DDoS is a failure attack when the hardware fails.
It is of two types -
The first variant of the attack can be beaten off on your own - put a more powerful server, optimize the software, ignore "heavy" requests, filter requests. install another server, install a balancer.
In general, everything can be solved with your own hands and at low cost, although knowledge and experience are needed.
The second option is not treated in any way, the attack will stupidly clog the channel of your hoster or provider and you will be left without communication.
Of course, you can buy a really wide channel, but it is a lot of money and infrastructure.
Cloudflare and others like it have a lot of money, infrastructure, and a bunch of channels - it's almost impossible to score them, they withstand an attack on the network and provide filtering services for traffic that goes to your server.

"Medium gravity" is by what standards?
You did not mention the channel and server hardware (virtual?) at all.
If the channel is clogged, then you will not do anything on your own.
If the virtual machine is overloaded, then the hoster will disconnect you.
If everything is not so bad, then put some kind of fail2ban, configure and rejoice (if possible).
In any case, good luck with this endeavor.

a banal udp storm and you can protect yourself from it as you like - you won’t do anything, only at the uplink/hoster level it can be solved even higher ....

Can Sasha Pupyrkin's poor blog and his server survive without Cloudflare and similar services?