你如何设置Cloudflare？

Hi,

I was told a while back that I had to add a line to enable CloudFlare compatibility? Can someone please explain to me the exact steps to do so?

I would like to enable and use CloudFlare for my website.

All help is much appreciated!

Hey,

I can’t access that account anymore which is why I am making a fresh topic.

I am unaware on how to edit the config to include those lines? All help is appreciated.

Mind explaining why? Have you tried to reset the password?

I used Putty to add the line at the end of templates - but when I attempted to rebuild the app, it said that the CloudFlare YML file was missing.

Yes, just:

• add cloudflare.template.yml to the end of the templates section in app.yml.
• do not enable Rocket Loader or any other features that will interfere with JavaScript

Here’s how to edit in a nutshell:

cd /var/discourse
nano containers/app.yml
#  Make sure to use spaces, not the tab key.
#  Ctrl-O to "write [O]ut"
#  Ctrl-X to "e[X]it"

./launcher rebuild app

credit to @riking

Wait a moment, this works and has worked for a very long time

You must follow the guide, in particular long polling base url MUST be set correctly to the origin otherwise the message bus will not work right. You must also mixin the cloudflare template so it does not look like everyone is coming from the same IP which is a disaster.

I think it’s fine to setup this way if you wish, but in general I prefer just to use cloudflare as a CDN endpoint and point the site at Discourse to avoid moving parts and a more complex setup for little gain.

Solved most of problem. But still have problem with some new users has Digital Ocean’s VPS ip’s.

Another example:

My Discourse on the Frankfurt, Digital Ocean.

That’s the “Data Saver” proxy available on Android Chrome. It would be possible to add its IP range as a trusted X-Forwarded-For source. matomo/core/Tracker/VisitExcluded.php at 5.x-dev · matomo-org/matomo · GitHub

We are using Cloudflare and I’m a bit confused on what should be our long polling base url.
Is it site.com or discourse.site.com? By default it already has / as the value.

I’m fairly certain you have to include the scheme if you need it to point to a different domain.

I’m just trying to understand exactly what long polling base url is for Discourses purposes and if we need to declare it from the default “/” that is there. After reading @sam’s instructions, I’m still unclear what, if any, URL I should input for that config.

In sam’s instructions:

The message bus long polling URL should be set to the non-CDN domain name that you set up

Maybe I’m dense and the language is stumping me…

Our site is https://ftw.in
Our Discourse is https://discussions.ftw.in
Both are behind Cloudflare.

So our long polling url is https://discussions.ftw.in/?

No, your long polling URL would be

https://discussions-origin.ftw.in/

or, seeing as you have had DDOS problems: https://discussions-proxy.ftw.in

Where discussions-proxy is a non-Cloudflare server proxying the origin, but only for message-bus requests.

Ok, this explanation definitely helps me understand more clearly, but this is also where I get lost. Is this documented where and how to create this server for message-bus requests?

Also - we want all servers to be behind Cloudflare for the protection and CDN it provides. We would not want to have it outside of Cloudflare.

How: Just stand up a nginx with a single proxy_pass rule at OVH (“the premier bargain basement cloud provider”) or something.

You CANNOT put long polling behind CloudFlare. They terminate long-running requests as, incidentally, a anti-DoS measure.

Because DDoS protection is a priority for you, set up this server at a DIFFERENT provider so attacks on it do not actually take down the main site; you just get degraded live update functionality.

Got it. Thanks for the help!

Not to be totally dense here. but I’m not sure if I am configured for cloudflare correctly or not. I setup our discourse install about a year ago, behind cloudllare and I don’t believe I setup anything for long polling… Notifications appear to be working OK.

Is there something else I should look for.?

In the past it has been flaky, somehow over the years cloudflare has figured out how to proxy long HTTP calls, I would not say it is an optimal config to pass the message bus through cloudflare, but it it is working for you and you are not noticing any issues, so be it.

我应该继续通过 Cloudflare 代理的 Discourse 子域名进行轮询，还是直接让长轮询通过？

我使用的是 Digital Ocean，可以设置一个不同的子域名（例如 poll.mydomain.com）作为基础，并指向与主网站 www.mydomain.com 相同的 IP 地址。唯一的区别是主站点通过 Cloudflare 代理（橙色云朵开启），而轮询域名不经过代理（橙色云朵关闭）。Discourse 托管在 www 子域名上。

如果继续让轮询请求通过 Cloudflare 代理，更新功能是否还能正常工作？如果不能，是否应该采用上述方案？该方案是否能顺利运行而无问题？