Forsaken
Well-known member
Was worth a shot
.
![[DigitalPoint] App for Cloudflare®](/community/data/resource_icons/8/8750.jpg?1692633961){kind=icon}
[DigitalPoint] App for Cloudflare® 1.9.1.1
- Thread starter digitalpoint
- Start date
.
Ricsca
Well-known member
I state that I am not able to control what cloudflare does on my site but I installed our CF on my site without doing anything else and without installing this plugin.
I haven't noticed anything strange in my forum for about a week with active CF without this plugin.
Can I continue like this, do I have to install the plugin to get the basic options?
Thank you
I haven't noticed anything strange in my forum for about a week with active CF without this plugin.
Can I continue like this, do I have to install the plugin to get the basic options?
Thank you
digitalpoint
Well-known member
This addon is not needed if you are just using Cloudflare settings (if that’s your question). There’s a ton of things the addon does beyond setting control, but if you don’t need any of that, you don’t need it.
Ivancas
Well-known member
Is there any way to avoid the conflict with Wordpress? It could be great to apply the cache rules to the urls with the forum URL prefix only
digitalpoint
Well-known member
If the only issue is including a directory in the cache rule, it shouldn’t be too hard to edit it to work that way since it’s on Cloudflare’s side. That being said, it’s going to be a pretty bad idea to run two different apps on the same hostname for some other reasons (like scoping of cookies… WordPress can steal your XenForo cookies and vice versa).
Putting two apps on the same hostname would be similar to them both using the same database… They probably are going to work, but now each app is relying on the other to not do something unexpected.
I’d strongly recommend having different sub-domain for each, but it’s not my job to be other people’s admin/security consultant, so if you really don’t want to, I don’t see why you couldn’t edit the cache rule as you see fit.
Moshe1010
Well-known member
Hi,
Does anybody know what does it mean?
I try to setup a staging area for my live board including the R2 buckets (I've replicated them like I did many times before). This is not the first time we are doing it, but it's been a few months since we tried to replicate our live website with R2 buckets.
If I disable Cloudflare proxied DNS on this staging area subdomain, everything works and there are no errors (but I also don't have access to the R2 buckets).
But when the proxied Cloudflare DNS is activated, I can't seem to be able to configure the R2 buckets.
I choose the replicated bucket (creating a new bucket doesn't work either) and set the right domain name (tried an already configured domain name or a new one, same result). When I click the "Enable R2" button for the data bucket, for example, I don't get anything and the overlay stays the same without a change.
When I do it with inspect in the background, I get error(s) that are shown in the screenshots below (mainly 401 error).
The API key is definitely the correct one – I also tried to configure several times a new API key with all the correct rules checked twice. If the API key wasn't right, it wouldn't let me choose my R2 buckets from a drop-down when trying to configure the R2 buckets via XF AdminCP).
Any ideas? Thanks
Does anybody know what does it mean?
I try to setup a staging area for my live board including the R2 buckets (I've replicated them like I did many times before). This is not the first time we are doing it, but it's been a few months since we tried to replicate our live website with R2 buckets.
If I disable Cloudflare proxied DNS on this staging area subdomain, everything works and there are no errors (but I also don't have access to the R2 buckets).
But when the proxied Cloudflare DNS is activated, I can't seem to be able to configure the R2 buckets.
I choose the replicated bucket (creating a new bucket doesn't work either) and set the right domain name (tried an already configured domain name or a new one, same result). When I click the "Enable R2" button for the data bucket, for example, I don't get anything and the overlay stays the same without a change.
When I do it with inspect in the background, I get error(s) that are shown in the screenshots below (mainly 401 error).
The API key is definitely the correct one – I also tried to configure several times a new API key with all the correct rules checked twice. If the API key wasn't right, it wouldn't let me choose my R2 buckets from a drop-down when trying to configure the R2 buckets via XF AdminCP).
Any ideas? Thanks
digitalpoint
Well-known member
I’ve never specifically tried creating R2 buckets and then disabling routing traffic through Cloudflare and then re-enabling it, but it sounds to me like something went wrong on Cloudflare’s side with that process somehow.
If the most basic stuff isn’t working (creating a new API token), I’m not sure what else you could try on your end. Does the R2 dashboard work as expected when using the normal interface on Cloudflare’s site?
It should handle it gracefully, but are you trying to create a public domain that already exists or anything?
If the most basic stuff isn’t working (creating a new API token), I’m not sure what else you could try on your end. Does the R2 dashboard work as expected when using the normal interface on Cloudflare’s site?
It should handle it gracefully, but are you trying to create a public domain that already exists or anything?
digitalpoint
Well-known member
Also, if you look at the Response tab in your web dev tools (where you got the 401 response), does it show anything?
401 means the HTTP request was unauthorized (not the underlying API calls). Some possibilities:
401 means the HTTP request was unauthorized (not the underlying API calls). Some possibilities:
- You have mod_security (or something similar) blocking the request at the web server level
- A Cloudflare rule is blocking the request
- You have zone security level set too high (for XenForo it should be set to “Essentially off”)
- Zero-Trust Access incorrectly provisioned
Moshe1010
Well-known member
I'm not sure yet, but I think I solved the R2 buckets issue. it's was due to the fact that I tried to configure a two-level subdomain.
It seems that Cloudflare changed their SSL certificate issuing policies, so the free tier doesn't support ..domain.com free SSL certificates anymore.
I tried to configure data.dev.domain.com, but it didn't work and everything got stuck. This solved the 401 error.
Under the Overview tab, the "session duration" was configured to "no duration". I've changed it to 1 month and revoked existing tokens.
Thanks!
It seems that Cloudflare changed their SSL certificate issuing policies, so the free tier doesn't support ..domain.com free SSL certificates anymore.
I tried to configure data.dev.domain.com, but it didn't work and everything got stuck. This solved the 401 error.
I think this solved the fetching error.
Under the Overview tab, the "session duration" was configured to "no duration". I've changed it to 1 month and revoked existing tokens.
Thanks!
digitalpoint
Well-known member
I think it's always been this way, although to be honest, I've never tried it because I didn't have a use for subdomains more than 1 level deep. But yes, definitely as of right now, that's the case (regardless if it was a recent change or not):
| Hostname | Covered by Universal certificate? |
|---|---|
| example.com | Yes |
| www.example.com | Yes |
| docs.example.com | Yes |
| dev.docs.example.com | No |
| test.dev.api.example.com | No |
Error messages
To help avoid ERR_SSL_VERSION_OR_CIPHER_MISMATCH errors, Cloudflare automatically shows an error message - This hostname is not covered by a certificate - on proxied DNS records not covered by a TLS certificate.
developers.cloudflare.com
Not sure if that would have caused what you are seeing though because the certificate would have been invalid for all requests, not just the one for updating R2 settings.
Also not sure why that would have fixed it because if the session duration with invalid, I'd think that would be the case for the entire hostname. But whatever, I guess if things are working as expected now, great!
If your site is on 1 tier1 subdomain (like dev.example.com) but you were trying to provision R2 to be on a tier2 domain like data.dev.example.com, maybe the 401 was a lame response/error message from Cloudflare when it couldn't do it on it's backend. With the "unauthorized" messaging pertaining to the permissions on their end for a free zone? If that's the case maybe it was as simple as provisioning the R2 public domain as data-dev.example.com?
Moshe1010
Well-known member
Yeah, that's what I eventually did.If that's the case maybe it was as simple as provisioning the R2 public domain as data-dev.example.com?
I received the "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" only when I tried to access the bucket's data since it was a level 2 subdomain. It didn't do any issues across the board since it was just a regular sub-domain so they issued an SSL certificate for that.
If I had to guess, it may got stuck since some style elements are hosted on the buckets, so if there is an SSL error it may caused the entire system to go crazy.
I got the 401 just when I tried to enable R2 buckets. After the SSL fix it's gone. The other fetching error I got across the entire AdminCP and changing the trust zone settings also fixed it.
Cloudflare was always weird for me, so whatever works as long as it stays without issues
digitalpoint
Well-known member
Just FYI, I don't think it was the multi-tier subdomain thing. I tried to replicate what happened to see if it was something I could catch and present a better error for users (I changed an R2 bucket to be on a 3-levels deep subdomain within a free zone and it worked fine). So I'm guessing it was just something with Zero-Trust Access or a firewall rule or something else that was resolved at the same time.
For future, the Request trace tool in the addon might be helpful for pinpointing exactly why a certain request isn't making it through Cloudflare (it will show you the Cloudflare products and phases it's going through and what is blocking it).
xenforo.com
For future, the Request trace tool in the addon might be helpful for pinpointing exactly why a certain request isn't making it through Cloudflare (it will show you the Cloudflare products and phases it's going through and what is blocking it).
[DigitalPoint] App for Cloudflare®
BTW, the mechanism that purges relevant URLs when a new post is made (when using guest page caching) has already been decoupled from the HTTP request for the next version. Will make posting (slightly) faster even when API is functioning normally. Instead of doing the API call right then, it...
xenforo.com
Moshe1010
Well-known member
Thanks, I will use the trace tool next time to see what's going on.
I'm also receiving the following errors in the last few weeks, at least twice a week. Is that some server connectivity issue?
and this one:
I'm also receiving the following errors in the last few weeks, at least twice a week. Is that some server connectivity issue?
Code:
GuzzleHttp\Exception\ConnectException: cURL error 6: Could not resolve host: <some id>.r2.cloudflarestorage.com (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) src/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php:200
Generated by: Unknown account 15/7/23 at 18:41
Stack trace
#0 src/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(155): GuzzleHttp\Handler\CurlFactory::createRejection(Object(GuzzleHttp\Handler\EasyHandle), Array)
#1 src/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(105): GuzzleHttp\Handler\CurlFactory::finishError(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory))
#2 src/vendor/guzzlehttp/guzzle/src/Handler/CurlHandler.php(43): GuzzleHttp\Handler\CurlFactory::finish(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory))
#3 src/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php(28): GuzzleHttp\Handler\CurlHandler->__invoke(Object(GuzzleHttp\Psr7\Request), Array)
#4 src/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php(51): GuzzleHttp\Handler\Proxy::GuzzleHttp\Handler\{closure}(Object(GuzzleHttp\Psr7\Request), Array)
#5 src/vendor/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php(37): GuzzleHttp\Handler\Proxy::GuzzleHttp\Handler\{closure}(Object(GuzzleHttp\Psr7\Request), Array)
#6 src/vendor/guzzlehttp/guzzle/src/Middleware.php(29): GuzzleHttp\PrepareBodyMiddleware->__invoke(Object(GuzzleHttp\Psr7\Request), Array)
#7 src/vendor/guzzlehttp/guzzle/src/RedirectMiddleware.php(70): GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object(GuzzleHttp\Psr7\Request), Array)
#8 src/vendor/guzzlehttp/guzzle/src/Middleware.php(59): GuzzleHttp\RedirectMiddleware->__invoke(Object(GuzzleHttp\Psr7\Request), Array)
#9 src/vendor/guzzlehttp/guzzle/src/HandlerStack.php(71): GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object(GuzzleHttp\Psr7\Request), Array)
#10 src/vendor/guzzlehttp/guzzle/src/Client.php(351): GuzzleHttp\HandlerStack->__invoke(Object(GuzzleHttp\Psr7\Request), Array)
#11 src/vendor/guzzlehttp/guzzle/src/Client.php(162): GuzzleHttp\Client->transfer(Object(GuzzleHttp\Psr7\Request), Array)
#12 src/vendor/guzzlehttp/guzzle/src/Client.php(182): GuzzleHttp\Client->requestAsync('HEAD', Object(GuzzleHttp\Psr7\Uri), Array)
#13 src/addons/DigitalPoint/Cloudflare/Traits/XF.php(73): GuzzleHttp\Client->request('HEAD', 'https://c1d25e6...', Array)
#14 src/addons/DigitalPoint/Cloudflare/Api/Cloudflare.php(562): DigitalPoint\Cloudflare\Api\Cloudflare->request('HEAD', 'https://c1d25e6...', Array)
#15 src/addons/DigitalPoint/Cloudflare/Api/Advanced.php(760): DigitalPoint\Cloudflare\Api\CloudflareAbstract->makeRequest('HEAD', 'attachments/95/...', Array, true, 'attachments')
#16 src/addons/DigitalPoint/Cloudflare/League/Flysystem/Adapter/R2.php(195): DigitalPoint\Cloudflare\Api\Advanced->headR2Object('attachments', 'attachments/95/...')
#17 src/addons/DigitalPoint/Cloudflare/League/Flysystem/Adapter/R2.php(83): DigitalPoint\Cloudflare\League\Flysystem\Adapter\R2->getMetadata('attachments/95/...')
#18 src/vendor/league/flysystem/src/Filesystem.php(57): DigitalPoint\Cloudflare\League\Flysystem\Adapter\R2->has('attachments/95/...')
#19 [internal function]: League\Flysystem\Filesystem->has('attachments/95/...', Array)
#20 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(431): call_user_func_array('League\\Flysyste...', Array)
#21 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(395): League\Flysystem\EventableFilesystem\EventableFilesystem->callFilesystemMethod('has', Array)
#22 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(128): League\Flysystem\EventableFilesystem\EventableFilesystem->delegateMethodCall('has', Array)
#23 src/vendor/league/flysystem/src/MountManager.php(313): League\Flysystem\EventableFilesystem\EventableFilesystem->has('attachments/95/...')
#24 src/XF/Entity/AttachmentData.php(228): League\Flysystem\MountManager->has('attachments/95/...')
#25 src/XF/ControllerPlugin/Attachment.php(9): XF\Entity\AttachmentData->isDataAvailable()
#26 src/XF/Pub/Controller/Attachment.php(45): XF\ControllerPlugin\Attachment->displayAttachment(Object(XF\Entity\Attachment))
#27 src/XF/Mvc/Dispatcher.php(352): XF\Pub\Controller\Attachment->actionIndex(Object(XF\Mvc\ParameterBag))
#28 src/XF/Mvc/Dispatcher.php(259): XF\Mvc\Dispatcher->dispatchClass('XF:Attachment', 'Index', Object(XF\Mvc\RouteMatch), Object(XF\Pub\Controller\Attachment), NULL)
#29 src/XF/Mvc/Dispatcher.php(115): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(XF\Pub\Controller\Attachment), NULL)
#30 src/XF/Mvc/Dispatcher.php(57): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#31 src/XF/App.php(2483): XF\Mvc\Dispatcher->run()
#32 src/XF.php(524): XF\App->run()
#33 index.php(20): XF::runApp('XF\\Pub\\App')
#34 {main}
Request state
array(4) {
["url"] => string(19) "/attachments/22394/"
["referrer"] => string(22) "https://www.google.it/"
["_GET"] => array(0) {
}
["_POST"] => array(0) {
}
}and this one:
Code:
GuzzleHttp\Exception\ConnectException: cURL error 7: (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) src/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php:200
Generated by: Unknown account 15/7/23 at 22:25
Stack trace
#0 src/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(155): GuzzleHttp\Handler\CurlFactory::createRejection(Object(GuzzleHttp\Handler\EasyHandle), Array)
#1 src/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(105): GuzzleHttp\Handler\CurlFactory::finishError(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory))
#2 src/vendor/guzzlehttp/guzzle/src/Handler/CurlHandler.php(43): GuzzleHttp\Handler\CurlFactory::finish(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory))
#3 src/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php(28): GuzzleHttp\Handler\CurlHandler->__invoke(Object(GuzzleHttp\Psr7\Request), Array)
#4 src/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php(51): GuzzleHttp\Handler\Proxy::GuzzleHttp\Handler\{closure}(Object(GuzzleHttp\Psr7\Request), Array)
#5 src/vendor/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php(37): GuzzleHttp\Handler\Proxy::GuzzleHttp\Handler\{closure}(Object(GuzzleHttp\Psr7\Request), Array)
#6 src/vendor/guzzlehttp/guzzle/src/Middleware.php(29): GuzzleHttp\PrepareBodyMiddleware->__invoke(Object(GuzzleHttp\Psr7\Request), Array)
#7 src/vendor/guzzlehttp/guzzle/src/RedirectMiddleware.php(70): GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object(GuzzleHttp\Psr7\Request), Array)
#8 src/vendor/guzzlehttp/guzzle/src/Middleware.php(59): GuzzleHttp\RedirectMiddleware->__invoke(Object(GuzzleHttp\Psr7\Request), Array)
#9 src/vendor/guzzlehttp/guzzle/src/HandlerStack.php(71): GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object(GuzzleHttp\Psr7\Request), Array)
#10 src/vendor/guzzlehttp/guzzle/src/Client.php(351): GuzzleHttp\HandlerStack->__invoke(Object(GuzzleHttp\Psr7\Request), Array)
#11 src/vendor/guzzlehttp/guzzle/src/Client.php(162): GuzzleHttp\Client->transfer(Object(GuzzleHttp\Psr7\Request), Array)
#12 src/vendor/guzzlehttp/guzzle/src/Client.php(182): GuzzleHttp\Client->requestAsync('HEAD', Object(GuzzleHttp\Psr7\Uri), Array)
#13 src/addons/DigitalPoint/Cloudflare/Traits/XF.php(73): GuzzleHttp\Client->request('HEAD', 'https://c1d25e6...', Array)
#14 src/addons/DigitalPoint/Cloudflare/Api/Cloudflare.php(562): DigitalPoint\Cloudflare\Api\Cloudflare->request('HEAD', 'https://c1d25e6...', Array)
#15 src/addons/DigitalPoint/Cloudflare/Api/Advanced.php(760): DigitalPoint\Cloudflare\Api\CloudflareAbstract->makeRequest('HEAD', 'attachments/116...', Array, true, 'attachments')
#16 src/addons/DigitalPoint/Cloudflare/League/Flysystem/Adapter/R2.php(195): DigitalPoint\Cloudflare\Api\Advanced->headR2Object('attachments', 'attachments/116...')
#17 src/addons/DigitalPoint/Cloudflare/League/Flysystem/Adapter/R2.php(83): DigitalPoint\Cloudflare\League\Flysystem\Adapter\R2->getMetadata('attachments/116...')
#18 src/vendor/league/flysystem/src/Filesystem.php(57): DigitalPoint\Cloudflare\League\Flysystem\Adapter\R2->has('attachments/116...')
#19 [internal function]: League\Flysystem\Filesystem->has('attachments/116...', Array)
#20 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(431): call_user_func_array('League\\Flysyste...', Array)
#21 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(395): League\Flysystem\EventableFilesystem\EventableFilesystem->callFilesystemMethod('has', Array)
#22 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(128): League\Flysystem\EventableFilesystem\EventableFilesystem->delegateMethodCall('has', Array)
#23 src/vendor/league/flysystem/src/MountManager.php(313): League\Flysystem\EventableFilesystem\EventableFilesystem->has('attachments/116...')
#24 src/XF/Entity/AttachmentData.php(228): League\Flysystem\MountManager->has('attachments/116...')
#25 src/XF/ControllerPlugin/Attachment.php(9): XF\Entity\AttachmentData->isDataAvailable()
#26 src/XF/Pub/Controller/Attachment.php(45): XF\ControllerPlugin\Attachment->displayAttachment(Object(XF\Entity\Attachment))
#27 src/XF/Mvc/Dispatcher.php(352): XF\Pub\Controller\Attachment->actionIndex(Object(XF\Mvc\ParameterBag))
#28 src/XF/Mvc/Dispatcher.php(259): XF\Mvc\Dispatcher->dispatchClass('XF:Attachment', 'Index', Object(XF\Mvc\RouteMatch), Object(XF\Pub\Controller\Attachment), NULL)
#29 src/XF/Mvc/Dispatcher.php(115): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(XF\Pub\Controller\Attachment), NULL)
#30 src/XF/Mvc/Dispatcher.php(57): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#31 src/XF/App.php(2483): XF\Mvc\Dispatcher->run()
#32 src/XF.php(524): XF\App->run()
#33 index.php(20): XF::runApp('XF\\Pub\\App')
#34 {main}
Request state
array(4) {
["url"] => string(19) "/attachments/46789/"
["referrer"] => string(33) "https://domain.com/threads/106105/"
["_GET"] => array(0) {
}
["_POST"] => array(0) {
}
}digitalpoint
Well-known member
Curl error 7 is a network connectivity issue. Network connectivity issues will also cause the first error (the server can’t connect to the DNS server that the server uses). Network connectivity issues can’t be caused (or resolved by) this addon. You’ll need to talk to your system admin/hosting company to sort out networking issues with your server.
@digitalpoint, may I suggest adding a page rule preset for not caching the ACP? Cloudflare recommends not to in “Using Cloudflare with various forums (vBulletin, Xenforo, MyBB)”:
digitalpoint
Well-known member
It's not needed unless you are doing something weird/non-standard on your end. It's more in case you are doing something like using Varnish or something like that to force caching of pages that aren't supposed to cached. So ya, if you are doing something that forces non-cacheable pages into a local cache, you need to make sure you are doing it right. But it's not needed for normal use or if you are using this add-on. This addon does caching "right" (only caching things that should be in cache). There's never a situation where anything this addon does would cause the admin area to be cached.
They are writing that page more as a generic thing that applies to multiple platforms and multiple configurations, it's not directed at sites using a deep Cloudflare integration (like with this addon).
Alpha1
Well-known member
New reply from CloudFlare support about it not working for Business Plan:
And why on earth it will work for the free plan, Pro, but not Business.
It makes no sense to me why the settings page of your addon would not work because network error logging is not working for my plan.
And why on earth it will work for the free plan, Pro, but not Business.
digitalpoint
Well-known member
Ya I don’t follow that logic either. I think I mentioned it previously, but you can turn it off (it’s on by default) with a response transform rule (you can just tell it to drop the nel header… that’s literally all the option does in the end is remove the nel header).
Very weird they would give something to all plans except Business… it seems intentionally.
Very weird they would give something to all plans except Business… it seems intentionally.
