仅欧洲替代方案 Cloudflare.
Cloudflare is the most US-exposed vendor in most "EU" stacks because it sits in front of the user — every visitor connects to a Cloudflare edge server before reaching your origin. The EU regions of Cloudflare are EU-located edges, but the parent company is a Delaware corporation with US-controlled key material and US-controlled traffic logs. For Schrems II purposes, Cloudflare in front of personal-data traffic is one of the most defensible problems to remove first, because the alternatives — Bunny.net (SI) and KeyCDN (CH) — have comparable feature sets and dramatically simpler legal stories.
"欧盟区域"不等于主权。四个问题决定一切。
数据驻留告诉你数据在哪里。主权告诉你哪个法律体系可以强制访问。四个答案都必须成立——否则该技术栈就不主权。
数据物理存储在哪里?
不是"在云中"——而是哪个数据中心、在哪个国家、受哪个司法管辖区管辖。
您的数据路径中还有谁?
每一个接触数据的供应商:CDN、邮件中继、错误追踪、分析管道。
哪些法律可以强制披露?
美国总部的供应商受 FISA 702 和 CLOUD Act 管辖——即使数据存放在法兰克福。
谁实际持有加密密钥?
如果云供应商同时持有数据和密钥,无论 DPA 如何,他们都能读取数据。
在司法管辖权和密钥托管上失败。
欧盟数据、美国母公司、默认路径中的美国次级处理者、供应商管理的密钥。
四项全部通过。
托管在欧盟、由欧盟总部基础设施提供。默认路径中零美国次级处理者。客户持有或欧盟 KMS 密钥。在您的第 28 条 DPA 中按名称列出。
为什么团队正在退出 Cloudflare
The pattern we see: a privacy or DPO review identifies Cloudflare as a US subprocessor that processes every visitor request including IP addresses, browser fingerprints (via Bot Management) and cookies. Under Schrems II that is a transfer that needs supplementary measures — typically encryption that Cloudflare cannot read, which defeats the WAF and Bot Management features that were the reason for using Cloudflare. The simpler answer is to swap to an EU-jurisdictional provider where the legal analysis collapses to "no transfer." Bunny.net is the standard target and the migration is genuinely a few hours of DNS and configuration work.
Cloudflare 服务及其仅欧盟等效方案
迁移不是"换一个盒子"。下面的映射是我们为离开以下平台的客户运行的 Cloudflare 基于 Schrems II — 完全欧盟司法管辖权,数据路径中没有美国母公司。
| Cloudflare 服务 | 仅欧盟替代方案 | 工程说明 |
|---|---|---|
| Cloudflare CDN | Bunny.net, KeyCDN (CH) | Bunny has 110+ POPs including dense EU coverage. Per-GB pricing is roughly half Cloudflare's comparable plan. Migration is a CNAME flip plus origin pull configuration. |
| Cloudflare WAF | Bunny WAF, ModSecurity / Coraza on EU edge, OVH Anti-DDoS rules | Bunny's WAF covers OWASP Top 10 with rule-based controls. For deep custom rules, ModSecurity on a self-managed edge is the production pattern. |
| Cloudflare DDoS protection | OVH Anti-DDoS (included on most plans), Bunny DDoS protection | OVH has invested heavily in their VAC scrubbing infrastructure; for large-scale L3/L4 attacks they are demonstrably competitive with Cloudflare. |
| Cloudflare DNS | Hetzner DNS, Bunny DNS, deSEC (DE non-profit) | For most use cases Hetzner or Bunny is sufficient. deSEC is privacy-first with mandatory DNSSEC. |
| Cloudflare R2 (storage) | Bunny Storage, OVH Object Storage, Wasabi EU, self-hosted MinIO | R2's zero-egress story is unique; on EU providers, egress is also typically free or very low, so the cost argument transfers. |
| Cloudflare Workers | Bunny Edge Scripting, self-hosted edge functions on Knative, EU-based serverless platforms | Workers is the hardest single Cloudflare product to replace. For most use cases (request rewriting, A/B testing, simple APIs), Bunny Edge Scripting covers it. For complex Workers (Durable Objects), self-hosted is the pattern. |
| Cloudflare Pages | Bunny CDN + EU object storage, GitLab Pages (EU instance), self-hosted Coolify | Pages' main value is the build pipeline; that piece moves to your CI provider. |
| Cloudflare Tunnel (Argo) | Tailscale (US — flag), Twingate (US — flag), Wireguard self-managed, Netbird (DE) | Netbird is DE-headquartered and provides the "no-public-IP" pattern with EU jurisdiction. Wireguard self-managed is the standard sovereign answer. |
| Cloudflare Access (zero trust) | Pomerium self-hosted, Authelia self-hosted, Boundary by Hashicorp on EU infra | For internal-only applications, an OIDC-protected reverse proxy on EU infrastructure is functionally equivalent. |
| Cloudflare Stream (video) | Bunny Stream, OVH Streaming, self-hosted Mediamtx with EU-only POPs | Bunny Stream offers comparable HLS/DASH delivery with EU-only edge option. |
| Cloudflare Bot Management | CrowdSec (FR), DataDome (FR), Cloudflare → Bunny + custom rules | CrowdSec is FR-headquartered and increasingly capable. For high-traffic e-commerce, DataDome (also FR) is the enterprise alternative. |
我们如何迁移离开 Cloudflare
典型的中端市场迁移分三个阶段进行。以下数字假设一个 6-10 人的工程团队和中等复杂的应用程序技术栈。
Inventory & risk-rank
List every Cloudflare product in use: CDN, DNS, WAF rules, Workers, Pages, R2, Tunnel, Access. Map each to a personal-data exposure (does it touch PII?) and migration complexity. Output: priority list, usually CDN/DNS first.
Soft swap (CDN, DNS, R2)
Provision Bunny pull zones for the same hostnames. Test with a staging hostname. Cut DNS over with low TTL pre-stage. R2 → Bunny Storage migration via parallel-write. WAF rules ported manually to Bunny WAF.
Hard pieces (Workers, Tunnel, Access)
Worker code reviewed and either ported to Bunny Edge Scripting, rewritten as origin-side middleware, or self-hosted on Knative. Tunnel replaced with Netbird or self-managed Wireguard. Access replaced with Pomerium or Authelia. Pages workloads moved to GitLab Pages or self-hosted.
Cloudflare-to-Bunny migrations almost always reduce monthly spend by 40–70% at typical mid-market volumes. The exceptions are Workers-heavy stacks (where the equivalent self-hosted infrastructure has higher fixed cost) and high-traffic Pages stacks (where Cloudflare's aggressive free tier is hard to match).
常见问题
Cloudflare has EU-only data plans now — does that solve it?
Cloudflare's "Data Localization Suite" can keep EU traffic on EU edges and EU keys, which addresses residency. It does not address jurisdiction: Cloudflare Inc. remains a US corporation subject to the CLOUD Act. For most Schrems II analyses, the data-localization product is an improvement but not full sovereignty.
Will switching CDN affect performance for European visitors?
For European users specifically, Bunny.net often performs equal or better than Cloudflare because their EU POP density is higher per-traffic. Real-world tests on e-commerce migrations have shown TTFB improvements of 10–30ms for EU-specific traffic. For global users (US, APAC), Cloudflare's POP count is larger.
How do we handle Cloudflare Workers replacement?
Three patterns depending on the Worker: (1) trivial request rewrites move to Bunny Edge Scripting unchanged, (2) Workers that talk to KV / Durable Objects need a re-architect — typically the logic moves to the origin and uses Redis or Postgres, (3) Workers acting as API endpoints become small Knative services on EU infrastructure.
Is Bunny.net a real Schrems II–safe alternative?
Bunny.net is BunnyWay d.o.o., headquartered in Ljubljana, Slovenia (EU member). The legal entity is fully under EU jurisdiction. Their published subprocessor list is short and EU-focused. For Schrems II, the analysis collapses to "no third-country transfer" which is materially easier than Cloudflare's data-localization story.
What about Fastly or Akamai?
Both US-headquartered. Fastly is San Francisco; Akamai is Cambridge, MA. Same CLOUD Act analysis as Cloudflare. They are not Schrems II–easier than Cloudflare; they are different US providers with different feature sets.
How long does a Cloudflare migration take?
For a typical workload (CDN, DNS, basic WAF, no Workers): 1–2 weeks elapsed. For a Workers-heavy or Tunnel-dependent setup: 4–8 weeks. We can run the whole thing as a managed migration if you want it done without burning your team's capacity.