// field notes
One Box, One City: The Rocky Road to My Own CDN
I can't see straight anymore for all the third parties standing between my code and the machine. Every layer I don't own is a bill I didn't write and a switch I don't hold. So I'm doing the mad thing: I'm building my own edge network. On real iron. In real cities. With a budget of exactly nothing.
This is the same bet the madlads stack has always made — fundamentals beat fashion, and nothing goes between the engineer and the metal. MongoDB, Express, vanilla JS, Node: server-rendered, hand-written, owned end to end. No framework runtime shipped to the browser, no magic I can't explain at 3am under load. A CDN is just that philosophy pushed one layer down the stack — from "own the app" to "own the ground it runs on."
The giants want you to believe edge is a mystery only they can afford. It isn't. It's a box, a wire, a cache, and a routing decision. You can build the honest version of that yourself. It'll be rocky. That's the point.
The plan isn't to out-spend the cloud. It's to out-own it. One node I control beats a thousand I rent.
01 — Why own the metal at all
Rented edge is convenient right up until it isn't: opaque egress fees, region outages you can't debug, TOS that shift under you, and a dependency graph you can't audit. The madlads answer to third parties has always been the same — bring it in-house, harden it in production, own every layer. Secrets live in gitignored env files, never a vendor dashboard. Tenant data never bleeds across boundaries. That discipline doesn't stop at the app; it should reach all the way to the NIC.
02 — The rocky roadmap
No fantasy timelines. Each phase ships something real, learns something real, and stays cheap until it has earned the right to cost money.
Phase 0 — One box, one city
A single real server in one strategic location — home lab or a cheap colo 1U. Origin and edge on the same iron. Node reverse-proxy in front, disk cache behind it, TLS via Let's Encrypt. If it can't survive as one honest node, it doesn't deserve a fleet. Reality: this is a weekend, not a quarter.
Phase 1 — Route by geography, cheaply
Skip anycast for now — it's the expensive endgame, not the starting line. Use GeoDNS to send visitors to their nearest node. It's the no-budget bridge that buys 80% of the latency win for none of the BGP pain. Reality: GeoDNS is "good enough" far longer than the giants admit.
Phase 2 — Second node, real distance
Add a node in a genuinely different geo — pick it by measured latency to my actual users, not by which city sounds impressive. Now cache invalidation, purge, and consistency become real problems. Solve them the madlads way: small, contained services, each doing one job it can't screw up quietly.
Phase 3 — Make it survive itself
Health checks, automatic failover, TLS everywhere, and observability I can actually read. Middleware-baked hardening carries straight over: rate limiting on the edge, honeypots on public surfaces, strict auth gating on every admin route. Safety isn't a phase — it's wired into the request pipeline like it always has been.
Phase 4 — The Cloud Giant endgame (honest version)
This is where "own an ASN, announce your own IP space, speak BGP, run true anycast" lives. It's real, it's doable, and it's not free — RIR fees, transit that allows BGP, IP allocation, and a colo that'll peer with you. I'm naming it so nobody thinks Phase 0 magically becomes Cloudflare overnight. You climb to it. You don't start there.
03 — What stays human
AI rides along for this the way it rides along for everything here — it drafts the boilerplate, rubber-ducks the edge cases, speeds up the typing. It does not hold the pager. The routing decisions, the failover logic, the call on where a node goes and why — that stays with the person who has to answer for it when a city goes dark. AI supports the madlad; it isn't the madlad.
So no, I probably won't dethrone the cloud giants this year. But I'll own my edge, understand every hop, and pay no ransom to a middleman I never met. That's not a smaller ambition. It's a sharper one.
Building the rocky version in public. Follow the scars. #getMad — scott@madladslab.com