Cloudflare optimizations for XenForo

I haven't used Cloudflare for caching in a long time but there are some downsides that I remember, I assume they are still the case?
There are downsides if it is not configured properly or if you try to guest cache the whole site. Generally speaking, there is not much of a pronounced downside at this point in time.
You need to use Cloudflare as your domains DNS provider so they can update the IP address automatically, correct?
This is correct. You have to move your nameservers to Cloudflare.
If you ever need to move away from their service for any reason, you will have some downtime associated with DNS caches and moving it to another provider/IP?
Yes, you have to change your DNS A record back to the original server IP. If you are still at the same host, however, it may just be a matter of changing the nameservers back to whatever they were, assuming new DNS entries weren't added. It is easier to export/import DNS tables these days, though.
There is also the issue that Cloudflare has had outages so you are adding another layer of complexity and a point of failure into the mix. I'm assuming all of these are still correct?
There are now occasionally one or two datacenters that go down, but Cloudflare as a whole has not gone down in a long time. I'm not sure how long its been since the last major outage. Typically what happens now is similar to when parts of AWS, Google Cloud, or Azure go down, and they reroute the traffic to a different node.
 
It takes about an hour to transfer from Godaddy.
1st you have to unlock your account and to do that your personal who is info instantly goes on icann
while waiting for that go ahead and click I want to transfer to a new registrar.
get your code to transfer but you may as well wait 15 mins or so after it hits your email to even attempt.
Take that code over to CF and click the transfer to CF link, if your domain is still locked which will probably be the case right click on thet greyed out link to get a more accurate status. It will eventually ask for your code (50 or 55 mins to do the whole process) Now this is the most important part if you want a fast transfer , go here and follow the instructions,
You are looking for out going transfers. Approve the transfer and you will be on CF a couple minutes later with totally private icann records.
Godaddy is a early 2k's style clunky website. One website with privacy on Godaddy cost 30.16 1 site with the same at CF was 9.15 and Expires: October 9, 2024 so CF is a deal
 
I haven't used Cloudflare for caching in a long time but there are some downsides that I remember, I assume they are still the case?
Not sure what "they" are. If you tell me what you think the downsides are, I can tell you if they are still the case. :)

You need to use Cloudflare as your domains DNS provider so they can update the IP address automatically, correct?
Correct... If you want Cloudflare to proxy/CDN your traffic, they would need to handle your DNS.

If you ever need to move away from their service for any reason, you will have some downtime associated with DNS caches and moving it to another provider/IP?
No, as long as you setup DNS on the new provider before you change the name servers for the domain. You can change DNS providers transparently if you do it properly.

There is also the issue that Cloudflare has had outages so you are adding another layer of complexity and a point of failure into the mix. I'm assuming all of these are still correct?
Yep, like anything with the Internet, the best you can do is use providers/networks/hosting companies, etc. that are the most tolerant of failures. If any provider has a single fiber connection to the Internet and that cable is severed, it's a bad day if they don't have redundant/backup network routes in place. Cloudflare is no different than anything else... every major website/app/service has had an unplanned outage before... the measure is how long before things went back to normal. I remember when Gmail went down for a couple days.

If you are wary of Cloudflare, don't use them. There's nothing that any site is doing that requires Cloudflare. 🤷🏻‍♂️
 
Thanks for the info guys. I had a DDOS mitigator one time that forced us to change the DNS to them. Once we were done needing the service they made moving away very painful and with a lot of downtime because they refused to point A records to our IP's during the transition... I guess that's why I've been weary to give anything like that a go again with anyone else. This was quite a few years back.

Edit: Does Xenforo need any tweaking anymore? There was some info about changing X-Addr-IP or stuff like that headers in Apache or Nginx, but I'm pretty sure that was old VB stuff? Something so the real users IP shows up in the logs and who's online, not Cloudflares.
 
Well that's weird since you control the DNS and A records. I've never seen a case where I tried to create an A record in their DNS setup and it refused (unless it was an invalid IP of course). Are you sure it was Cloudflare refusing, and not the DDoS mitigator?
 
Well that's weird since you control the DNS and A records. I've never seen a case where I tried to create an A record in their DNS setup and it refused (unless it was an invalid IP of course). Are you sure it was Cloudflare refusing, and not the DDoS mitigator?

No it wasn't Cloudflare, this was the DDOS Mitigator. Just I got burned once way back when so I've been hesitant. Definitely wasn't Cloudflare's fault.
 
No it wasn't Cloudflare, this was the DDOS Mitigator. Just I got burned once way back when so I've been hesitant. Definitely wasn't Cloudflare's fault.
Well, a shady DDoS mitigation service that happened to use Cloudflare really shouldn't dissuade you from Cloudflare itself if the issue didn't have anything to do with Cloudflare. By that logic, you should avoid the Internet since they used the Internet. :)
 
I avoided CloudFlare for years (other than to have them do my DNS)... and recently have jumped in with both feet dealing with them directly and have yet to have an issue. Years ago I ran into a few issues, but that had more to do with my unfamiliarity with their product.
 
As ChatGPT says, it recommended to use protocols with strong security measures to protect against such attacks… For example TLS 1.3.

Also, Cloudflare errs on the side of not doing 0-RTT if it might be an issue. See the end of the article where it talks about replay attacks:

 
I avoided CloudFlare for years (other than to have them do my DNS)... and recently have jumped in with both feet dealing with them directly and have yet to have an issue. Years ago I ran into a few issues, but that had more to do with my unfamiliarity with their product.
For sure. Early on, not long after they launched, I had tried it on two sites. On the busier site, I kept getting messages, "It's getting that Cloudflare message again." It would throw errors, seemingly for no reason, throughout the day.

In the past couple of years, I haven't had a single problem. The only time I get the error message now, where the site is unavailable, usually means something really is wrong with the site!

I haven't yet applied it to one of the biggest forums I manage but that is happening within the month, once other upgrades are in place. The R2 buckets alone are something we're looking forward to.
 
I noticed if I use the 'easy config' button it turns on the Early Hints -- since you don't recommend it, I think the easy config should leave it off?
 
I’ve changed my mind on the Early Hints. Doesn’t seem to hurt (or help for that matter) with XenForo. But mainly doesn’t hurt. I just can’t edit original post.
 
I went through this article last night and turned on the Early Hints and also SXGs. If any do's/dont's for Cloudflare SEO or opinions please share:

 
I came across the "Load Balancing" section in the Traffic area. Any one using this with Cloudflare?

If so, have you seen it help or anything?

Not sure if this is something I should enable or not? Not even sure if I need it.

What is your experience? Thanks.
 
Cloudflare's load balancing service might make sense if you have servers in different physical data centers. To be honest though, their Load Balancing service always felt like it should be part of their free stuff. I don't use it myself (but I have multiple servers), instead I handle it on my end with a cron job that runs every 60 seconds and makes DNS changes as necessary if something is down (planned or unplanned). Although I've had exactly zero times ever that I had an unplanned outage where it got triggered.

Also doing it on your end with API calls gives you additional flexibility (beyond just being free). For example, I've worked it into the Nginx systemd service (specifically, if Nginx is being stopped, it will automatically reconfigure DNS to stop routing to that web server before it stops and pick a different web server that's up).

TL;DR: Cloudflare's load balancing isn't terrible, but should be free imo. There are other things they offer that offer exponentially more value for free.
 
instead I handle it on my end with a cron job that runs every 60 seconds and makes DNS changes as necessary if something is down (planned or unplanned)
would you mind sharing that script? I'm looking for something similar, specifically change A record in CloudFlare to a maintenance page/server
 
Ok, I'll just hold off on that. Do you use the image resizing service? I always compress (not too much though) my images in Photoshop before putting them on the site.

I'm not sure if I'd benefit from the image resizing. They say it is a "speed tip" to turn it on.

But I'm not sure that I need to. Are you using it? If so, did you see any difference?
 
Top Bottom