ichpen
Well-known member
I'm running chrony on Alma linux and it still didn't auto sync so can be a problem. It's not something one checks often if at all. I'll need to dig into why it got out of sync and didn't update hwclock on my vm.
![[DigitalPoint] App for Cloudflare®](/community/data/resource_icons/8/8750.jpg?1692633961){kind=icon}
[DigitalPoint] App for Cloudflare® 1.9.1.1
- Thread starter digitalpoint
- Start date
I'm running chrony on Alma linux and it still didn't auto sync so can be a problem. It's not something one checks often if at all. I'll need to dig into why it got out of sync and didn't update hwclock on my vm.
BassMan
Well-known member
I can see images are loading slower if this is enabled. Like they are called every time I do a page refresh. If this is disabled, images loads faster. Or am I missing something here?
BassMan
Well-known member
I have enabled this option, but the images seem to load every time I visit the page. Loading images is significantly slower on my forum with this option. What am I missing here?If you use R2 for attachments, enabling the use of presigned URLs should make viewing attachments substantially faster (in case it's not clear or you didn't read the update notes).
benFF
Well-known member
I think that's how it's supposed to be, as you're getting a different signed url each time.
Chromaniac
Well-known member
so i just started using r2 for storage. i enabled presigned urls. but image links in posts are still pointing to forum links which are redirected to presigned urls if opened in a new tab. assuming this is how they are supposed to perform?
digitalpoint
Well-known member
If you are talking about attachments (may or may not be an image), yes. The ability to view/download attachments is permission based (one user may be able to see a particular attachment but not a different user). The application (XenForo) needs to first make a determination if the user can view an attachment or not, and then generate a presigned URL that's unique to that user (presigned URLs will only work for the user that triggered it to be generated and the presigned URL also expires in 60 seconds).
TL;DR: attachments need to be routed through XenForo first.
Chromaniac
Well-known member
just curious though. it might have been already answered. if i disable proxy on cloudflare (development mode or straightaway pause), i assume r2 integration would continue to work as long as this addon is enabled and configured?
i wanted to avoid relying on an addon but last time i tried direct approach, it became quite a mess getting the config file right. so decided to use this addon to connect to r2 last night.
i wanted to avoid relying on an addon but last time i tried direct approach, it became quite a mess getting the config file right. so decided to use this addon to connect to r2 last night.
digitalpoint
Well-known member
You do not need to proxy your primary hostname (can use "grey cloud") through Cloudflare and still utilize R2 in general.
You would need to use Cloudflare DNS servers for your domain in order to use R2 for your
data bucket (you can't attach a public domain to the bucket if your domain isn't using Cloudflare for DNS). That's not a requirement for the internal-data bucket because there's no public domain attached that leverages DNS magic.I'm not quite sure how to set this up now I've installed it I've deleted my existing applications and policies in cloudflare zero trust and installed this. Where it says create a token, it takes you to the cloudflare page
Zone resources - do you leave this as all zones or select "All zones from an account"?
Client IP address filtering: Do you select "Is in" or "Is not in" (and why?) and presumably you put your own IP address into the box next to that?
Also how long to define start and end date? Indefinitely? Why do you need an end date?
Just reading through this discussion some things sound a bit complicated and I don't know what people are talking about!
I already have the site with Cloudflare (proxied) and already have Cloudflare Turnstile set up. Is there anything I should or shouldn't do within the app in that case?
I've deleted my existing applications and policies in cloudflare zero trust and installed this. Where it says create a token, it takes you to the cloudflare pageZone resources - do you leave this as all zones or select "All zones from an account"?
Client IP address filtering: Do you select "Is in" or "Is not in" (and why?) and presumably you put your own IP address into the box next to that?
Also how long to define start and end date? Indefinitely? Why do you need an end date?
Just reading through this discussion some things sound a bit complicated and I don't know what people are talking about!
I already have the site with Cloudflare (proxied) and already have Cloudflare Turnstile set up. Is there anything I should or shouldn't do within the app in that case?
Last edited:
digitalpoint
Well-known member
You need to create an API token once in order to do all the things. It's how the underlying API requests are authenticated.I'm not quite sure how to set this up now I've installed it
Up to you... I use a single API key for all zones, but if you want to limit it to just able to work with certain zones, you certainly can do that.
The "client" is the machine making API requests (your server). Honestly, I wouldn't put IP restrictions on the API token because it will cause problems if your server IP ever changes, or if you use things like presigned URLs (for presigned URLs, the "client" IP is the IP of your users).
You don't need a start or end date. That's if you are trying to create a short-lived API token for some reason... you are not doing that.
For all the stuff that isn't filled in automatically, you don't need to fill anything in unless you have a very specific reason to. If you start overthinking things, it's only problems.
Nope, you don't need to change anything.
That looks like a network connectivity issue with your server. Hopefully will work itself out on it's own, but if it doesn't, you'll want to contact your server/network admin because there might be bad network routes or something going on.
digitalpoint
Well-known member
Try pinging the host from your server (if you have shell access) and compare that to pinging it from another machine? Bottom line is the error is a network connectivity error. Maybe your server has a firewall blocking access to that URI? Maybe you put IP restrictions on your API token?
If your server can't reach the URI for your bucket (for whatever reason), things will not work as expected.
Thanks. So I don't need to fill any of those boxes in then or complete anything? Just leave them as they are and click next? Because I haven't a clue what I'm doing! Don't know anything about API's. I'm wondering if a lot of the extra functions are a bit beyond me as I only really want to protect admin.php and /install. And for some reason, Cloudflare won't accept the IP.
digitalpoint
Well-known member
If the addon isn't asking you/telling you to do something, it's safe to assume you don't need to do it. The issues people tend to run into is when people start doing random things on their own because they think they were supposed to for whatever reason.
For IPs, a lot of times at the network-level (like when dealing routing and similar things), it's not asking for an IP address, rather a block of IPs. But again, if you are referring to the IP filtering in the API token, you are better off not using it. The authentication is handled by knowing the API token... so unless you plan on giving that API token out to random people and you want to block them from using it, it's not necessary (and can actually end up causing problems for the reasons mentioned in previous post).
