[DigitalPoint] App for Cloudflare®

[DigitalPoint] App for Cloudflare® 1.8.8

No permission to download
...as far as what to check on the Cloudflare side, go to SSL/TLS settings. If you have it set to Off or Flexible, the traffic between Cloudflare and your server might not be secure. Best to do Full or Full (strict) assuming your web server can handle secure connections (Full allows you to use a self-signed certificate).
 
I deactivate REDIR on host side and now my forum is ok. Thanks for that.
And i set to Full the SSL/TLS setting.

My SSL certificate is from my host company, i guess Let'sEncrypt, do i have to keep this one or Cloudflare can do that freely too ?
 
I deactivate REDIR on host side and now my forum is ok. Thanks for that.
And i set to Full the SSL/TLS setting.

My SSL certificate is from my host company, i guess Let'sEncrypt, do i have to keep this one or Cloudflare can do that freely too ?
Cloudflare can do it freely… but keep the one on your server so Cloudflare can keep the traffic between Cloudflare and your server secure.
 
Damn ! I deleted it and now i can't reinstall one because my DNS records are hosted by Cloudflare ! :rolleyes:
But seems to be good...

Capture web_17-12-2022_232624_dash.cloudflare.com.webp

Is there a website where i can test my SSL transport ?
 
If you want to test the direct connection to your server, the easiest thing to do is go to the DNS record in Cloudflare and turn off the orange cloud (grey means it's routed direct, orange routes through Cloudflare). I also assume you know the actual IP of your server, so you could connect direct to that IP to test.
 
I've been putting the finishing touches on the 1.4 version of this add-on, which supports Cloudflare R2 (similar to AWS S3). This allows you to move files off your server and into the cloud for your data folder and/or your internal_data/attachments sub-folder without any config file changes or any of the complexities that normally come with using XenForo's abstracted file system.

The cost involved should be free for most sites, and very inexpensive for huge sites. Cloudflare gives you 10GB of storage, 1,000,000 writes and 10,000,000 reads for free (and no bandwidth costs like S3). Additionally, if you configure cache rules for your public data folder, you could get substantially more than 10M reads for free (a read operation is only counted when it's not cached and needs to backhaul to R2). With proper caching rules and the way XenForo is setup, it wouldn't be out of the question to get 1M writes (people uploading things like new attachments or avatars) per month for free and 100M real-world reads per month (people viewing them) for free. At which point, most sites are simply left with storage cost.

Storage cost is very cheap ($0.015 per GB per month after the first 10GB [which is free]). As an example, you could offload 100GB of attachments and avatars from your server to R2 for $1.35 per month.

I've also built a bi-direction data migration tool that works with XenForo's CLI cmd.php system (you can not only move data to R2, but you can also move it from R2 if you decide it's not for you down the road).

Anyway, what I'm looking for people who want to give R2 a go for offloading files from your server (if you have less than 10GB of avatars/attachments, there would be no cost). I have it running on three of my live sites right now, but there's some fundamental changes to how XenForo's abstracted file system works, so looking for people who are willing to test it for me (it's also good to run it on different Cloudflare accounts that might be configured differently to see if any issues pop up). It wouldn't be a "here install this" thing, I'd want to coordinate a time that we are both available just in case anything unforeseen pops up so I can assist in realtime if needed. Basically I want to make sure this is fully tested before rolling it out for everyone.

For those that don't know what I'm talking about, R2 is a system that allows you to store objects (files in the case of XenForo) in the cloud, rather than your server and move that data closer to your users by leveraging Cloudflare's 275+ data centers around the world:

 
Thanks for tagging this convo in the other thread, @digitalpoint.

So, my main goal of getting this attachment content into CF is to make the site as fast as possible for my users, especially outside of US-EAST.

So, I'm am willing to give this a try. I probably need to manually migrate because of the number of objects I have stored. Can you fill me in a little more on what the file layout needs to be, I can preconfigure the buckets since that tends to take a while to copy? Besides splitting the buckets, what are the other changes to the layout of the filesystem? My main concern is that in 5 years we all move on from CF for some reason and need to be able to get back to "Standard" storage and then move to something else. My other plan, is to rclone to backup the bucket(s) back to linode's object storage to provide me a backup (and they also provide a 7 day rolling backup on top of that).
 
I would also be glad to test it.

Is there a way to set a 301 redirect from S3 to R2? Let's say files (PDF/Doc/Images) that Google indexed are going to go kaput probably?
 
For those wanting to give it a go, I'll send you guys private messages to not clog this thread with stuff that isn't relevant to others.

Thanks for tagging this convo in the other thread, @digitalpoint.

So, my main goal of getting this attachment content into CF is to make the site as fast as possible for my users, especially outside of US-EAST.

So, I'm am willing to give this a try. I probably need to manually migrate because of the number of objects I have stored. Can you fill me in a little more on what the file layout needs to be, I can preconfigure the buckets since that tends to take a while to copy? Besides splitting the buckets, what are the other changes to the layout of the filesystem? My main concern is that in 5 years we all move on from CF for some reason and need to be able to get back to "Standard" storage and then move to something else. My other plan, is to rclone to backup the bucket(s) back to linode's object storage to provide me a backup (and they also provide a 7 day rolling backup on top of that).
R2 is S3 compatible (for the most part, there are a few obscure calls that aren't yet implemented in R2, but for purposes of data migration and normal use, it's all there), so as long as there are tools for moving data around S3, there are tools that will work for R2 if you ever needed to get all your data off R2.

As far as getting R2 buckets "prepped" and moving data into them preemptively, the structure the add-on is using by default (I say default because technically someone could implement additional sub-folders or whatever else via the more traditional way of XenForo doing filesystems via config.php edits) is fairly simple:

One bucket can be used for data, and another bucket can be used for internal_data/attachments. For each bucket, data and internal_data is considered the "root". Objects should have the full path intact like so (this is a screenshot from a data bucket):

1671728834113.png

For an internal_data/attachments bucket, it's similar (note that "attachments" is still part of the path):

1671728910726.png

The reason we are keeping the attachments part intact in the path there (even though the whole bucket is just for the attachments folder) is in case someone wanted to use the same bucket for additional folders within internal_data (or all of internal_data), they don't need to reorganize things if making such a change.

If you look at the first screenshot, you'll notice that some avatars with .jpg extensions actually have mime-types of image/png. The reason for that is how XenForo works (it stores all avatars as .jpg even if they aren't actually jpg). If you don't set an explicit mime-type when putting objects into R2, Cloudflare will analyze the contents of the file and assign the proper mime-type. So whatever migration tool you use, make sure it doesn't set it's own mime-type based on file extension as that could be problematic if Cloudflare is serving public objects with the wrong mime-type. Just something to be wary of sooner rather than finding out you've set the wrong mime-type on a zillion objects. :)
 
I would also be glad to test it.

Is there a way to set a 301 redirect from S3 to R2? Let's say files (PDF/Doc/Images) that Google indexed are going to go kaput probably?
Probably not, but it depends on how you have the public domain setup in S3. If it's a sub-domain on one of YOUR domains, I could see you being able to do it reasonably. But if it's not (and AWS/the owner of the domain you are using) doesn't give you options to do redirects, I don't see how you can force it since it's not your domain.

As an example, Cloudflare does let you use your own sub-domain for the public buckets, but Cloudflare is also your DNS provider so it's simple for them to do that. (for example https://data.iolabs.io is what I setup for my public access for data on my iolabs.io domain.

TL;DR:

Maybe, but it's going to depend if the URL Google is accessing the images at is on a domain that you own/control.
 
Ya, although if you cache attachments at the network edge, you bypass XF’s permission system for attachments which isn’t something I wanted to do personally.
I'm very much a noob when it comes to CF, so I'm a bit confused here; apologies if this turns out to be a stupid question...

As I understand it (and your post above appears to confirm this), you can't use CF to cache things like attachments to forum posts without bypassing the XF permission checks which I think most people would agree to be a bad thing.
This being the case, what is the key benefit of using CF on an XF site? (I guess I mainly mean "what kinds of content can be usefully cached?" but other benefits may have escaped me.)
 
You can cache static content (avatars, images, JavaScript files, CSS, etc. It provides DDoS
/malicious traffic protection, they have the best captcha option if you use captchas, you can support IPv6 for users even if your server doesn’t support it, supports HTTP/3, free SSL certificates for your site, can add secondary protection for admin area, can automatically minify CSS/JavaScript, etc, etc.
 
It is worth it solely for the SSL + DDoS protection IMO, but it can do so much more.

With R2 support built right in to the admin panel using this modification, there is another benefit.
 
There's so much you can do with free Cloudflare account I forgot a bunch of other things...
  • Least expensive domain registration there is (they do it at cost)
  • Reliable/fast DNS services
  • Ability to firewall/manage traffic to your servers before it gets to your servers (can do things like block IP so it never reaches your servers)
Cloudflare offers a crazy amount of very good things for no cost. At this point, if a website isn't using Cloudflare I could at least make an argument that they are running their website wrong.
 
Back
Top Bottom