Cloudflare optimizations for XenForo

[digitalpoint]

I’d just manually block any causing you problems for your site, otherwise not worth the effort trying to manually block every possible bad bot in the world. That’s a never ending, impossible task.

 

[PumpinIron]

I’d just manually block any causing you problems for you site, otherwise not worth the effort trying to manually block every possible bot bot in the world. That’s a never ending, impossible task.

Thanks, that’s what I figured. Just wanted to make sure.

 

[CITAKU]

Great post, thank you @digitalpoint!

 

[KensonPlays]

Would you recommend enabling Load Balancing if on OVH Public Cloud for your XF install?

 

[digitalpoint]

I don’t know anything about OVH, but I’m guessing no.

Are they giving you multiple IP addresses for your servers and expecting you to route the traffic appropriately to them? If not, you probably don’t have anything to actually load balance.

 

[KensonPlays]

I don’t know anything about OVH, but I’m guessing no.

Are they giving you multiple IP addresses for your servers and expecting you to route the traffic appropriately to them? If not, you probably don’t have anything to actually load balance.

Not sure on the specifics, a friend of mine is managing that aspect of getting that going for our business, and we'll also host our personal sites on it too.

 

[digitalpoint]

Well unless you are managing multiple servers and are expected to route traffic between them, you wouldn’t have anything to load balance.

If you have a single server, there’s nothing for you to load balance. If you have multiple servers and it’s transparent to you because your hosting company handles it, there’s also nothing to load balance.

Load balancing would more be if you personally managed your own hardware and you have that hardware in different geographical locations. Normal hosting isn’t going to require you to load balance anything.

 

[KensonPlays]

Well unless you are managing multiple servers and are expected to route traffic between them, you wouldn’t have anything to load balance.

If you have a single server, there’s nothing for you to load balance. If you have multiple servers and it’s transparent to you because your hosting company handles it, there’s also nothing to load balance.

Load balancing would more be if you personally managed your own hardware and you have that hardware in different geographical locations. Normal hosting isn’t going to require you to load balance anything.

Wasn't sure since it did say "Public Cloud" server, and aren't cloud servers usually set in a few datacenters?

 

[digitalpoint]

Wasn't sure since it did say "Public Cloud" server, and aren't cloud servers usually set in a few datacenters?

Sometimes… but again, if the hosting company is handling all that for you, then you have nothing to load balance.

 

[AndrewSimm]

Does anyone have a perspective on polish and mirage for Xenforo?

 

[digitalpoint]

Does anyone have a perspective on polish and mirage for Xenforo?

Personally, I don't have either enabled on any of my zones. Both are an easy (but also lazy) way of doing things imo.

Polish would be great for a site that had a ton of TIFF or BMP images that the owner didn't want to convert to more modern formats. It does supports WebP, which is nice... but XenForo will have WebP support at some point (whenever 2.3 comes out). My (personal) plan is to make myself an addon that converts incoming images to WebP at that point as well as a utility to migrate existing images (attachments and avatars) to WebP.

Mirage is a way where a site that has a single (large) image for something to serve different sizes/formats to different screen sizes. XenForo already does that (attachments have thumbnails, avatars have 4 different sizes that are used when appropriate), so the gains with using it with XenForo isn't all that great because XenForo is already doing most of what it's trying to do transparently.

Personally, I'd rather do images right at the origin than rely on something between my server and users to do "image translation" on the fly.

 

[AndrewSimm]

When I run Cloudflare "Observatory" against the thread list of one of my forums I get told that I could save 440ms by using Polish. I also get told that I can save 660ms If I have Cloudflare resize images. My guess it's because avatars are 96x96 but render 36x36.

 

[digitalpoint]

If you aren’t using HTML markup for alternate high-res versions for things like phones, a good rule of thumb is for the image to be twice the size as it’s being rendered. So rendering a 96px avatar into a 36px size is going to be a good way to go.

You also start getting diminishing returns if you have too many different size options. Like if an avatar had 10 different sizes that users could see, is it really worth them downloading 10 different images? Or is it going to be better to have them download 2 or 3 (where slightly larger than necessary versions are sometimes used) and cache those in their browser? Things like Observatory are really just measuring a single non-cached page and isn’t factoring in if parts of your page is cached in the user’s browser for different page views (for example a user might only need to load an avatar once, and then it’s already loaded for other page views).

Give it a try and see if it makes your site noticeably faster. Certainly doesn’t hurt to try, but I’m guessing you won’t see any quantifiable speed difference. But again… try it.

 

[AndrewSimm]

I guess I didn't think about that. I am serving over 7 TB a month with Cloudflare and all my attachments and avatars are being served from R2.

I guess I am just trying to find ways to make my pages load faster. My big issue is all the ad code.

 

[digitalpoint]

I guess I didn't think about that. I am serving over 7 TB a month with Cloudflare and all my attachments and avatars are being served from R2.

I guess I am just trying to find ways to make my pages load faster. My big issue is all the ad code.

Well, you kind of answered your own question… Getting rid of ads will most definitely speed up your site. Hah

If you really want to dig in and see if there’s anything you can do to speed up your site, I’d look at your page’s waterfall. Maybe you will see something that is in your control that you can improve. Everyone’s site is different, so there isn’t going to be a magic pill.

 

[MaximilianKohler]

It allows you to keep the true IP address of your server hidden. For example Cloudflare's normal mode of operation sends all your web traffic to a Cloudflare IP and they are able to mitigate DDoS attacks because of that (Cloudflare can't stop DDoS attacks if the traffic is going direct to your server IP (they aren't a middleman). Because of this, it's a good idea to keep your server's true IP address hidden from the public (if someone wanted to DDoS attack you and they can get your server's true IP, they just go straight there rather than through Cloudflare).

So say for example you let users post images... a malicious user could post an image on a server they control. Your server's backend fetches the image via the image proxy system and now that malicious user has your server's IP address because your server connected direct to their server to fetch the image.

Cloudflare Workers allows you to make those proxy requests from a Cloudflare IP (the malicious user only sees a Cloudflare IP, not your server's true IP). As far as cost, unless your site has an insane amount of traffic, it should be no cost. Cloudflare allows 100,000 requests to Workers per day for free. A request is only needed when XenForo refreshes a cached image (by default XenForo does that once every 7 days, but you can make it longer in your options). So that would allow roughly 700,000 (100,000 free x number of days until cache expires) UNIQUE proxied images to be viewed by users per day (not total views/requests... actually unique images).

Is there a way for me to verify that I set up cloudflare workers properly?

For example, you showed me a screenshot of your settings, and mine look a little different:

Use Cloudflare Workers for image proxy
Using this option will cause the XenForo image proxy to internally use a proxy itself to download images via:
https://xf-image-proxy.assigned-subdomain.workers.dev (the URL is internal and not seen/used directly by end-users).
  
Use Cloudflare Workers as unfurl proxy
Using this option will cause the XenForo unfurl mechanism to use an internal proxy to fetch resources via:
https://xf-url-proxy.assigned-subdomain.workers.dev (the URL is internal and not seen/used directly by end-users).

I set up a single worker on cloudflare, and I'm guessing it's being applied to both xf-url-proxy and xf-image-proxy? I also created a custom domain for it:

Custom Domains
Connect your Worker to a custom domain.

And I saw on admin.php?cloudflare/proxy:

Note: The subdomain you have set for your Cloudflare Workers should not be changed. Changing your subdomain directly within your Cloudflare account will cause the proxies to be unreachable until you toggle them off and then back on here.

Which made me think I should try to verify that I didn't mess something up.

EDIT: Oh, and when I visited https://xf-image-proxy.assigned-subdomain.workers.dev I got an error Invalid or missing image url (`i` parameter).


Also, some of the settings in the screenshots here https://xenforo.com/community/resources/digitalpoint-app-for-cloudflare®.8750/ conflict with the OP of this thread. I'm assuming this thread is the correct one?

Thanks so much for providing this for free!

 

[digitalpoint]

Is there a way for me to verify that I set up cloudflare workers properly?

For example, you showed me a screenshot of your settings, and mine look a little different:

Use Cloudflare Workers for image proxy
Using this option will cause the XenForo image proxy to internally use a proxy itself to download images via:
https://xf-image-proxy.assigned-subdomain.workers.dev (the URL is internal and not seen/used directly by end-users).
 
Use Cloudflare Workers as unfurl proxy
Using this option will cause the XenForo unfurl mechanism to use an internal proxy to fetch resources via:
https://xf-url-proxy.assigned-subdomain.workers.dev (the URL is internal and not seen/used directly by end-users).

I set up a single worker on cloudflare, and I'm guessing it's being applied to both xf-url-proxy and xf-image-proxy? I also created a custom domain for it:

And I saw on admin.php?cloudflare/proxy:

Which made me think I should try to verify that I didn't mess something up.
EDIT: Oh, and when I visited https://xf-image-proxy.assigned-subdomain.workers.dev I got an error Invalid or missing image url (`i` parameter).

Does the image proxy work on your site? It sounds like you might be overthinking it. Just test the image proxy and see if it works.

Also, some of the settings in the screenshots here https://xenforo.com/community/resources/digitalpoint-app-for-cloudflare®.8750/ conflict with the OP of this thread. I'm assuming this thread is the correct one?

Thanks so much for providing this for free!

There isn’t a “correct” way. All sites are different… if there was an absolute right way for all sites, Cloudflare wouldn’t have settings you could change. Best thing to do is figure out what you are trying to do exactly and go from there. If you aren’t sure about a setting, best to just leave it alone in Cloudflare if things are working.

 

[MaximilianKohler]

Does the image proxy work on your site? It sounds like you might be overthinking it. Just test the image proxy and see if it works.

I'm not sure. How do I determine that? Right now the image URLs are https://data.forum.mysite.com/avatars/s/0/2.jpg?1688812108 because that's the subdomain I used for R2.

On my cloudflare /workers-and-pages dashboard I see some requests, and no errors. And when I click the links I get a "hello world" page.

 

[digitalpoint]

Use an image that isn’t on your domain under: XF Admin -> Tools -> Test Image Proxy

 

[MaximilianKohler]

https://xenforo.com/community/data/avatars/m/0/47.jpg?1678925218 was fetched successfully.

That means it's working?