XF 2.2 Cannot install add-ons when Cloudflare proxy is enabled

[Aivaras]

Hi,

I cannot install add-ons in XenForo with A type records in Cloudflare set to “Proxied.” Pressing “Install/upgrade from archive” in ACP logs me out.

If I change from “Proxied” to “DNS only” in Cloudflare, the installation process takes place as expected.

Any ideas what might be causing this?

 

[Aivaras]

Actually with "Proxied" on in Cloudflare, I can install some add-ons (e.g., Attachment Improvements by Xon) but not other (e.g., DragonByte eCommerce).

Could it be a problem with timeout?

 

[Aivaras]

Another symptom that may be connected with the above is I'm frequently getting logged out.

 

[TPerry]

Hopefully someone will chime in.. CloudFlare adds its own levels of complexity. I only use them as my DNS provider. Once my site 'grows up" I might consider otherwise.

 

[Aivaras]

Another symptom that may be connected with the above is I'm frequently getting logged out.

Pressing Ctrl+F5 multiple times may cycle between ACP log-in and home pages (without the need to enter the log-in credentials).

Sometimes I need to enter the log-in credentials a few times in a row to enter the ACP.

 

[dronetech]

When you look at your member list, do you see Cloudflare's IP addresses, or their real IP addresses? If you manage this webserver, you probably need mod_remoteip.

https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs

Without this, the IP address of the request changes almost every request, which can break cookies/sessions as you're experiencing.

 

[Aivaras]

Thanks, Drone Tech! That's exactly what we're looking into currently. And it seems to be the solution, however we need to do more testing. Will report back.

 

[Aivaras]

We finally solved our problems completely.

In the beginning, we were a little confused by the reports of some users (e.g., this one) that XenForo and Cloudflare were working for them out of the box. This was further confirmed by the developers themselves, albeit conditionally. Unfortunately, it was not working well for us: we would see Cloudflare IP addresses on our websites instead of original visitors’, would not be able to install some add-ons, and would frequently be logged out of the ACP.

The first thing we did, following the instructions in “Restoring original visitor IPs,” was we asked our ISP to install mod_remoteip on our Apache server. It improved the situation, although it did not solve it completely. There were still some non-original IP addresses in our logs and we would get abrupt sign-outs from the ACP.

We quickly discovered that mod_remoteip only returns the original visitor IPs that pass through Cloudflare. That is to say, if one has
Railgun enabled (see Cloudflare account > Website > Speed > Optimization > Railgun), the original IPs passing through the Railgun servers will not be restored. And we do have Railgun enabled.

We then took aditional measures to restore original visitor IPs also from Railgun (there is a section specifically on Railgun in “Restoring original visitor IPs”). That resulted in further improvement; however, the situation was still not perfect. We would still get some Railgun IPs instead of the original visitors’. We kept bugging our ISP about this.

After several e-mail exchanges they admitted they had made a mistake of adding one of their Railgun servers to Apache configuration, but forgot to add the other one. (We have two websites, one being assigned in Cloudflare to one Railgun server, and the other to another.) As soon as they added the missing Railgun server to Apache configuration, all our issues were completely fixed.

Hope this helps someone in a similar situation.