Discourse & Cloudflare

:+1:

(We need an option to react/like part of a post; how to do it, I don’t have a clue — but then there wouldn’t be reason to write nill-posts like this… :wink: )

You specifically mention performance. In my quote, I specifically mention bandwidth saving. These are two different things, and different people will weight them differently.

Hey Richard, the Communiteq link was vague. The message, essentially don’t use Cloudflare.

Instead, why not say, if you use Cloudflare, use these settings? Spell it out. I think that’s what oopsyscoops is after as well. Some standard besides, don’t use it. If you turn off performance and allow caching of images, it seems that would be okay. I’m not the pro here though, so that’s why I’m asking. I just like knowing both sides of the issue here.

You said caching is meh? If that were true, then why bother with a CDN at all. They cache/store your files in remote locations so users can download them faster from their region. Not to mention, origin bandwidth and server load savings.

That’s the advice given by those who manage discourse for their living.

Because that seems to change from time to time. I’m constantly fighting to maintain instructions that help people make mailgun works, for example.

Cloudflare doesn’t work like a cdn. It’s something different. If you use a cdn, then discourse uses the CDN for things that should be cached. It doesn’t leave the CDN to guess how to work.

Unless you run a community that is likely to be the target of ddos attacks, cloudflare isn’t a good idea.

I’ve used bunny.net with a bunch of sites and it’s cheap and easy, though not free.

3 Likes

I can respect that right there.

I only recently started using Cloudflare for our Wordpress site, and running APO makes a huge speed difference. Unfortunately, as I am about to launch our Discourse forum, the WP-Discourse plugins comment count is not playing nicely no matter which page cache product I use. Our forums not even on Cloudflare (DNS only).

I second Bunny, we use it for videos currently.

3 Likes

3 posts were merged into an existing topic: Ads showing to Trust Levels that should not see them?

What I miss in this discussion is the differentiation on WHAT Cloudflare features generate problems.
All I have read so far unanimously mentions Cloudflare only as a CDN but as it stands today, Cloudflare is the company and also the name for their PLATFORM of different functionalities (SASE, Network Services, Zero Trust, Analytics, etc).
If the caching or optimization part of Cloudflare generates the most problems, then communicate that.
But why would using Cloudflare Tunnel with Cloudflare Access to massively increase the security of the Discourse instance be disregarded just because it bears the same “Cloudflare” name?

And that’s what the discussion is about. It’s not about any of their other products. It’s just about whether Discourse works in your web browser. When the discussion started, they mostly had just the CDN.

It is only ever implied that this discussion is about the CDN part of the Cloudflare platform. Users currently installing don’t know the history that Cloudflare 10 years ago only (beyond a few other functions) had its CDN.
So if this thread should stand to discourage Discourse Admins from enabling CDN functionality in Cloudflare, then you should spell it out clearly, that was my whole point.
Else “all” users will be driven away from using other Cloudflare functions apart from the CDN, which doesn’t make sense, only because this thread loosely uses “Cloudflare” as a synonym for “Cloudflare CDN, caching & optimization”.

1 Like

I don’t know how anyone could think that the discussion is about anything other than the CDN. The OP here says

They didn’t say “The cloudflare CDN service” but I think it’s pretty clear that it’s what they mean. I honestly don’t know how any of the other services have anything to do with whether Discourse works.

Let’s be clear here. Cloudflare isn’t a CDN. They call a feature of their service Cloudflare CDN, but at a fundamental level that’s not what it does.

The two elements which usually intersect with Discourse are their DNS (fine, good even) and their reverse proxy - the orange cloud while using their DNS product.

The reverse proxy can cache uploads (which is ok) but can also interfere with the javascript payload delivered to the browser (typically not ok, and the element we’re discussing here). As a reverse proxy it also increases latency for all communication between client and server, which directly impacts user experience.

Cloudflare tunnel is mentioned elsewhere on meta and is fine for the application where it’s highlighted.

3 Likes

Thank you @Stephen for providing the clarity I was pointing at.

Isn’t that opposed to the benefits that a CDN provides at its core? I mean, making assets load faster to users all around the globe by serving files from close regions?

That’s the conventional interpretation, yes. Cloudflare does have a huge network and broad presence, but it doesn’t stop their proxy from slowing down communication to some degree.

There’s no real issue with turning on the orange cloud once Let’s Encrypt has issued a certificate, providing you disable their performance features and ok with the increased latency. As we said above it’s useful if you need to obscure your server IP or want to cache /uploads. It’s just not the magic bullet some purport it to be.

3 Likes

To my knowledge Let’s Encrypt can always access the webserver for the HTTP-01 challenge through HTTPS, even with the Cloudflare Universal SSL cert in front of it, so one wouldn’t have to wait with turning on Orange Cloud until after LE cert is issued.

I would recommend trying it- it’s a common support topic here.

Let’s Encrypt will fail if Cloudflare is enabled before the intial cert is issued.

Discourse-setup also doesn’t add the Cloudflare template, I typically recommend the two be handled at the same time after the initial build completes.

1 Like

I actually did, all my public web apps are running through Cloudflare Tunnel which has to enable Orange Cloud to function and all were able to receive an initial LE cert without Port 80 and HTTP being available at all.

Cloudflare tunnel is a different product. It’s not going to make things faster. It’s totally different.

Yes. But that wasn’t what I was talking about with Stephen. And I also never said anything about “making things faster”. I added an example in what circumstance LE certs can be issued even with Orange Cloud on, because I experienced it that it works.

It would appear that you’re right that Cloudflare now has enough products with similar but very different names and purposes that it’s going to be very confusing helping anyone using Cloudflare. Discourse on a residential internet with Cloudflare Tunnel is a very specific and documented use, which is very different from what 99% of the topics discussing cloudflare are talking about. It doesn’t really belong in this topic.