Comments (8)
FWIW, I already use the free tier of Cloudflare for DNS and proxying, and I also get a couple cents charged on some months, though not always. This doesn't include any blocking/firewall, but my understanding was that, through the Cloudflare network, the data center talking to the actual GCE VM would be in a region close to the VM.
However, do you see the "Network Internet Data Transfer" charges in the PDF invoices that Google sends? Because I've never seen anything so detailed there, mine just say "Fee for MONTH YEAR", and sometimes that's 0, sometimes not.
from bitwarden_gcloud.
from bitwarden_gcloud.
Yeah, I also see some amount on the line
Network Internet Data Transfer Out from Americas to China
It is in the order of 0.01 USD
So I did not bother much (yet)
But I'm wondering what could be this traffic going out to China...
bots traffic probably.
from bitwarden_gcloud.
I've noticed the same, 2 months with $.02. Unfortunately, putting the blocking in gcloud will still not eliminate traffic from bot traffic; even the packets that are dropped by ipsec will be charged. Having it outside as some sort of web app firewall (ala Cloudflare @turnah) is the best approach to make it fool-proof.
This month I'll have some time to research some possible methods and write up. There is some prior work done here
from bitwarden_gcloud.
I have about CAD 0.02 every month, not a big deal but the CF approach seems to be a more elegant approach.
Looks like a websocket change for the next version that we need to be prepared for: dani-garcia/vaultwarden#4024
from bitwarden_gcloud.
FWIW, I already use the free tier of Cloudflare for DNS and proxying, and I also get a couple cents charged on some months, though not always. This doesn't include any blocking/firewall, but my understanding was that, through the Cloudflare network, the data center talking to the actual GCE VM would be in a region close to the VM.
However, do you see the "Network Internet Data Transfer" charges in the PDF invoices that Google sends? Because I've never seen anything so detailed there, mine just say "Fee for MONTH YEAR", and sometimes that's 0, sometimes not.
When I check the Cost Breakdown, I always have:
Network Internet Data Transfer Out from Americas to China - $0.02
The CF implementation would be great if the traffic can be proxied.
from bitwarden_gcloud.
Ah I found it now under "Cost table", same as yours. Since I already use the free CF proxy, I suppose that's not enough.
I did configure Countryblock as documented in the wiki, but I guess some requests always slip through, not sure if it can be 100% avoided.
from bitwarden_gcloud.
I didn't have the capacity I thought I would to look at this in January. There shouldn't be any charges for inbound data to Google. Any firewall rule added by countryblock will DROP packets, so there should be no outbound to IPs from the countries.
There will be IP subnets not in ipdeny.com
's lists that Google will charge exit fees to.
Cloudflare might eliminate some traffic that's using your DNS to scan, but I believe most of the traffic is from systems that scan the entire IPv4 space (think Shodan), so DNS will have little to do with it.
The most airtight solution will require something like Cloudflare Zero Trust VPN (free I think for these purposes), or only whitelisting cloudflare IPs from Google.
from bitwarden_gcloud.
Related Issues (20)
- Watchtower Logs Image Pull HOT 3
- Use caddy:alpine instead of caddy/caddy:alpine
- YUBICO_SERVER can no longer be an empty string, causes restart loops HOT 3
- how to update a running instance? HOT 1
- Use gcloud flow URL in documentation to enable gcloud settings HOT 1
- Improve README.md HOT 1
- Log rotation? HOT 2
- .env changes not affecting VW variables HOT 1
- rclone failed to create config file HOT 2
- Can't get admin page enabled HOT 2
- Can not encrypt backup files. HOT 4
- DDNS stopped working HOT 9
- Fail2ban not sending shutdown and startup emails
- Issue with SMTP_TLS in .env HOT 3
- Instance has become inaccessible HOT 8
- Docker compose version HOT 1
- Vaultwarden's IP_HEADER env var is inconsistent HOT 1
- Fail2ban email via SMTP fails HOT 7
- error proxy when start docker-compose up HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bitwarden_gcloud.