I've recently found myself without much to do (short version: the company that my company was contracting to went into voluntary administration just before Christmas, while Ada and I were away in Melbourne), so I've had a little bit of time on my hands to do some work on the site infrastructure, free from meetings and corporate wankery. YAY!
One of the things I've wanted to do for a while now is setup some form of edge-node caching and geo-DNS to get the various sites we host closer to you folks who use our instances.
And yes, there's Cloudflare... and Akamai... and Bunny.net... however as a safe-haven for vulnerable minorities, and with the geo-political situation the way it is these days, we really need to be super careful about where we terminate your connections. Who are the intermediate people who can see and collect your data. Who can switch our servers off at a moment's notice, suspend the domain names, shut us down?
Until recently we've known that we are slow on the edge, but we controlled all our own hardware, and we've not had the capacity to do much about it.
So over the last few days, I've taken the time to setup a bunch of edge nodes, migrate DNS away from third party providers, move domain name registrars.
The end result is that (with a few minor site interruptions) now we have our own CDN that we control all the way from DNS resolution until you hit the database on our dedicated servers. Your traffic is encrypted all the way through, our core infrastructure isn't exposed to people who sniff around to see who they can try to report us and shut us down, nobody else can see your browsing it in transit, and for people not in or around Finland, it's noticeably faster to load the site and click around.
To make sure you're all fully informed, I'll carefully disclose our decisions and new structure.
Firstly our edge servers are on Vultr and DigitalOcean. These 2 providers from our research seem to be quite neutral and non-politically aligned, and neither one by themselves can take us entirely down, and neither one of them are where our core infrastructure is located.
Secondly our edge locations have been carefully chosen to be regions that are outside jurisdictions where we can currently see political turmoil, overly zealous conservatism and fascist activity. We've chosen Toronto Canada, Sydney Australia, Amsterdam Netherlands and Frankfurt Germany as our edge node and DNS server locations.
Thirdly we've moved our domains into EuroDNS registrar to minimize the chance that the USA pressures companies to take action against our domains. EuroDNS is a large company headquartered in Luxembourg, and with no ties to the US itself, it's parent company or any sibling companies, this gives us comfort that they can resist any political pressure which may be applied.
If there's any interest in how we setup the infrastructure, let me know and I can make a separate technical post about it.
EDIT - here it is: https://lemmyverse.link/lemmy.blahaj.zone/post/36690717