Next step: hosting everything on Raspberry PI 5 in your room.

@WebDevCody

2 ай бұрын

Let’s go!

@PASTRAMIKick

2 ай бұрын

unironically yeah

Babe wake up the daily Web Dev Cody DDOS video just dropped

@kathenae

2 ай бұрын

😂😅

@SeibertSwirl

2 ай бұрын

Oh god I hope this doesn’t become a daily thing, I will have to start up an onlyfans 😅

Digital ocean DDOSed you because of your "Why I'd never host my apps on a VPS" video.

@WebDevCody

2 ай бұрын

probably 🤣

@AndrieMC

2 ай бұрын

isnt aws vps stuf

@yassinesafraoui

2 ай бұрын

Makes sense it's their style

@rdrbsquknibetsap2559

2 ай бұрын

Just get a ddos protected VPS from OVH, Path you can find providers easily. (Ex. Vibegames path) Which will basically make the server not be able to be hit on L4 and also better specs then Digital Ocean.

@3ventic

2 ай бұрын

@@AndrieMC if you use AWS for VPS (ec2 as they call it) alone, you probably shouldn't be using AWS.

Switching to a VPS with Cloudflare for DOS protection sounds like a smart move to avoid hefty charges. Your step-by-step guide makes it much easier for others to follow suit. Appreciate the insights!

@redetermine

2 ай бұрын

Chatgpt ahh comment

If its just for side projects, its a lot easier having your service go down and just rebooting it all back up rather than paying a hefty bill. Cloud is strictly for high traffic businesses in my opinion. Plus you learn so much more setting up your own VPS and securing it yourself.

@rand0mtv660

2 ай бұрын

True. I think it's great knowing how to run a node/go/whatever app and setup nginx or caddy to proxy to it. You realize how much you can do and what problems those managed services actually solve for you. Also in some enterprise cases you cannot just deploy to whatever cloud service and must deploy on premises or are potentially only allowed into VMs so having this knowledge is beneficial.

This is wild, thank you for sharing these videos with us. Happy to see you got things resolved!

I don't know why anyone would waste time DDOSing your system. You're just a nice guy posting fun educational videos. I am probably to lazy to come up with a reason.

@WebDevCody

2 ай бұрын

sometimes a DDoS attack is just random; someone finds an open machine after scanning ip addresses and attacks it; but yes this seems targeted 🤣

@dr.lazysloth3415

2 ай бұрын

@@WebDevCodyye maybe it's just random but it feels targeted from your point of view. It does increase the potential revenue of amazon or cloudflare which might benefit the attacker. Don't know if you can just change the IP..

@rahultech77

2 ай бұрын

Dude I feel the attacker wants to DDos protect their app, so wants a tutorial from Cody for it 😂

@dr.lazysloth3415

2 ай бұрын

@@rahultech77 that’s probably it 😆

@JamesJGoodwin

2 ай бұрын

Hackers and script kiddes (especially) loves attention

Thank you for sharing this! These couple of videos have been really useful. Great content

Thank you for sharing all these videos, been insightful especially as I am looking to move from Vercel to AWS and some of these issues I never thought of.

This is starting to be a series, But this content is very real and educational

Nice to follow your journey. Thanks for sharing.

Thanks for sharing how you are working through this situation. I'm though really sorry about the AWS charges. That just sucks. I'm hoping their understanding and helpful about a credit or refund.

If you are using a VPS you should set it up to reject all connections except HTTPS coming specifically from Cloudflare's IP ranges (and ssh traffic if you don't have another console available).

@WebDevCody

2 ай бұрын

thanks for the suggestion, I ended up adding that today as well

Thanks for sharing your experience!

Thanks for sharing these situations with the rest of us. Helps everyone!

Great vid!! I wonder if this would help too: SST is moving to Ion apparently next week and making it so you can setup cloudflare as well as AWS resources, so you can mix and match cloud providers in your infrastructure as code. Would love to see you do the move to Ion and deploy your next.js site to cloudflare

These videos are so helpful. Thanks so much man

Love ya! ❤ you’re doing a great job

@WebDevCody

2 ай бұрын

thanks sexy!

Great content, your DDOS protection series are basically showing a process how human being is learning from it's own mistakes :D Hopefully it will save some money for others too! One tip from me, you can move this push-image script to a github action, that will build and push image to ECR automatically on every push to master(or only when you manually trigger it). This way you will have kind of automated CD pipeline for your project. GH actions are also free up to 2k run minutes per month making it a decent solution for hobby projects

Hi, thanks for what u've done so far. Yours is probably top youtube channel out there. I have some questions if u don't mind: - Take example you are using docker-compose to serve traffic & app. What if u need to horizontal scale. What kind of infra u'll choose in this case? K8s or sth?, or maybe docker-swarm I guess? - What is different between nginx and caddle u r using, what is the pros/cons of it

@WebDevCody

2 ай бұрын

Idk I plan to just scale up vertically as much as possible and see how far it’ll take me. Caddy seems simplier, nginx is probably feature rich

Love how he learned and changed totally the argue that we should host everything on managed services like cloudfront, vercel, netlify etc instead of doing custom VPS setups. :)

@WebDevCody

Ай бұрын

😆 a $1,500 bill created in a few hours will do that to a dev

Extremely useful video, cheers

Can't wait for SST ion to have all of this ready :) I don't want to use docker stuff, that hustle annoys me a lot. Way to much effort. Preferably with SolidStart (and Protection enabled)

GREAT technical video, looking to see more content in your channel on Deployment solutions and options. Great work man

Thanks for sharing this with us!

VPS, Caddy, Digital Ocean, docker-compose... Let's go, Cody! This is the way!

Thank you for sharing rare experience to the public.

Cheers for the insight my duuuude

Thank you for the great content as always. One question @WebDevCody. Deploying on vercel also doesn't save you from ddos?

@Miguelmigs24

2 ай бұрын

They can be nice and forgive you the charge, but it will definitely break your free tier and scale your charges like crazy, a lot more expensive than AWS for sure

Thanks for the video, that was very helpful, but I have a few questions, first is why are you using AWS for docker containers? Can I just put my container straight to the DigitalOcean? Second, is there some throwbacks for deploying nextjs to somewhere else instead of Vercel? And maybe there is some frameworks, that are more "deploy where you want" friendly? And I'm mostly talking about Nextjs as full-stack? Or do I need to split my backend and front end as different applications? P.S. I'm just starting to learn more about other frameworks and I'm considering switching from Nextjs (cause I'm stuck at Vercel)

@WebDevCody

2 ай бұрын

You can deploy next anywhere. It should have the same feature except edge computing. I was nit deploying containers on aws; I was using serverless

Nice. I remember commenting on last video asking why you didn't use CF. I mean you could use CF with EC2 if you want.

Hey, great videos! Learned a lot. I have a question: if you host it on the VPS, would you still get a higher bill if you get DDoSed without Cloudflare? Or do you only pay for the instance and it would just get laggy or go down?

@WebDevCody

2 ай бұрын

your instance would crash; therefore, there is no extra bandwidth you'd get charged for. It's just a trade off, would you rather have 100% uptime (you probably want serverless), or reduce your chance of getting a $600 in one hour.

Such good content. this could be a 5 hour paid tutorial with a next.js/VPS hosting stack. sst, docker compose, caddy, TLS, cloudflare etc. would love to know the performance loss with cloudflare in front.

I had some hobby projects on AWS, and is scary that any error or DDOS can give you a 2000$ bill. Paying 5$ dollar a month for a VPS for projects that make no money is better than being worry about that.

You definitely want to make sure to block all incoming traffic on port 443 and 80 except for cloudflare ips in a firewall like ufw on the backend server. If you dont do that, crawlers will be able to resolve your domain to your backend ip, leaking the ip, bypassing any cloudflare protection.

@groff8657

2 ай бұрын

If you proxy to your website using CloudFlare DNS, how do you know those IPs? Are they listed somewhere, is there documentation that lists all those IPs?

@xyssxy

2 ай бұрын

@@groff8657 There are websites & tools to scan pretty much the entire web, if you render your pages on ips too, or have any correlations to your domain, they will be able to link the ip back to the domain

@twitchizle

2 ай бұрын

​@@groff8657there are 255^4 ips in the world. Its not so hard to crawl all of em

@xyssxy

2 ай бұрын

@@groff8657 Yes there is, just type cloudflare ips in any search engine

@Lucas-qr7ul

Ай бұрын

@@groff8657 It's in cloudflare docs. You can google and you'll find it.

Much appreciated!!

This is quality content

Great video, i will try to replicate this setup. I dont want to go homeless

THANKS CODY I LOVE YOU. I'm actually dogshit at Docker. Always have setup my garbage apps just manually. Always have just used Docker for spinning up DBs, not for containerizing the whole deployment. This was interesting. More Docker vids would be cool!

@gadgetboyplaysmc

2 ай бұрын

Can you also do a vid setting up coolify on a VPS next? Everyone's been going wild with it.

Really awesome to see how youve done it. Interested to know why you didnt go down the using of apps in digitalocean, you can literally just throw a docker container into it so you never need to ssh in etc. Though i definitely see some pros and cons to both approaches

@WebDevCody

2 ай бұрын

Because I like wasting time 😂

Nice walkthrough. If you still get into the same issue, perform those extra dance I posted in your last video. Good luck!

@WebDevCody

2 ай бұрын

could you explain why AAAA would help out? if it's behind cloudflare, why would it make any difference?

@mettle_x

2 ай бұрын

@@WebDevCody Most of the internet still use IPv4 so most of the devices participating in a DDoS attack are presssmably using IPv4. If your VPS blocks IPv4 altogether, there will be one way to ping your server - that is through Cloudflare. Now someone can scan the ports of AWS to find the servers that have port 80/433 open and send an HTTP request to your server. However, if you don't use catch all block in Caddyfile: it sends something like 422 to deny requests. That's good but still it receives the HTTP request. Setting up IPv6 with AAAA record will future-proof your server as well. Also, users with IPv6 enjoy faster performance.

@mettle_x

2 ай бұрын

@@WebDevCody I wrote a long reply but it's not showing up here. Joining your Discord if we can have chat there.

I hope you make a detailed video on how to deploy next.js on VPS windows server .

Great explanation.

But why would someone DDOS you ?? You're the chillest dude on web dev yt

@WebDevCody

2 ай бұрын

Because there is a lot of room in hell and someone is reserving their slot

@real23lions

2 ай бұрын

@@WebDevCodyI’m stealing this answer 😂

I am a bit new to tgese concepts. Can you explain why you shifted to a vps? Couldn't you have connected cloudflare to your cloud formation distribution?

There we go! Lol I remember you yelling us to 'watch our dev ops privilege' or something like that when we called these cloud services out. You were junior and a cloud fanboy, I think this was last year 😂 It's really interesting to watch you grow man

@SeibertSwirl

2 ай бұрын

lol you’re probably part of the crew doing it huh?

@lukasberk9303

2 ай бұрын

Next video "Why should you should host simple projects on a VPS instead of AWS" ...............

@SeibertSwirl

2 ай бұрын

@@lukasberk9303 at least you’re all learning together? 🥴 lol unless yall are just here to stare at his face for minutes on end which I guess is cool too 🫠

@WebDevCody

2 ай бұрын

all it took was a DDoS attack and an AWS linked to my credit card to change my thought process 🫠

@oSpam

2 ай бұрын

@@WebDevCodyto be fair you could have (and still can) contact aws support. They would give credit to cover the full cost and help you protect in the future most likely. You also can get $1000-100000 based on being a startup, that could also help. It’s a shame you decided to fully make up your mind so soon.

I never search for cyber security so much like in the last night haha, I guess I learned your lesson too

Hey one question, why did you choose to move to digital ocean, was it an option to just add cloudflare in front of aws setup? Tnx, great video like always! 😊

@WebDevCody

20 күн бұрын

Since this video I’m actually using railway now. Honestly I just wanted a service that has automatic billing limits which will kill my services if I spend too much money. Not many services provide this. Some have primitives I could use to build a kill switch from scratch, but I don’t have time to waste on that

@igortalic2021

20 күн бұрын

Tnx for the answer, yeah I guess kill switch is a great feature! Didn't use railway will look into it 😊

Do you have to scp the certs to your vps everytime they expire or is there a way to automate that?

While I have some hands on experience with dockerizing our apps, I’m new to other stuffs discussed. Can you please make a short video on how to have this set up from scratch to deployment ❤

Might also make sense to look at dokku

I thought you said we should avoid hosting on raw servers as much as possible. What makes this project a plausible use case for VPS hosting?

Cody at 6:28 if you're using Cloudflare generated cert then you can safely turn on the full (strict) option in SSL

@WebDevCody

2 ай бұрын

awesome, I'll turn that on

@kamehameha38

2 ай бұрын

Are the certs free to generate? I'm currently using Let's Encrypt cert on my VPS and thinking of adding cloudflare for extra protection.

@jitx2797

2 ай бұрын

yes those are absolutely free and even you can select the term like 3months, 1years or even 15 years@@kamehameha38

You can configure a cloudflare tunnel which runs on your droplet, and avoid configuring ssl in both places but also you can avoid exposing your droplet

@WebDevCody

2 ай бұрын

I’ll check that out, sounds easier

You don't need to use Cloudflare's origin cert if you already have a valid cert. I also use Caddy and just let it do its default Let's Encrypt or ZeroSSL behind Cloudflare, reducing the amount of manual setup and configuration needed. The origin cert or another trusted cert is what you need for the "Full (strict)" option instead of just "Full".

@WebDevCody

2 ай бұрын

Ahh ok good info!

DigitalOcean also has a container repository service, any particular reason to keep it on AWS ?

Not sure if this is a stupid question, the bulk of the AWS bill comes from Cloudfront HTTP requests. Can you just change from using cloudfront as CDN to cloudflare? Instead of moving out of AWS completely?

@WebDevCody

2 ай бұрын

cloudfront has a bunch of path rules that know how to invoke lambdas on requests. It wouldn't be an easy refactor

"if not good luck" says a whole lot LOL. but thanks this is valuable.

You could also integrate cloudflare with aws loadbalancer, unless they attack you with cloudflare bypass; then maybe you still get charged.

Sorry to hear about AWS bill. But did you not have cloudflare setup already in front of AWS? Because you mention WAF. Did it not work properly?

@teamvashmmo3218

2 ай бұрын

He had cloudfront, which is AWS's CDN

I always knew vps hosting was the right way 😎

my g

Brother, it's amazing and I am thankful to you for sharing such helpful videos. I have one wish: can you create a full-stack college website?

It would be fun if you could got a AWS engineer who helps you to secure you instances and let you make an interview about it to educate people who like us who are watching your channel. I mean it would also benefit them because your and other people with small side projects are more onto their products.

Can't wait for the attacker to ddos test the new setup :D

@WebDevCody

2 ай бұрын

if he does I'm quitting

@rdrbsquknibetsap2559

2 ай бұрын

@@WebDevCodyNo need to worry you are fine now unless you are charged for your AWS servers running in the backend per request you're fine. I would recommend not using AWS at all it's overpriced and trash IMO.

Why did you use a custom TLS cert with caddy when configured caddy to do it automatically?

@WebDevCody

2 ай бұрын

You have to use the cloudflare cert or else you have to do a bunch of extra work

Am a frontend developer and would love to transition to fullstack and master these deploment stuff, do you have a course on this or one you recommend ?

yesterday we were talking in your discord about this issue, it's good you bring this type of content but at the same time is bad, there's a lot of people looking for "targets" and this type of videos bring a lot of attention.

Could also host your own docker registry on the vps to store image?

@WebDevCody

Ай бұрын

I’ve never done that actually; but I’m sure it’s possible

Ah that would definitely hurt my wallet too. I was planning to use vercel and use cloudflare over it. Any chance you can make a tutorial for this?

good to see people moving back to non-serverless stuff

Doesn’t DO offer DDOS protection, or is that not available for their droplets/whatever you used for the VPS? Naturally any and all protection sounds good lol

what people gain from making this type of attacks? also if you use vercel the price will be i think 10 times how do you protect if you use vercel. thanks in advance😊😊

Maybe I'm just too new to the web dev world but this seems entirely convoluted! Just to stop a DDOS you have to apparently run and use like 8 build tools and different services and providers?!? What the hell has the Internet become?

so does cloudflare not work with lambdas?

6:06 CloudFlare can inspect all of your traffic in plain text. (This might be obvious, but I think it's always good to at least point out.)

@WebDevCody

2 ай бұрын

right, I guess you have to trust cloudflare doesn't sell your data or forward it to the NSA 🤣

@RemotHuman

2 ай бұрын

@@WebDevCody I feel like they definitely do forward it to the NSA. We need end to end encryption on our applications starting on the client

Does cloudflare also have free DDoS protection for static websites and serverless functions that they host?

when to use next js instead of react?

I don't remember the steps, but you can set your VPS to not accept connections that are not on the internal network and not from Cloudflare. Just remember to allow ssh over a custom port.

@WebDevCody

2 ай бұрын

I did that today, I setup a DO firewall rule and only allow inbound requests from cloudflare specific IP addresses.

can we use github repository to store docker image

how do you handle ci/cd when you push to one of those repo's?

@WebDevCody

Ай бұрын

I’d probably build the image in GitHub actions, publish it to a container registry, then ssh into the machine and rerun docker compose up

I feel bad for you that somebody out there is eager enough to DDOS you. But this video was very helpful, thanks!

I've always used a VPS for personal projects for this very reason! Companies I worked for all use AWS and the bills in dev environments alone put me off of using it...

Why don't you use cloudflare + aws (sst)? Is there a way for it? I really like sst and aws deployment and would like to use cloudflare in front.. What made you go vps instead of this setup (if exists)

@WebDevCody

2 ай бұрын

Honestly, I’m kind of just tired of serverless and lambda at work we use lambda and I can’t even count how many hours I’ve wasted trying to get binaries to run on lambda ran into lambda size limits, run into API Gateway timeout issues run into having debug permissions over and over again Execution roles having to deal with cold starts that make the application. Just feel slow when you don’t already have a ton of users. Honestly, I think just hosting a single node executable on a VPS or a container runner is extremely low maintenance compared to anything you can hack together in the AWS ecosystem.

does it not make sense to just use cloudflare with your aws project. Or is it necessary to use a vps to prevent the DOS attack?

@WebDevCody

2 ай бұрын

I'm sure it's possible, but I'm a bit tired of serverless

Out of curiosity, can’t you achieve the same thing with aws api gateway and EC2?

@WebDevCody

2 ай бұрын

Same thing, meaning ddos protection or hosting your api?

@emmanuelU17

2 ай бұрын

@@WebDevCody Actually I just thought about it, api gateway, EC2 wouldn’t work against ddos protection but will work with API hosting.

nice stuff, why not use aws vps with cloudflare?

@WebDevCody

2 ай бұрын

Because if I want a vps, DO or railway has a much better ui for cheapee

next: setup traefik on the VPS instead of caddy (Labels in composefile set up the config for Reverse Proxy)

me looking at your bill: I'd be back to eating instant ramen for meals if that happens to me

damn feel bad for u

@WebDevCody

2 ай бұрын

🤷‍♂️ you live and you learn

Is that tls stuff necessary? I thought caddy did that automatically

@WebDevCody

2 ай бұрын

if you use caddy self signing certs, it's a bit more complicated; you'll have to build caddy using xcaddy with a cloudflare plugin so it can know how to validate your self signed certs against cloudflare using your cloudflare api key. I started looking into all of that and said screw that noise

Just curious, why didn’t you deploy this NextJS app on Vercel’s free tier?

@JustPlayerDE

2 ай бұрын

that is the same issue as AWS, just at least 5 times more expensive (free tier is a auto-upgrade if you hit the limits, you still owe money even if no card is linked)

@WebDevCody

2 ай бұрын

Vercel free tier license states it can’t be used for commercial apps; my app getting ddos is making money

Weren't you using Amazon Shield Standard with Cloudfront? It appears to be free and protect against DDOS.

@WebDevCody

2 ай бұрын

yeah, but it obviously isn't blocking all the DDOS traffic

waiting for a DDOS hat-trick, 3 consecutive days damn

How are you able to be consistent with learning and spending good amount of time in front of the screen learning new technology and basically working all the time with producing technical content as well, I have many things on the to do list and I've been getting burnt out a lot lately to the point where sometimes I don't wanna do anything or that I can get high motivation for a day then it goes down drastically, how can I improve this situation from your experience? Thank you

@WebDevCody

2 ай бұрын

I find learning new things fun. When I start to get bored of doing the same thing every day at work, I reach for making KZread videos or learning new stuff

Good for you :D You could simplify the setup with cloudflare tunnels instead of having caddy + managing certificates, but still, congrats, you have escaped paying for shit that is not your fault :)

@WebDevCody

2 ай бұрын

are tunnels a paid plan feature?

@sarabwt

2 ай бұрын

@@WebDevCodyno. There might be a limit to a number of them, but you could think about hosting all your projects on a single instance and have a wildcard dns record that would point to it. Then the cloudflare agent would act as a "reverse proxy" to your local ports :)

You got ops for real 😂 Would be interesting to know what other options are available within AWS without having to pay 3k per month 😢

@ultimathule9841

2 ай бұрын

Also, how much are you paying for Cloudflare? I see that they have a higher level of protection provided apart from the one in the free tier. Keep us updated if you get ddos again. Not bad for content right? 😂

How can you know that thing. How can you understand that what should i need to know so i can get it. Read the docs?

@WebDevCody

2 ай бұрын

I have no clue what you just asked

@leguizbsit3162

2 ай бұрын

@@WebDevCody I'm just amaze how can you learned that. Like choosing where to host and use other tech to secure your application

Well well well

So, for this reason, is Vercel cheaper to host?

@neociber24

2 ай бұрын

I wouldn't say cheaper but easier

@WebDevCody

2 ай бұрын

my vps is like $6 / month, vercel is $20 a month + usage fees