Home Data Center Series CloudFlare Tutorial (I) CF related introduction and its benefits to personal webmasters
tangwudi
|
|
Home Data Center
|
2,078

4561 Words
|
18 minutes
This article was last updated 116 days ago. The information in it may have developed or changed. If it is invalid, please leave a message in the comment section.

Preface

Since I came into contact with Cloudflare (hereinafter referred to as CF) at the end of last year, I often mentioned in some articles that I would write a series of tutorials on CF functions. However, since CF has so many free functions, it takes a long time of continuous learning and practice to understand one function. In addition, I keep coming into contact with new functions every now and then, and then I have to study and practice again. This makes me keep cycling between learning and practice, and naturally I don’t have the confidence and mood to write a series of tutorials.

Until recently, I felt that I had basically touched upon all the commonly used functions of CF. In addition, there were no high-priority individual technical points that I wanted to write about for the time being. I thought I could finally start writing the CF series of tutorials that I had been putting off for so long. This can be regarded as a summary of my use of the many functions of CF over the past six months. At the same time, I will also organize the articles I wrote previously about CF functions into the series of tutorials.

However, before starting the formal function usage tutorial, in accordance with the general practice of technical solutions, I will first introduce CF company and related solutions.

Introduction to CF Company and Solutions

Company Introduction

Cloudflare It is a global leading provider of Internet security and performance optimization services, founded in 2009 and headquartered in San Francisco, California, USA. It provides a range of services to protect and accelerate millions of websites, APIs and Internet applications around the world, making the Internet more secure, fast and reliable.

Company size and coverage

  • Global Network: Cloudflare's global Anycast network covers more than 200 cities in more than 100 countries.
  • Number of Employees: As of early 2024, Cloudflare has approximately 2,500 employees.
  • Customer Base: Cloudflare serves customers of all sizes, from personal websites to large enterprises and government agencies.

Main products and solutions

Content Delivery Network (CDN)

Cloudflare's CDN network caches and distributes content through globally distributed servers, significantly reducing page loading times and improving user experience.

  • Function:
    • Static content caching: Cache the static content of the website (such as images, CSS, JavaScript) to edge nodes.
    • Automatic optimization: compress files, optimize images, delay loading and other functions to improve performance.

DDoS Protection

Cloudflare provides powerful DDoS protection that can detect and mitigate various types of DDoS attacks, protecting websites from large-scale attacks.

  • Function:
    • Automated Detection and Mitigation: Real-time monitoring and automated mitigation of network and application layer attacks.
    • Global Anycast Network: Distributes attack traffic to multiple nodes around the world to reduce single point pressure.

DNS Service

Cloudflare provides fast and secure DNS resolution services, ensuring high performance and stability.

  • Function:
    • Fast resolution: Provide fast DNS query responses through globally distributed nodes.
    • Security: Built-in DDoS protection and DNSSEC support to prevent DNS spoofing and cache poisoning attacks.

Web Application Firewall (WAF)

Cloudflare's WAF protects websites from common web application attacks by filtering and blocking malicious requests through a rules engine.

  • Function:
    • Pre-built rule sets: Built-in OWASP Top 10 attack protection rules.
    • Custom rules: Users can create and adjust custom protection rules according to their needs.

SSL/TLS encryption

Cloudflare provides free and paid SSL/TLS certificates to secure data transmission between clients and servers.

  • Function:
    • Automated Certificate Management: Automatically generate, renew, and manage SSL/TLS certificates.
    • Force HTTPS: Automatically redirects all HTTP traffic to HTTPS.

Edge computing

Cloudflare Workers allows developers to run JavaScript code on edge nodes around the world, reducing latency and improving performance.

  • Function:
    • Serverless computing: Deploy code without managing the underlying infrastructure.
    • Fast response: By processing requests at edge nodes, round-trip time is reduced.

Zero Trust Security

Cloudflare provides secure access control solutions based on a zero-trust model, such as Cloudflare Access and Cloudflare Gateway.

  • Function:
    • Cloudflare Access: Provides fine-grained access control for applications and supports multi-factor authentication (MFA).
    • Cloudflare Gateway: Protects users from malicious content and websites, providing secure access to the internet.

Advantages of CF Solutions

In fact, there are many companies abroad that provide overall solutions like CF, such as AWS (Amazon Web Services) + CloudFront, Microsoft Azure, GCP (Google Cloud Platform), Imperva, etc. However, CF has its own unique advantages over these competitors:

1. Extensive global network coverage

Cloudflare has a massive Anycast network that covers more than 200 cities and more than 100 countries. This extensive network coverage enables Cloudflare to provide low-latency and high-reliability services to users around the world.

In simple terms, it means that we have directly established our own backbone network (large intranet) around the world (except for a few special countries), and can connect request packets sent from any location (except those special countries) to our own large intranet from the access point (edge network) closest to the sending location, and then reach the final destination of the requested access from the large intranet through the most optimized path. In this way, the access efficiency is much higher than the traditional hop-by-hop access from the public network.

2. Integrated full-stack services

Cloudflare provides comprehensive one-stop services, including CDN, DDoS protection, DNS services, Web Application Firewall (WAF), SSL/TLS encryption, edge computing, etc. This integrated service combination allows customers to meet multiple needs on one platform, simplifying management and operation.

In simple terms, all relevant function configurations are integrated directly into one operation interface, and this operation interface is constantly adding and integrating new functions.

3. Free and affordable service

Cloudflare offers free and paid service options. For small websites and individual users, Cloudflare's free plan is already able to provide basic security and performance optimization services. For enterprise users, its paid plans are also competitively priced and powerful.

In simple terms: for most individual webmasters, basic functions can be obtained for free (Free plan).

What are the basic functions? Here are a few that are currently in use:

  • Unlimited DNS domain hosting (PTR is free to use as long as you have a fixed IP address ~, Tencent 3 PTR 1500/year, you can think carefully ~)
  • Unlimited CDN (actually, it is still limited. For example, if your CDN traffic is hundreds of terabytes or even petabytes, last time I saw a buddy using CF's free CDN as a cache for the image bed of a young lady's website, and then his account was blocked because of excessive traffic)
  • Unlimited COS (that is, R2, unlimited storage space, unlimited external access traffic, but like CDN, there should still be an upper limit)
  • Free unlimited SSL certificates (I guess there is an upper limit, but I haven’t seen anyone say that the upper limit has been reached)
  • Free email routing (that is, directly use your domain name suffix as the email address to receive emails), you can customize many email prefixes
  • Free web firewall (up to 5 rules, which is enough for most people, and can implement many advanced features such as the famous 5-second shield to intercept crawlers and prevent hotlinks)
  • Conversion rules (up to 10 rules, can achieve rewrite URL, modify request header, modify response header, etc.)
  • Redirection rules (up to 10 rules)
  • Cache rules (up to 10 rules)
  • Page rules (up to 3, can achieve many functions, but it’s strange, this thing was abolished some time ago, how come it is effective again?)
  • Zero Trust provides a zero-trust network. The Free plan can add 50 users, which is more than enough. It provides many applications including the tunnel function (directly publishing applications through intranet penetration). The warp enterprise edition could be used before June, but unfortunately, it is basically abandoned now.
  • Static page hosting function of cloudflare pages (can be linked with github warehouse)

太多了,还有一些我还没机会使用的功能…..以上这些才是对个人站长而言最有价值的服务,所以,有人称cloudflare为"大善人",我觉得是实至名归的。

4. Innovative edge computing

Cloudflare Workers is a powerful edge computing platform that allows developers to run JavaScript code on Cloudflare's edge nodes.

This platform can significantly reduce latency and improve application performance and flexibility. What functions can be achieved depends on what JS script is run. There are many worker-based projects on github.

Note: The Free plan has 100,000 requests per day, which is more than enough for a normal personal blog (except for abnormal traffic, such as attacks). Of course, if it is some specialized functions, like the reverse proxy that can pull images with worker after docker-hub is blocked, 100,000 quota will not be enough if more people use it.

5. Powerful DDoS protection capabilities

Cloudflare has industry-leading DDoS protection technology that can automatically detect and mitigate DDoS attacks of all types and sizes. Its global Anycast network design helps to disperse attack traffic to multiple nodes, reducing single point pressure.

The key is, unlimited DDOS attack protection!

Note: I was hit with 2.2T of traffic in more than 2 hours. If it was placed on a domestic cloud provider, I estimate that the server would have been disconnected from the Internet and the CDN traffic would have been used up long ago. I saved a lot of money invisibly.

6. User-friendly interface and management tools

Cloudflare provides an intuitive and easy-to-use management interface and rich APIs to facilitate users to configure and manage its services. Users can easily set and adjust security policies, monitor traffic and performance data.

Note: I have to say that the CF management interface is very well designed. It not only combines all the configurations of the functions together, but also provides an intuitive priority order for all the functions. I will talk about this in the next article.

7. Strong community and support

Cloudflare has an active community and comprehensive support documentation to help users solve problems and optimize configurations. Its customer support team can also provide professional help and guidance.

8. Continuous technological innovation

Cloudflare continues to launch new products and features to stay ahead of the curve. For example, in addition to its edge computing platform Workers, Cloudflare has also launched zero-trust security services such as Cloudflare Access and Cloudflare Gateway, as well as 1.1.1.1 public DNS services (WARP and WARP+), which focus on privacy protection and speed.

Note: For the configuration of WARP+, please refer to the articleHome Data Center Series Reasonable use of cloudflare WARP to improve the speed of accessing websites (desktop version)andDeploy cloudflare warp on the home data center series cloud host to improve network access speed (Linux cli version)Unfortunately, WARP has been basically unusable since the beginning of June, but this is inevitable in China, and it is not surprising. The worst thing is that I only knew about WARP a few months ago, and then I have been using it as a backup line, and I have never used it at all! ! ! I feel like I missed out on hundreds of millions... :(

Benefits of CF to individual webmasters

In fact, I didn’t know how high the sky was when I started, and I just used a domestic domain name and a domestic CDN to build my blog. But later I gradually realized how dangerous the world was (see article:Home Data Center Series Independent Personal Blog Building and Pitfall Avoidance Guide), and I was also getting to know CF at the time, so I made up my mind to abandon the registered domain name and transfer it to the current "tangwudi.com".

After using it for more than half a year, I really feel the great benefits of CF to me:

1. DDOS attack protection

It helped me to block more than 10 DDOS attacks, with a total attack traffic of at least 5T, and at least 99% of traffic was intercepted (many of these attacks require the support of the CF address library, such as known bad sources, known bot networks, etc.), giving me time to adjust the architecture of my home data center to eliminate the impact of attacks (see article:Second attack on home data center series! Optimization of internal blog access process under the new situation)

2. WAF protection

Every day it helps me block hotlinks, crawling by various non-mainstream search engine crawlers, and many other types of attacks. The global rate limit it contains also plays a huge role in protecting against DDOS attacks.

3. Zero Trust

Relying on Zero Trust's tunnel technology, you can directly penetrate the intranet and publish your home applications to the Internet in minutes (good news for those who don't want to register but want to build a website but don't have a public network address). Even with the default unoptimized configuration, domestic access is slower, but it can still be opened (see article:The home data center series uses tunnel technology to allow home broadband without public IP to use cloudflare for free to quickly build a website (recommended)).

4. R2 (object storage)

Now my image hosting is R2. I have migrated all the image resources from chevereto to R2. The advantage of this is that I don’t need to consider the redundancy of the image hosting (see article:Home Data Center Series Use rclone and cloudflare R2 to build Chevereto's remote disaster recovery image bed), and the pictures are not local, one is security (even if the picture hosting is attacked, it will not affect the intranet), and the other is that it is always online. Even if there is a power outage at home and it automatically switches to the redundant WordPress site on the cloud host, it will not affect the normal access to the blog (in the past, it was necessary to deploy a set of chevereto on the cloud host, and synchronize the data of the two sets of chevereto, which was quite troublesome).

5. Worker optimization

Because the Free plan defaults to providing the address of the San Jose data center in western United States to users with mainland IP addresses, the default access speed for mainland visitors is not fast (it is even jokingly called negative optimization). However, through a specific worker script, mainland visitors can also achieve the effect of the previous preferred IP (automatically selecting the IP address of the data center closest to the visitor). For individual webmasters with small traffic, the free quota of 100,000 requests a day is basically unused, so the worker optimization method can greatly improve the access speed of mainland users to the site.

6. CF pages

CF's static page hosting function is more accessible in China than github pages.www.tangwudi.comThe navigation page and the hexo static blog page are published through the github repository linked to CF pages, which is very useful (see article:Home data center series uses github+cloudflare pages to build a new home for www navigation pageandHome data center series uses hexo to build a static blog and deploy it to cloudflare pages).

以上还只是我平时最常用的,而其他使用相对较少的功能,比如重定向、自定义主机名等功能对于需要的朋友而言,也是非常重要的,加上其他一些隐藏提供了,但是一般人不知道的功能,比如多站点自动冗余+负载均衡(多站点自动冗余参见文章:家庭数据中心系列 活用cloueflare tunnel实现wordpress主站点故障时灾备站点自动接管) and so on. In short, CF is like a hidden treasure for individual webmasters, waiting for everyone to dig.

Afterword

Currently, Tencent Cloud has also launched an overall solution similar to CF: EdgeOne. The fee is charged according to the number of hosts: 1 host name is 9.9 yuan/month, which is not expensive. However, I dare not try it with dozens of host names (or I can try it when I am in the mood and then write an article). If you are interested, you can also try it. Anyway, it seems that there are relatively few articles on EdgeOne tutorials on the Internet.

The content of the blog is original. Please indicate the source when reprinting! For more blog articles, you can go toSitemapUnderstand. The RSS address of the blog is:https://blog.tangwudi.com/feed, welcome to subscribe; if necessary, you can joinTelegram GroupDiscuss the problem together.
cloudflareHome Data CenterTutorial
No Comments

Send Comment Edit Comment 


				

			

						

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
							
													

					

				

			

			
			

				

					
				

			

				

											

							
							
						

																					

							
							
						

										
					
											
						

	

		
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠(ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ°Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
	

	

		
Emoticons
Emoji
Little Dinosaur
flower!
	


									

			

			
			
		

	






Previous
Next 

                    

                    
			        Related Posts
		            

		            

							
HAProxy practical tutorial: multi-scenario deployment and common function configuration analysis

							
							

							
From QUIC to HTTP2: Building a more private and stable Cloudflare Tunnel solution

							
							

							
Home Data Center Series: Uncovering the "eye-catching tricks" of WordPress acceleration: Instant.page's minimalist optimization method

							
							

							
Docker series Traefik file dynamic configuration practice: efficient implementation of local network load balancing

							
							

							
Home Data Center Series Rank Math SEO Settings and Optimization: From Installation to Common Function Module Introduction

							
							

							
Home Data Center Series 2024.12.25 Attack Brief: The Largest DDoS Attack Record So Far

							
							

							
Potential risks of building a website with Cloudflare Tunnel in a home data center series: non-standard ports and their impact on SEO

							
							

							
Free entry-level local AI image generation tool on the Home Data Center series Mac (Part 2): Draw Things installation and usage tutorial

							
							

							
Home Data Center Series A bloody murder caused by a "steamed bun": Recording the abnormal blog access phenomenon caused by the upgrade of tailscale in the past few days

							
							

							
Free entry-level local AI image generation tool on the Home Data Center series Mac (Part 1): Diffusion Bee setting parameter detailed explanation and practical demonstration

							
							

					
				

			

		

        
		
						
					
		
	

    
    
	
error: 

	
		
		
        

            


                
					en_US				

            

            


                
                    
          						  zh_CN					          
                en_US
            

        


    










        
                
        










Spring Festival









 









hapiness