames on a shared Cloudflare account; and $.10 per additional hostname.

That said, Cloudflare is... not values aligned in the slightest; but the other main competitors (Fastly, Cloudfront, Akami) are also ... not ideal.

TL/DR: I would be stoked for this personally; but I don't think it's urgent and there are ethical questions we may want to consider before investing in automation and implementation.