[DigitalPoint] App for Cloudflare® 1.8.2

[Moshe1010]

I have seen many of these in the last few days, is that some sort of an attack/flooding?

ErrorException: Cloudflare: {"Code":"ServiceUnavailable","Message":"Reduce your rate of simultaneous reads on the same object."} src/XF/Error.php:77
Generated by: Unknown account 8/12/23 at 22:05

Stack trace
#0 src/XF.php(219): XF\Error->logError('Cloudflare: {"C...', false)
#1 src/addons/DigitalPoint/Cloudflare/Traits/XF.php(165): XF::logError('Cloudflare: {"C...')
#2 src/addons/DigitalPoint/Cloudflare/Api/Cloudflare.php(657): DigitalPoint\Cloudflare\Api\Cloudflare->logError('Cloudflare: {"C...')
#3 src/addons/DigitalPoint/Cloudflare/Api/Advanced.php(741): DigitalPoint\Cloudflare\Api\CloudflareAbstract->makeRequest('GET', 'attachments/85/...', Array, 0, 'attachments')
#4 src/addons/DigitalPoint/Cloudflare/League/Flysystem/Adapter/R2.php(128): DigitalPoint\Cloudflare\Api\Advanced->getR2Object('attachments', 'attachments/85/...')
#5 src/addons/DigitalPoint/Cloudflare/League/Flysystem/Adapter/R2.php(108): DigitalPoint\Cloudflare\League\Flysystem\Adapter\R2->read('attachments/85/...')
#6 src/vendor/league/flysystem/src/Filesystem.php(196): DigitalPoint\Cloudflare\League\Flysystem\Adapter\R2->readStream('attachments/85/...')
#7 [internal function]: League\Flysystem\Filesystem->readStream('attachments/85/...', Array)
#8 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(431): call_user_func_array('League\\Flysyste...', Array)
#9 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(395): League\Flysystem\EventableFilesystem\EventableFilesystem->callFilesystemMethod('readStream', Array)
#10 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(154): League\Flysystem\EventableFilesystem\EventableFilesystem->delegateMethodCall('readStream', Array)
#11 src/vendor/league/flysystem/src/MountManager.php(345): League\Flysystem\EventableFilesystem\EventableFilesystem->readStream('attachments/85/...')
#12 src/XF/Pub/View/Attachment/View.php(25): League\Flysystem\MountManager->readStream('attachments/85/...')
#13 src/addons/Andy/OpenPDF/XF/Pub/View/Attachment/View.php(10): XF\Pub\View\Attachment\View->renderRaw()
#14 src/XF/Mvc/Renderer/AbstractRenderer.php(91): Andy\OpenPDF\XF\Pub\View\Attachment\View->renderRaw()
#15 src/XF/Mvc/Renderer/Raw.php(39): XF\Mvc\Renderer\AbstractRenderer->renderViewObject('XF:Attachment\\V...', '', Array)
#16 src/XF/Mvc/Dispatcher.php(460): XF\Mvc\Renderer\Raw->renderView('XF:Attachment\\V...', '', Array)
#17 src/XF/Mvc/Dispatcher.php(442): XF\Mvc\Dispatcher->renderView(Object(XF\Mvc\Renderer\Raw), Object(XF\Mvc\Reply\View))
#18 src/XF/Mvc/Dispatcher.php(402): XF\Mvc\Dispatcher->renderReply(Object(XF\Mvc\Renderer\Raw), Object(XF\Mvc\Reply\View))
#19 src/XF/Mvc/Dispatcher.php(60): XF\Mvc\Dispatcher->render(Object(XF\Mvc\Reply\View), 'raw')
#20 src/XF/App.php(2483): XF\Mvc\Dispatcher->run()
#21 src/XF.php(524): XF\App->run()
#22 index.php(20): XF::runApp('XF\\Pub\\App')
#23 {main}

Request state
array(4) {
  ["url"] => string(19) "/attachments/10691/"
  ["referrer"] => string(23) "https://www.google.com/"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(0) {
  }
}

 

[securedme]

I installed Attachment Improvements by @Xon .

I would like to have Nginx X-Accel-Redirect Support enabled with images stored in R2. The add-on got the following option:



What exactly should I put in my /usr/local/nginx/conf/conf.d/mysite.com.ssl.conf ?

The following is the complete sample code in yellow above:

For internal_data hosted on a AWS/S3 bucket (note, resolver must point to a valid DNS resolve)

location ~* /internal_data/(.*?)://(.*?)/(.*) {
    internal;
    set $xfEtag $upstream_http_etag;
    set $download_protocol $1;
    set $download_host $2;
    set $download_path $3;
    set $download_url $download_protocol://$download_host/$download_path;

    resolver 127.0.0.1 ipv6=off;
    proxy_set_header Host $download_host;
    proxy_set_header Authorization '';
    proxy_set_header Cookie '';
    proxy_max_temp_file_size 0;
    proxy_intercept_errors on;
    error_page 301 302 307 = @handle_redirect;

    proxy_pass $download_url$is_args$args;

    proxy_hide_header Content-Disposition;
    proxy_hide_header Content-Type;
    proxy_hide_header Etag;
    proxy_hide_header x-amz-request-id;

    add_header Etag $xfEtag;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
}

location @handle_redirect {
    resolver 127.0.0.1 ipv6=off;
    set $saved_redirect_location '$upstream_http_location';
    proxy_pass $saved_redirect_location;
}

Additionally, config.php requires a internalDataUrl stanza like any externalDataUrl;

$config['internalDataUrl'] = function($externalPath, $canonical)
{
return 'internal_data/..../internal_data/' . $externalPath;
};

They got this in their FAQ:

X

Attachment Improvements By Xon

Sep 2, 2018

A collection of improvements to XF's attachment system

• Xon
• attachments
• Add-ons [2.x]

 

[digitalpoint]

Would it also be possible to just redirect a certain subfolder like /data/video?

I like to have backups...and got a certain backup procedure that works well. Don't like the idea to change that a lot so if I can only upload the videos that would be a good fit for me.

Need more info. But ya, there is nothing in the addon that would prevent you from doing HTTP redirects (if that’s your question?)

I have seen many of these in the last few days, is that some sort of an attack/flooding?

ErrorException: Cloudflare: {"Code":"ServiceUnavailable","Message":"Reduce your rate of simultaneous reads on the same object."} src/XF/Error.php:77
Generated by: Unknown account 8/12/23 at 22:05

Stack trace
#0 src/XF.php(219): XF\Error->logError('Cloudflare: {"C...', false)
#1 src/addons/DigitalPoint/Cloudflare/Traits/XF.php(165): XF::logError('Cloudflare: {"C...')
#2 src/addons/DigitalPoint/Cloudflare/Api/Cloudflare.php(657): DigitalPoint\Cloudflare\Api\Cloudflare->logError('Cloudflare: {"C...')
#3 src/addons/DigitalPoint/Cloudflare/Api/Advanced.php(741): DigitalPoint\Cloudflare\Api\CloudflareAbstract->makeRequest('GET', 'attachments/85/...', Array, 0, 'attachments')
#4 src/addons/DigitalPoint/Cloudflare/League/Flysystem/Adapter/R2.php(128): DigitalPoint\Cloudflare\Api\Advanced->getR2Object('attachments', 'attachments/85/...')
#5 src/addons/DigitalPoint/Cloudflare/League/Flysystem/Adapter/R2.php(108): DigitalPoint\Cloudflare\League\Flysystem\Adapter\R2->read('attachments/85/...')
#6 src/vendor/league/flysystem/src/Filesystem.php(196): DigitalPoint\Cloudflare\League\Flysystem\Adapter\R2->readStream('attachments/85/...')
#7 [internal function]: League\Flysystem\Filesystem->readStream('attachments/85/...', Array)
#8 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(431): call_user_func_array('League\\Flysyste...', Array)
#9 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(395): League\Flysystem\EventableFilesystem\EventableFilesystem->callFilesystemMethod('readStream', Array)
#10 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(154): League\Flysystem\EventableFilesystem\EventableFilesystem->delegateMethodCall('readStream', Array)
#11 src/vendor/league/flysystem/src/MountManager.php(345): League\Flysystem\EventableFilesystem\EventableFilesystem->readStream('attachments/85/...')
#12 src/XF/Pub/View/Attachment/View.php(25): League\Flysystem\MountManager->readStream('attachments/85/...')
#13 src/addons/Andy/OpenPDF/XF/Pub/View/Attachment/View.php(10): XF\Pub\View\Attachment\View->renderRaw()
#14 src/XF/Mvc/Renderer/AbstractRenderer.php(91): Andy\OpenPDF\XF\Pub\View\Attachment\View->renderRaw()
#15 src/XF/Mvc/Renderer/Raw.php(39): XF\Mvc\Renderer\AbstractRenderer->renderViewObject('XF:Attachment\\V...', '', Array)
#16 src/XF/Mvc/Dispatcher.php(460): XF\Mvc\Renderer\Raw->renderView('XF:Attachment\\V...', '', Array)
#17 src/XF/Mvc/Dispatcher.php(442): XF\Mvc\Dispatcher->renderView(Object(XF\Mvc\Renderer\Raw), Object(XF\Mvc\Reply\View))
#18 src/XF/Mvc/Dispatcher.php(402): XF\Mvc\Dispatcher->renderReply(Object(XF\Mvc\Renderer\Raw), Object(XF\Mvc\Reply\View))
#19 src/XF/Mvc/Dispatcher.php(60): XF\Mvc\Dispatcher->render(Object(XF\Mvc\Reply\View), 'raw')
#20 src/XF/App.php(2483): XF\Mvc\Dispatcher->run()
#21 src/XF.php(524): XF\App->run()
#22 index.php(20): XF::runApp('XF\\Pub\\App')
#23 {main}

Request state
array(4) {
  ["url"] => string(19) "/attachments/10691/"
  ["referrer"] => string(23) "https://www.google.com/"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(0) {
  }
}

Would need to contact Cloudflare to get more info about it. I haven’t seen it on my sites, and the error is coming from Cloudflare.

I installed Attachment Improvements by @Xon .

I would like to have Nginx X-Accel-Redirect Support enabled with images stored in R2. The add-on got the following option:

View attachment 295260

What exactly should I put in my /usr/local/nginx/conf/conf.d/mysite.com.ssl.conf ?

The following is the complete sample code in yellow above:

For internal_data hosted on a AWS/S3 bucket (note, resolver must point to a valid DNS resolve)

location ~* /internal_data/(.*?)://(.*?)/(.*) {
    internal;
    set $xfEtag $upstream_http_etag;
    set $download_protocol $1;
    set $download_host $2;
    set $download_path $3;
    set $download_url $download_protocol://$download_host/$download_path;

    resolver 127.0.0.1 ipv6=off;
    proxy_set_header Host $download_host;
    proxy_set_header Authorization '';
    proxy_set_header Cookie '';
    proxy_max_temp_file_size 0;
    proxy_intercept_errors on;
    error_page 301 302 307 = @handle_redirect;

    proxy_pass $download_url$is_args$args;

    proxy_hide_header Content-Disposition;
    proxy_hide_header Content-Type;
    proxy_hide_header Etag;
    proxy_hide_header x-amz-request-id;

    add_header Etag $xfEtag;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
}

location @handle_redirect {
    resolver 127.0.0.1 ipv6=off;
    set $saved_redirect_location '$upstream_http_location';
    proxy_pass $saved_redirect_location;
}

Additionally, config.php requires a internalDataUrl stanza like any externalDataUrl;

$config['internalDataUrl'] = function($externalPath, $canonical)
{
return 'internal_data/..../internal_data/' . $externalPath;
};

They got this in their FAQ:

X

Attachment Improvements By Xon

Sep 2, 2018

A collection of improvements to XF's attachment system

• Xon
• attachments
• Add-ons [2.x]

You aren’t going to be able to make web server config changes to Cloudflare’s R2 web servers if that’s what you are trying to do? R2 content is housed on Cloudflare’s servers.

 

[duderuud]

Need more info. But ya, there is nothing in the addon that would prevent you from doing HTTP redirects (if that’s your question?)

XF has the option to redirect the whole data directory to an external source provider.
I want to redirect the video folder to R2 only.

 

[digitalpoint]

XF has the option to redirect the whole data directory to an external source provider.
I want to redirect the video folder to R2 only.

Redirects are going to be setup in your web server, or if you want to do it upstream of your web server, you can setup redirects for your Cloudflare zone under Rules -> Redirect Rules.

If it's just an issue of R2 handling just a single sub-directory (for things like incoming uploads), you can do that via config.php. This is off the top of my head, (I haven't tested it), but this should work:

$config['fsAdapters']['data/video'] = function()
{
    return \DigitalPoint\Cloudflare\League\Flysystem\Adapter\R2::getAdapter('data/video', 'your-attachment-bucket');
};

Of course you won't have the UI for the R2 stuff in the admin area that shows things like stats and operations, but that should work.

Just out of curiosity, why would you not want things like avatars and attachment previews to be in R2? Things like avatars are the best use case for R2 because they are accessed a lot and can be cached in Cloudflare's data centers so they are delivered to end users faster.

 

[duderuud]

Thanks for the info

Just out of curiosity, why would you not want things like avatars and attachment previews to be in R2?

Good question. I'm just a bit hesitant to drop all my files in the cloud where I am not in control. Backing up from there is also something to work out.

It has also a practical reason, I have millions of files, totalling about 400GB of data. I am already manually uploading directories to R2 and so far Rclone is running for about 10 hours. My guess is it will take another 14 hours to complete the whole data dir.
In my test runs I also had problems syncing those large directories. Everything seems to be overwritten instead of skipping existing files.

 

[digitalpoint]

Thanks for the info

Good question. I'm just a bit hesitant to drop all my files in the cloud where I am not in control. Backing up from there is also something to work out.

It has also a practical reason, I have millions of files, totalling about 400GB of data. I am already manually uploading directories to R2 and so far Rclone is running for about 10 hours. My guess is it will take another 14 hours to complete the whole data dir.
In my test runs I also had problems syncing those large directories. Everything seems to be overwritten instead of skipping existing files.

Up to you of course, but one thing I like about it is that I don’t need to backup the stuff on R2 (in your case, 400GB backups would be annoying).

Announcing Cloudflare R2 Storage: Rapid and Reliable Object Storage, minus the egress fees

Introducing Cloudflare’s S3-compatible Object Storage service, with zero egress bandwidth charges and automatic migration from S3-compatible services.

blog.cloudflare.com

The core of what makes Object Storage great is reliability — we designed R2 for data durability and resilience at its core. R2 will provide 99.999999999% (eleven 9’s) of annual durability, which describes the likelihood of data loss. If you store 1,000,000 objects on R2, you can expect to lose one once every 100,000 years — the same level of durability as other major providers. R2 will be resistant to regional failures, replicating objects multiple times for high availability.

Of course that doesn’t protect against user error (like an admin accidentally deleting an attachment). But for me, the convenience of not needing to backup the stuff on R2 outweighs user error issues… none of my sites are keeping the secrets of the universe or anything.

That being said, if you still wanted to maintain a backup of your R2 buckets to address user error deletions, you can do it with rclone (you can sync from R2, not just to).

 

[duderuud]

@digitalpoint Guess you are right. So I synced all the data and running R2 in production now.

Got a strange problem though. Some files (avatars) are not showing.

Working:

https://r2bucket.domain.com/avatars/m/19/19201.jpg

Not working:

https://r2bucket.domain.com/avatars/m/19/19201.jpg?1535229397

Error 404
This object could not be viewed
You are not authorized to view this object
This object does not exist or is not publicly accessible at this URL. Check the URL of the object that you're looking for or contact the owner to enable Public access.

Any idea what's causing this?

Edit:
Weird behavior....on the forum a lot of avatars aren't showing but when opening the image in a new tab it is working without any issues.
Already clear local cache and redis cache on the server. Maybe purge CF cache too?

Edit2:
Seems to be a caching issue somewhere, the avatars start showing up now.

 

[digitalpoint]

@digitalpoint Guess you are right. So I synced all the data and running R2 in production now.

Got a strange problem though. Some files (avatars) are not showing.

Working:

https://r2bucket.domain.com/avatars/m/19/19201.jpg

Not working:

https://r2bucket.domain.com/avatars/m/19/19201.jpg?1535229397

Error 404
This object could not be viewed
You are not authorized to view this object
This object does not exist or is not publicly accessible at this URL. Check the URL of the object that you're looking for or contact the owner to enable Public access.

Any idea what's causing this?

Edit:
Weird behavior....on the forum a lot of avatars aren't showing but when opening the image in a new tab it is working without any issues.
Already clear local cache and redis cache on the server. Maybe purge CF cache too?

Edit2:
Seems to be a caching issue somewhere, the avatars start showing up now.

So all working as expected now?

 

[duderuud]

Purged CF cache and all seems to work now.

Will keep tabs on everything for a few days before removing the local data.

 

[Ivancas]

What is this bucket supposed to be for?
I have XFMG installed but I don't have a internal_data/xfmg folder

 

[digitalpoint]

It’s for XFMG, but it’s not always used depending on your XFMG settings. I don’t have a media gallery license myself, but I vaguely remember it having something to do with where it keeps originals when it does watermarking.

More of an XFMG question about what it uses that directory for.

 

[nodle]

Started getting this error all of a sudden when trying to access the config page of the add-on:

ErrorException: [E_WARNING] Trying to access array offset on value of type bool in src/addons/DigitalPoint/Cloudflare/Repository/Cloudflare.php at line 1087
XF::handlePhpError() in src/addons/DigitalPoint/Cloudflare/Repository/Cloudflare.php at line 1087
DigitalPoint\Cloudflare\Repository\CloudflareAbstract->getZoneSettings() in src/addons/DigitalPoint/Cloudflare/Repository/Cloudflare.php at line 793
DigitalPoint\Cloudflare\Repository\CloudflareAbstract->organizeSettings() in src/addons/DigitalPoint/Cloudflare/Admin/Controller/Cloudflare.php at line 49
DigitalPoint\Cloudflare\Admin\Controller\Cloudflare->actionIndex() in src/XF/Mvc/Dispatcher.php at line 352
XF\Mvc\Dispatcher->dispatchClass() in src/XF/Mvc/Dispatcher.php at line 259
XF\Mvc\Dispatcher->dispatchFromMatch() in src/XF/Mvc/Dispatcher.php at line 115
XF\Mvc\Dispatcher->dispatchLoop() in src/XF/Mvc/Dispatcher.php at line 57
XF\Mvc\Dispatcher->run() in src/XF/App.php at line 2487
XF\App->run() in src/XF.php at line 524
XF::runApp() in admin.php at line 13

Any ideas?

 

[digitalpoint]

Started getting this error all of a sudden when trying to access the config page of the add-on:

ErrorException: [E_WARNING] Trying to access array offset on value of type bool in src/addons/DigitalPoint/Cloudflare/Repository/Cloudflare.php at line 1087
XF::handlePhpError() in src/addons/DigitalPoint/Cloudflare/Repository/Cloudflare.php at line 1087
DigitalPoint\Cloudflare\Repository\CloudflareAbstract->getZoneSettings() in src/addons/DigitalPoint/Cloudflare/Repository/Cloudflare.php at line 793
DigitalPoint\Cloudflare\Repository\CloudflareAbstract->organizeSettings() in src/addons/DigitalPoint/Cloudflare/Admin/Controller/Cloudflare.php at line 49
DigitalPoint\Cloudflare\Admin\Controller\Cloudflare->actionIndex() in src/XF/Mvc/Dispatcher.php at line 352
XF\Mvc\Dispatcher->dispatchClass() in src/XF/Mvc/Dispatcher.php at line 259
XF\Mvc\Dispatcher->dispatchFromMatch() in src/XF/Mvc/Dispatcher.php at line 115
XF\Mvc\Dispatcher->dispatchLoop() in src/XF/Mvc/Dispatcher.php at line 57
XF\Mvc\Dispatcher->run() in src/XF/App.php at line 2487
XF\App->run() in src/XF.php at line 524
XF::runApp() in admin.php at line 13

Any ideas?

Not sure what version you are running, but can you upgrade to the latest version and post the error after you have that version installed? The issue is the line numbers and things aren't lining up (presumably due to a different version)...

 

[nodle]

Not sure what version you are running

It looks like I am running the latest. I am on php 8.1 in case you're wondering as well. I have had happened twice so far.

 

[digitalpoint]

View attachment 295420

It looks like I am running the latest. I am on php 8.1 in case you're wondering as well. I have had happened twice so far.

Oops, you're right... I was looking at the wrong set of code on my end.

That being said, I haven't been able to replicate it on my end. If it's not happening 100% of the time for you, I'd guess it's some sort of network connectivity issue between your server and Cloudflare (where sometimes an API request works and sometimes it doesn't). If it's happening 100% of the time, double check your API token permissions. More specifically, if there's an issue with the API results and it doesn't return something expected (for example if it doesn't get back JSON and an exception happens while fetching and decoding the JSON, it will default to the results simply being a boolean value of false). Which will later trigger the error you see.

I don't see anything on the Cloudflare status page that would make me think they are having any issues with their API currently.

 

[duderuud]

@digitalpoint When enabling R2 for /data and /internal_data, is Cache Reserve still something interesting? Got that enabled for a few months now but if I can disabled that now, that would reduce the CF cost a bit...

 

[digitalpoint]

Personally I don’t see a reason to use Cache Reserve with or without R2, but up to you.

 

[webcityuk]

Thanks for this great Cloudflare app!

Has anyone managed to use the Edge Caching, Cache pages for guests option on a hosting account that is using Imunify360 OK?

I have guest Page Caching enabled and set for 2 hours caching, it seems about the two hours time I get a Imunify360 url that shows a blank page.
I did some research and found this article: https://blog.imunify360.com/using-cloudflare-cache-everything-with-imunify360.

If anyone has managed to get the service running OK on a server using Imunify360, can you please share your Cloudflare configuration settings?

Many thanks

 

[Chromaniac]

Just curious. Does this have any value for XenForo boards?

Integrating Turnstile with the Cloudflare WAF to challenge fetch requests