@stacksofplates said in CloudFlare announces Magic WAN:

@Dashrender said in CloudFlare announces Magic WAN:

@Obsolesce said in CloudFlare announces Magic WAN:

So basically just another SDP/SDN product but with a weird name.

I was wondering this - I have no idea how much firewall type controll normal SDN products have.

is SDP software defined protection?

Software defined perimeters

As opposed to being defined in a notepad or on a chalkboard, lol.

@Mario-Jakovina said in Vultr Firewall added Cloudflare:

As I said - we do have FQDN.
I was just suprised when @Dashrender said they are free from Cloudflare

I misspoke, I never meant that registered domains themselves were free. What I meant was free was DNS hosting and base level proxying from CF.

@scottalanmiller said in CloudFlare Adding HTTP/3:

HTTP/3

Just a draft so far. No browsers has it enabled by default.

@Texkonc said in Internet outage:

@JaredBusch said in Internet outage:

@PhlipElder said in Internet outage:

@JaredBusch said in Internet outage:

@PhlipElder said in Internet outage:

https://www.cloudflarestatus.com/incidents/46z55mdhg0t5

Hmmm ... this from a little over a year ago.

Same "problem".

Routing is not magic. Errors happen.

That may be so, but the expectation is that the same errors would not happen over and over again.

FFS It is not the same. Are you stupid?

Jesus, calm down. No one pissed in your corn flakes...

No kidding. Don't go all Boomtown Rats on me. 😛

Pretty cool. I’ll have to try it and see how it goes.

I’ve been using Unbound for several years running on a Raspberry Pi and using a custom black list. Love not having to run ad blockers on each computer browser since it’s all taken care of with Unbound.

@scottalanmiller said in Mattermost Behind Nginx and Cloudflare Script Load Error:

@Pete-S said in Mattermost Behind Nginx and Cloudflare Script Load Error:

@scottalanmiller said in Mattermost Behind Nginx and Cloudflare Script Load Error:

@black3dynamite said in Mattermost Behind Nginx and Cloudflare Script Load Error:

s your setup is Cloudflare proxy -> Nginx proxy -> apache (mattermost)?

CF Proxy > Nginx Proxy > Mattermost (MM is its own server)

And yes, if I disable the CF Proxy, it works.

Why the double reverse proxies?

That's the standard. You are always expected to have your node.js servers behind a reverse proxy. And CloudFlare is the CDN cache in front. This is the universal standard for all web servers. Plenty of times to avoid it, of course, but this is the baseline system design.

In this case, MM is a raw node server so has none of the protections or handling of a system like Nginx. Nginx also provides the ability to have multiple sites behind one IP address. MM doesn't do that on its own, nor does CloudFlare. No different than how MangoLassi is on NodeBB, also a node platform, behind Nginx, behind CloudFlare.

CF can't do the details port and IP handling, Nginx can't do the globally distributed cache.

Thanks for the clarification Scott. I (wrongly) thought that Cloudflare was a full featured proxy and could do the same job as haproxy, nginx etc.

@FATeknollogee said in Setup a Cloudflare Origin Certificate for use on a backend server:

@scottalanmiller said in Setup a Cloudflare Origin Certificate for use on a backend server:

@FATeknollogee said in Setup a Cloudflare Origin Certificate for use on a backend server:

noob question here:
If you're hosting on Cloudflare, this should be used instead of LE?

Not about "should", it's about which makes more sense for you in a given situation.

"could" would probably have been a better word choice.

Yup, you definitely can 🙂

Turns out that there was a wildcard A record in DomainA2.com

@Emad-R said in Whats up with CloudFlare CDN:

@scottalanmiller

This site reports 2 as well:
https://bgr.com/2019/07/02/internet-outage-2019-cloudflare-network-issues/

They post two yes but not all due to Cloudflare,

June 24, 2019 - Route Leak Impacting Cloudflare (Other ISPs involved)
https://www.cloudflarestatus.com/incidents/46z55mdhg0t5

July 2nd, 2019 -HTTP 502 errors
https://www.cloudflarestatus.com/incidents/tx4pgxs6zxdr

Well let's talk about fedora and updating killing a laptop lol....

Like this.

be78d39b-4bf6-4b74-a15e-ec044e88ed03-image.png
04f1585b-838d-46eb-826c-be15fd766645-image.png

@Pete-S said in DNS woes:

If I understand correctly, DNS propagates everywhere anyway so what difference does it make? Or are the DNS records not cached/replicated?

It does, and they do. Propagation, caching, etc. all happens with DNS. But that doesn't mean that you don't still want your master DNS to be screaming fast, globally distributed, highly available, etc. If your DNS goes down, most DNS providers (Google, etc.) will known almost immediately and see your infrastructure as offline as part of their security system.

@Dashrender said in Move dns hosting to Cloudflare?:

@JaredBusch said in Move dns hosting to Cloudflare?:

@JokkeM said in Move dns hosting to Cloudflare?:

@JaredBusch

You have public DNS servers that are the authoritative source for your domains? - Yes
These servers are in our datacenter and they have like ~300 zones

By doing the "move dns hosting to CF" i would get rid of those 3 servers totally.

Do this today. I would hate to have to run public, authoritative DNS servers.
Just for DNS, I cannot imagine how CloudFlare would not be cheaper than running this yourself. Unless you are doing more than just DNS, CloudFlare is free.

They have a great API for managing things at scale.

I'm thinking the same thing - in fact, unless you've been running these servers since the mid 90's I can't see any reason why you could do that. Most registrars offered the DNS hosting as part of the cost of the domain registration. Sure they might not have had simple APIs for managing them... but damn, self hosted just seems - odd.

It actually simplifies some things (and makes others harder.) It's not common and there are good reasons to not do it, but there are good reasons to want it, too.

@FATeknollogee said in Cloudflare Domain registration:

@FATeknollogee said in Cloudflare Domain registration:

@JaredBusch said in Cloudflare Domain registration:

@FATeknollogee said in Cloudflare Domain registration:

2 questions for those of you that moved to CF for domain registration:

Are you using CF for DNS. If you have a web hosting provider, do you use their nameservers in your CF dashboard.

WUT?

What is WUT?

Really..?? https://www.quora.com/What-does-“wut”-mean

Try this... Not sure Quora is a solid repository of slang meanings.

https://www.urbandictionary.com/define.php?term=wut

Used in response to an unclear or absurd statement when seeking to clarify it or expose said absurdity.

@aboka said in Setup LetsEncrypt Certbot with CLoudFlare DNS authentication (Ubuntu):

hi, thanks for sharing this guide, would like to ask, what port does ppa:certbot use? im running nginx and its already using 80 & 443. i need to find a way to renew the cert when using Cloudflare as the common way(certbot renew) will not work. thank you.

There are certbot options to use the running server (Nginx in this case.) But I agree with Jared, better to use DNS.

@JaredBusch said in Cloudflare - Forwarding CNAME to HTTPS URL?:

@Dashrender said in Cloudflare - Forwarding CNAME to HTTPS URL?:

I don't really understand this - wouldn't you need a redirect command to make this work correctly? As stated - the browser thinks it's going to careers.domain.com, but that's being redirected via cname to joes.website.com, and joe's has a TLS cert.

Wouldn't the correct way be to have a server accept the request for careers.domain.com and execute a redirect to a new URL (joes.website.com) and now the browser will know it's going to joes site and accept the cert?

What server? He has no server. He simply wanted an alias for a nasty long URL.
careers.domain.com instead of adp.com/346y365hy3/365h56/456/y6/

Any good proxy will do this. CloudFlare is one of the best.

So process.

Create a CNAME entry for careers.domain.com pointing somewhere. Make sure the orange cloud is on. This makes the actual destination not matter because the IP will return as CloudFlare. But you want it to be something intelligent in case of problems as the OP found out. Create a redirect rule in CloudFlare. This is no different than the redirect 301 that you would use on your NginX proxy or other system. Profit

Well - there's your website I mentioned - the proxy. It's doing the redirect. OK - fine, it's not really a website (at least not likely), but you get the point - and I'm learning .. so thanks.
But my general thinking was along the same lines as your setup.

@taurex said in Cloudflare and Nginx reverse proxy background.:

@travisdh1 Are there any benefits of configuring your own reverse-proxy if it's running behind CloudFlare that is essentially the one already? I know they offer their own Origin CA certs that you can install on your web servers to encrypt the traffic between CF and your cloud. As long as you're happy to stick with CloudFlare, there will be no need to run cron jobs with certbot renewals every 3 months.

As @JaredBusch said, you can run self-signed certs with CloudFlare just fine. This was for my home lab, so I purposely do things the hard way sometimes, just to see what it's like. That's why I originally tackled this anyway. Running a reverse proxy mostly so I don't have to pay for nearly 30 IP addresses on the box I rent for it.

@mlnews said in CloudFlare Launches Spectrum DDoS for All Traffic Types for Enterprise Customers:

CF's new Spectrum DDoS protection service for their top tier customers aims to protect against the "spectrum" of Internet attacks including all ports and protocols, not just web ones as before.

Read the title again slowly...

It sounds like CloudFlare is launching a DDoS. 😄 Not criticizing, just finding it funny.

@momurda said in Public DNS Provider Comparison:

Unlike FB, CloudFare actually makes products and sells them to customers.

An example: MangoLassi is a commercial CloudFlare customer. Without CF, we'd never be able to push the 200 million hits a month we sometimes take here!