[DigitalPoint] App for Cloudflare® 1.8.2

[digitalpoint]

digitalpoint updated [DigitalPoint] App for Cloudflare® with a new update entry:

Daily stats and some minor fixes/changes

IMPORTANT for existing users: A change to Firewall API calls requires a new API permission to be able to set it. You can go to your Cloudflare API Tokens, edit the token you have and add the following permissions:

• Zone.Zone WAF: Edit

The Firewall API has been deprecated and turned into a Ruleset API, so no way around the new permission (sorry).

Changes...

Read the rest of this update entry...

 

[digitalpoint]

That might be more realistic since you are keeping those billable operations at once per day rather than every time page view of the admin index page. It probably makes sense to keep it to actual events in the course of a 24 hour period. Cumulative numbers don't work with XenForo's statistics because it's designed to only handle daily numbers for each statistic (stats that were "totals" would generate crazy/wrong charts if you flipped to weekly or monthly grouping because the "total" for each day would be added to the totals from other days in the week/month, so things would be counted multiple times. It's why you don't see things like "total threads" or "total users" in there.

So for things like "objects" and "size", you would have to limit it to just that 24 hour period, but then what are you looking for exactly? Objects created in the last 24 hours? Objects deleted in the last 24 hours? You wouldn't be able to do net new objects (created minus deleted) because the xf_stats_daily table only handles unsigned values (greater than or equal to 0), so you would end up with problems if you had a day where more objects were deleted than created.

@Mouth just to follow this up... the version I just released has 11 new daily stats related to Cloudflare being logged with XenForo's normal Statistics system. For R2 related things, it's class A and class B operations. Cloudflare has no way to report on size (MB) added/deleted for a time period, only a "total usage" reporting option, which doesn't work with XenForo's stats system that need things to be broken down by day.

 

[ichpen]

Going here: /admin.php?cloudflare/firewall

Produces this:

Client error: GET https://api.cloudflare.com/client/v4/zones/****/rulesets/phases/http_request_firewall_custom/entrypoint resulted in a 404 Not Found response: { "result": null, "success": false, "errors": [ { "message": "could not find entrypoint ruleset in the h (truncated...) / {"result":null,"success":false,"errors":[{"message":"could not find entrypoint ruleset in the http_request_firewall_custom phase"}],"messages":null}


Yes I have set the new Zone.Zone WAF: Edit perm.

 

[digitalpoint]

Going here: /admin.php?cloudflare/firewall

Produces this:

Client error: GET https://api.cloudflare.com/client/v4/zones/****/rulesets/phases/http_request_firewall_custom/entrypoint resulted in a 404 Not Found response: { "result": null, "success": false, "errors": [ { "message": "could not find entrypoint ruleset in the h (truncated...) / {"result":null,"success":false,"errors":[{"message":"could not find entrypoint ruleset in the http_request_firewall_custom phase"}],"messages":null}


Yes I have set the new Zone.Zone WAF: Edit perm.

If you go to the DigitalPoint/Cloudflare/Api/Cloudflare.php file, and change this:

public function getFirewallRules($zoneId)
{
    $params = [];
    return $this->makeRequest('GET', sprintf('zones/%s/rulesets/phases/http_request_firewall_custom/entrypoint', $zoneId), ['query' => $params]);
}

to this:

public function getFirewallRules($zoneId)
{
    $params = [];
    return $this->makeRequest('GET', sprintf('zones/%s/rulesets/phases/http_request_firewall_custom/entrypoint', $zoneId), ['query' => $params], 404);
}

...effectively just adding that 404 as the last parameter to the makeRequest call... does that sort it out for you?

I'm not a huge fan of the new Ruleset API... it does some silly things that requires some change of thinking vs. the rest of the APIs.

 

[Ivancas]

@digitalpoint does the addon replace the others (not attachments) folders in internal_data like code_cache or sitemaps ?

If not, then I'm moving more than needed to R2

 

[digitalpoint]

@digitalpoint does the addon replace the others (not attachments) folders in internal_data like code_cache or sitemaps ?

If not, then I'm moving more than needed to R2

You can if you want by adding it to config.php, but by default, no. Personally, I think attachments in the internal_data directory is the only one worth offloading to the cloud. The rest of the stuff is more along the lines of caches (even sitemaps is kind of a cache of sorts).

But as I said, I set it up so someone could move everything (or just some stuff) vis config.php edits.

 

[Ivancas]

I made a mistake because of the name I set for the bucket so I logged in CF and removed the bucket directly from CF.
Now, when I enter the R2 options, I get this error:



Is there any way to let the addon know I already removed the bucket and it shouldn't look for it anymore? Otherwise I guess I'll have to remove the addon and reinstall it

 

[digitalpoint]

I made a mistake because of the name I set for the bucket so I logged in CF and removed the bucket directly from CF.
Now, when I enter the R2 options, I get this error:
View attachment 284831


Is there any way to let the addon know I already removed the bucket and it shouldn't look for it anymore? Otherwise I guess I'll have to remove the addon and reinstall it

You could recreate the bucket in Cloudflare, then disconnect it from XF settings and then delete it as a workaround for now.

I’m going to add a check for that in the next version.

 

[Ivancas]

If there was an issue transferring files to R2, you would have all sorts of stuff in the error log.

In that case what happens with the attachments? Are they lost? Can't they be saved in the filesystem so a sync can be done once it's back?

 

[Ivancas]

When you SSH into your box and want to use rclone you have to create R2 specific API tokens with a Access Key ID & Secret Access Key that need to be stored in rclone's config file so it can talk to R2. Doing that, kills the API key the forum add-on uses.

That's the exactly issue I'm experiencing so that means every time I want to add the forum to rclone config (and create both access and secret keys), I have to reset the API key

 

[digitalpoint]

In that case what happens with the attachments? Are they lost? Can't they be saved in the filesystem so a sync can be done once it's back?

Nothing is done with them. Nothing on this end deletes them. You would need to manually delete them later if you want them deleted.

That's the exactly issue I'm experiencing so that means every time I want to add the forum to rclone config (and create both access and secret keys), I have to reset the API key

Use a different API key. Cloudflare allows you to have multiple.

 

[Ivancas]

Nothing on this end deletes them.

If you select "Permanently delete" of the thread or post then attachments will be deleted by a Cron entry which is run once an hour. Are they removed from R2 too?

 

[digitalpoint]

If you select "Permanently delete" of the thread or post then attachments will be deleted by a Cron entry which is run once an hour. Are they removed from R2 too?

Yes of course... I thought you were talking about existing files you were transferring from your server. If you are migrating existing stuff to R2, you need to delete the source files (on your local server) if you want them deleted... like delete the entire attachments folder once you are happy with everything and checked it all. For normal operations, yes... deleting an attachment or avatar or whatever else in XenForo will delete it from R2 as expected.

 

[lifo]

@digitalpoint

After the update, XenForo statistics doesn't work at all. Whatever is queried, it 0. What could the problem be caused by?

 

[digitalpoint]

@digitalpoint

After the update, XenForo statistics doesn't work at all. Whatever is queried, it 0. What could the problem be caused by?

Can you post a screenshot?

 

[NealC]

Not sure if anyone else has had issues with SVG images for their logo but I use a SVG image for my logo and it's referenced in styles/logo.svg for example. Today I uploaded the svg file over top of the existing one to see what would happen as the links are all getting referenced to my R2 data URL such as data.domain.com/assets/..../logo.svg. The forum did not render the SVG for some reason, it was a broken image link so I put it back. Not sure why this happened. FYI

 

[digitalpoint]

Not sure if anyone else has had issues with SVG images for their logo but I use a SVG image for my logo and it's referenced in styles/logo.svg for example. Today I uploaded the svg file over top of the existing one to see what would happen as the links are all getting referenced to my R2 data URL such as data.domain.com/assets/..../logo.svg. The forum did not render the SVG for some reason, it was a broken image link so I put it back. Not sure why this happened. FYI

SVG images are a bit of an edge case with R2. R2 attempts to determine what the mime type of the file is by analyzing the file. An SVG file is actually a XML text file when it comes down to it (like you can just open it in a text editor). So R2 sees it as such and sets the mime type to application/xml (rather than image/svg+xml). That's the underlying issue... R2 then tells the browser that it's an XML file, not an image (via the mime-type).

It's probably the "right" thing to do for R2 to classify it as application/xml, but not the convenient thing to do for site owners that want to deal with SVG. The good news is Cloudflare gives you a fairly easy way to override that if you want based on the URI (file extension) with their Transform Rules system. You could apply a transform rule to HTTP Response Headers like so:



Effectively overriding what the mime-type was set to based on the content itself.

 

[NealC]

Wow - thank you. Could that be something your add-on could automate for us instead of having to learn the rule config and going to Cloudflare to make the change?

 

[digitalpoint]

Wow - thank you. Could that be something your add-on could automate for us instead of having to learn the rule config and going to Cloudflare to make the change?

It's something I've thought about, but it's not too high up on the priority list to be honest. It's really more of an edge case where people are uploading SVG images through the XF admin rather than putting them somewhere manually. Personally, I'd say putting style related images in the /styles/ folder is the better place for that stuff anyway.

There's a lot of powerful things you can do with Transform rules, but nothing that's really universal for all sites... so it's going to start adding confusion with a zillion options for people trying to handle everything that people might want to do with them.

...that being said, overriding the Content-Type for SVG/SVGZ images (which really are just XML files underneath it all) is a good use case for Transform Rules.

 

[Ivancas]

@digitalpoint bug in XF 2.0.12 but you state it's compatible:

Line 48: Unknown tag fa encountered. - Template name: admin:cloudflare_r2