Unless someone finds a way to advertise nodes that doesn’t depend on the entry point then yes. Consider this example: https://github.com/bitcoin/bitcoin/blob/1b2460bd5824170ab85757e35f81197199cce9d6/src/chainparams.cpp#L112 if someone takes down those domains it is game over for a new node until someone updates the code.

I get your point, those systems make it harder to take down things permanently but they aren’t as resilient and perfect as people paint them to be - an it has nothing to do with being pedantic, it is just the reality of things.

Here: https://lemmy.world/post/29490236/17012887

My point was: if you still need some central point of contact what’s the point in decentralized, you can still get fucked.

For instance the DHT systems you talk about, they’re good but still require some centralized points. In a bittorrent network with DHT a new client cannot join without either a tracker or the knowledge of at least one member of the network to exchange peers with. Bitcoin still has some hardcoded DNS seeds in the core client… etc.

bittorrent decentralization

True bittorrent decentralization never happened.

There’s no real / true decentralization. You’re always dependent on something, somewhere in some way. It can be harder to shut it down but there’s also a point of failure somewhere. Blockchain is all fun and games until you’ve to consider resource waste and that you still need DNS and IPs working.

Yes, you can use a Cloudflare tunnel but why? Since you’re into self-hosting why should you depend on some random company to tunnel your traffic when you most likely don’t need it? You also have all the potential tracking, spyware, risks and “being hostage” scenarios that may come with that choice.

The following assumes your use case is a simple home server for “standard arr apps, jellyfin, pi-hole” for personal usage that sits inside your network and your objetive is to be able to access those services. If you’re instead trying to host a game server / few services for friends (that doesn’t really need to be “inside” your home network) there’s a more complete comment with other security considerations and recommendations here.

Your basic requirements are:

• Some kind of domain / subdomain payed or free;
• Preferably Home ISP that has provides public IP addresses - no CGNAT BS;
• Ideally a static IP at home, but you can do just fine with a dynamic DNS service such as https://freedns.afraid.org/.

Quick setup guide and checklist:

1. Create your subdomain for the dynamic DNS service https://freedns.afraid.org/ and install the daemon on the server - will update your domain with your dynamic IP when it changes;
2. List what ports you need to access remote;
3. Setup Wireguard VPN on the server. There’s also this nice UI that can be used to do most of the setup and create client config files;
4. For the VPN use custom ports with 5 digits - something like 23901 (up to 65535) to make your service harder to find;
5. Configure your ISP router to assign a static local IP to the server and port forward the VPN port to the server IP;
6. Only expose absolutely required services (the VPN port in this case) to the Internet. Any service the server provides, SSH, configuration interfaces and whatnot can accessed through the WireGuard VPN;
7. In the server consider setting up nftables / iptables / another firewall 10 minute guide;
8. Configure nftables to only allow traffic coming from public IP addresses (IPs outside your home network IP / VPN range) to the Wireguard port - this will protect your server if by some mistake the router starts forwarding more traffic from the internet to the server than it should;
9. Configure nftables to restrict what countries are allowed to access your server. Most likely you only need to allow incoming connection from your country (https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching).

Since you’re only allowing access to your services through the VPN and you’ve heavily restricted access to the VPN port you’ll be safe. Just a side note, don’t be afraid to expose the Wireguard port because if someone tried to connect and they don’t authenticate with the right key the server will silently drop the packets.

Now if your ISP doesn’t provide you with a public IP / port forwarding abilities you may want to read this in order to find why you should avoid Cloudflare and how to setup and alternative / more private solution.