documentation

documentation copied to clipboard

URL

https://yt.whateveritworks.org

Mandatory checks

• [X] Instance has a domain name
• [X] Instance is served over HTTPS
• [X] Statistics (/api/v1/stats) are enabled
• [X] Instance is properly configured (including the mandatory post install configuration)
• [X] Instance has an automatic hourly restart setup of Invidious
• [X] If dash, proxy + download is enabled (default settings), the instance has unlimited traffic/bandwidth or close to unlimited (100TB minimum)

Maintainer chart

• [X] Ensure that my instance is up to date (less than one month old)
• [X] Ensure a proper uptime of my instance (around 90%)

Host country

Germany

Man in the Middle

Cloudflare

Source code URL

No response

Analytics

• [ ] They are GDPR/CCPA compliant
• [ ] This is stated in your Privacy Policy
• [ ] You have provided the source code's URL in the dedicated field above

Additional information

No response

Hello! Your instance has been added to our monitoring system: https://stats.uptimerobot.com/89VnzSKAn/794478524 You need to wait 30 days before we add your instance, this is to evaluate that your instance will keep a good uptime for one month.

Make sure you double checked all the mandatory checks or this will slow down the process of adding your instance!

About cloudflare, just so you are aware, technically under their terms it's not allowed to serve invidious behind their CDN: https://blog.cloudflare.com/updated-tos/

We at invidious do not care what you do with cloudflare as long as you follow our rules, but I just wanted to let you know.

About cloudflare, just so you are aware, technically under their terms it's not allowed to serve invidious behind their CDN: https://blog.cloudflare.com/updated-tos/

We at invidious do not care what you do with cloudflare as long as you follow our rules, but I just wanted to let you know.

I read it and I don't see it mention invidious?, And hosting it online without a CDN with serving content like videos etc is a bandwidth hog look at rumble, twitch, YouTube, all use CDN to reduce cost and bandwidth. I understand about the SearXNG no need to put it behind cloudflare, but now it will be unprotected to ddos, bots, etc. If you telling me to remove cloudflare on a video streaming frontend probably most stupid thing to do.

But i respect all cloudflare rules and invidious rules, It's been up for 2 months now so its fine. My account with cloudflare is pretty og and they know me in their discord server, I also have a proxy server so it won't get dmca notice takedown so it's all good

From the blog:

Video and large files hosted outside of Cloudflare will still be restricted on our CDN

From https://blog.cloudflare.com/updated-tos/

See more in https://old.reddit.com/r/selfhosted/comments/13j4pft/goodbye_section_28_and_hello_to_cloudflares_new/

Like I said, we do not care what you do with cloudflare, we will allow your instance whenever it is on cloudflare or not, the invidious rules are not the same as SearXNG. I'm just letting you know that according to their rules, hosting invidious through cloudflare is not allowed.

(It's not because I'm also on searxng that it's the same people and rules behind.)

---

Please edit your messages, instead of creating new messages.

I also a 100% green renewal energy guy and privacy.

Hetzner & Cloudflare both are green renewal and help protect the earth: https://blog.cloudflare.com/understand-and-reduce-your-carbon-impact-with-cloudflare/ https://blog.cloudflare.com/cloudflare-committed-to-building-a-greener-internet/

But, add it my instance is ready for invidious. Cloudflare protects hack forums, proxies sites, scrapers, etc. I doubt they will remove a privacy youtube frontend that i don't upload or host content on, and even then the proxy server is setup to avoid dmca too...

You can add it

You can add it

See above: https://github.com/iv-org/documentation/issues/402#issuecomment-1571294419

Please remove any tracking related to that:

/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Please remove any tracking related to that:

/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Rocket Loader™ Improve the paint time for pages which include JavaScript.

EDIT: It is removed!

Tracking still in place:

<script>(function(){var js = "window['__CF$cv$params']={r:'7eb47d6e19e53c74'};_cpo=document.createElement('script');_cpo.nonce='',_cpo.src='/cdn-cgi/challenge-platform/scripts/invisible.js',document.getElementsByTagName('head')[0].appendChild(_cpo);";var _0xh = document.createElement('iframe');_0xh.height = 1;_0xh.width = 1;_0xh.style.position = 'absolute';_0xh.style.top = 0;_0xh.style.left = 0;_0xh.style.border = 'none';_0xh.style.visibility = 'hidden';document.body.appendChild(_0xh);function handler() {var _0xi = _0xh.contentDocument || _0xh.contentWindow.document;if (_0xi) {var _0xj = _0xi.createElement('script');_0xj.innerHTML = js;_0xi.getElementsByTagName('head')[0].appendChild(_0xj);}}if (document.readyState !== 'loading') {handler();} else if (window.addEventListener) {document.addEventListener('DOMContentLoaded', handler);} else {var prev = document.onreadystatechange || function () {};document.onreadystatechange = function (e) {prev(e);if (document.readyState !== 'loading') {document.onreadystatechange = prev;handler();}};}})();</script><script defer src="[https://static.cloudflareinsights.com/beacon.min.js/v2cb3a2ab87c5498db5ce7e6608cf55231689030342039](view-source:https://static.cloudflareinsights.com/beacon.min.js/v2cb3a2ab87c5498db5ce7e6608cf55231689030342039)" integrity="sha512-DI3rPuZDcpH/mSGyN22erN5QFnhl760f50/te7FTIYxodEF8jJnSFnfnmG/c+osmIQemvUrnBtxnMpNdzvx1/g==" data-cf-beacon='{"rayId":"7eb47d6e19e53c74","version":"2023.4.0","r":1,"token":"ffa23e58de0842a39b3550cece6c9892","si":100}' crossorigin="anonymous"></script>

Tracking still in place:

<script>(function(){var js = "window['__CF$cv$params']={r:'7eb47d6e19e53c74'};_cpo=document.createElement('script');_cpo.nonce='',_cpo.src='/cdn-cgi/challenge-platform/scripts/invisible.js',document.getElementsByTagName('head')[0].appendChild(_cpo);";var _0xh = document.createElement('iframe');_0xh.height = 1;_0xh.width = 1;_0xh.style.position = 'absolute';_0xh.style.top = 0;_0xh.style.left = 0;_0xh.style.border = 'none';_0xh.style.visibility = 'hidden';document.body.appendChild(_0xh);function handler() {var _0xi = _0xh.contentDocument || _0xh.contentWindow.document;if (_0xi) {var _0xj = _0xi.createElement('script');_0xj.innerHTML = js;_0xi.getElementsByTagName('head')[0].appendChild(_0xj);}}if (document.readyState !== 'loading') {handler();} else if (window.addEventListener) {document.addEventListener('DOMContentLoaded', handler);} else {var prev = document.onreadystatechange || function () {};document.onreadystatechange = function (e) {prev(e);if (document.readyState !== 'loading') {document.onreadystatechange = prev;handler();}};}})();</script><script defer src="[https://static.cloudflareinsights.com/beacon.min.js/v2cb3a2ab87c5498db5ce7e6608cf55231689030342039](view-source:https://static.cloudflareinsights.com/beacon.min.js/v2cb3a2ab87c5498db5ce7e6608cf55231689030342039)" integrity="sha512-DI3rPuZDcpH/mSGyN22erN5QFnhl760f50/te7FTIYxodEF8jJnSFnfnmG/c+osmIQemvUrnBtxnMpNdzvx1/g==" data-cf-beacon='{"rayId":"7eb47d6e19e53c74","version":"2023.4.0","r":1,"token":"ffa23e58de0842a39b3550cece6c9892","si":100}' crossorigin="anonymous"></script>

You clearly don't know, how Cloudflare works, and you are trying to degrade my security, if that is the case just decline and close this issue. Most of other instances has CVEs vulnerabilities found.

Hello, 4 things:

• Cloudflare doesn't inject any javascript for its DDoS protection to work, you are either miss-understanding how it works, or are lying on purpose.

• You are trying to defend Cloudflare "Cloudflare protects hack forums, proxies sites, scrapers, etc." while forgetting that Cloudflare is one of the biggest spyware company. Which is ironic since you're using it on a software made primarily for a better privacy.

• Your are loading: https://static.cloudflareinsights.com/beacon.min.js - cloudflareinsights.com is Cloudflare's tracking domain. beacon.js is the main tracker loader.

• You are injecting JavaScript, none of this JavaScript is in https://github.com/WhateverItWorks/invidious-reworked - what you are doing is effectively an AGPL violation. Moreover none of this tracking JavaScript is mentioned anywhere, which also makes it a GDPR violation.

You are also arbitrarily blocking users:

I wont go into it more than that, since you seem to have no desire to discuss it and would rather imply things out of the people who develop the software you're using "You clearly don't know, how Cloudflare works, and you are trying to degrade my security".

Good bye.

... I wont go into it more than that, since you seem to have no desire to discuss it and would rather imply things out of the people who develop the software you're using "You clearly don't know, how Cloudflare works, and you are trying to degrade my security".

Good bye.

I apologise if that sounds as if it is the tone of my friend here, but English is not his first language and he might sound like he is being smug or dismissive. I want to address some of the points that have been made in your reply (and further, the thread itself)

• Cloudflare doesn't inject any javascript for its DDoS protection to work, you are either miss-understanding how it works, or are lying on purpose.

Whilst this is true, Cloudflare does use an invisible JavaScript to determine the risk score for clients with Bot Fight Mode turned on (see https://community.cloudflare.com/t/how-to-get-rid-of-scripts-invisible-js/362087/3)

• Your are loading: https://static.cloudflareinsights.com/beacon.min.js - cloudflareinsights.com is Cloudflare's tracking domain. beacon.js is the main tracker loader.

This is indeed a merit of a user selectable option, which should be disabled.

This also addresses your last point about the AGPL violation. Whilst I do not give a shit, you clearly do and a solution has been found.

You are also arbitrarily blocking users: ...

I can confirm this happens when my VPN is turned on too which looks to be down to some sort of blocklist.

I apologise myself if I sound rude or dismissive, however you said "Good bye" without even attempting to formulate a solution, I hope you both can work towards getting this resolved.