Test required of discourse with CDN

Continuing the discussion from Discourse SSL setup:

@john, can you have a try now with discourse, I have set up a CDN at cloudflare, all is documented in BBW. I don’t know how long is the propagation amongst servers around the World.

For what I can see, the difference is huge, it’s loading at lightspeed at my place.

Is the whole site going through CloudFlare, or just the static resources?

Where is the mirrored server from your place?

We have one in Auckland ^~^ yay. I mean did you send the whole of discourse.openmandriva.org through Cloudflare, or just static documents?

It does take 24 hours for SSL to activate on their free plans, though.

CDN propagation also depends on from where requests are done, so maybe at the beginning you will mainly reach servers from United States that should be closer to you than France, if I’m correct.

I don’t use SSL with their free plan, but our own certificate.

It’s an on/off switch by subdomain, by default all the subdomain is managed by CF, but we can make some exceptions, there are lot of things explained here and in the FAQ

Discourse also supports using a separate subdomain to serve static assets, which is a setup I like, because then Cloudflare handles compressing and optimising all our images and stylesheets for us, but has no visibility of the actual content of our website, which is still exchanged encrypted with our own server. wdyt?

OK, it’s a good idea

Don’t forget to document what you did in BBW, not all details are needed
but at least what files you changed, with comments inside the config
files (if possible with url of the webpage you follow)

BTW all the content is encrypted in any case with our own server private
key and with Gandi intermediate certificate, even if POPed in another CF
place, there is no MITM as we don’t use the certificate of CF (the
flexible security), but the one of our server.

We are using a Cloudflare provided certificate now. If you open the SSL information box, it says we’re using Comodo ECC Domain Validation (as provided by cloudflare), not Gandi.

However, it seems Discourse has removed the option to use a CDN for static assets only, so I think this is all we can do with Cloudflare for now, and hopefully they’ll add it back in again in a later release.

You’re right @john, I was too quick or maybe too tired (was middle of the night)

I have made some changes so that only assets which can be cached in CF are moved there.

1 Like

It sounds like you found it, but I got a reply on the Discourse meta forum that they’ve moved the setting into the app.yml config file of Dicsourse.

I made a ML post, but just checking here too;
Does Jasper have IP based rate limiting? I was getting connection errors when browsing the OMA landing page yesterday, and our number of visitors dropped a lot in Piwik (since most of our visitors are to there, I flicked it off CloudFlare just in case this is indeed the issue).

About connection errors it may have been due to the changes done in DNS.

About piwik droping number of visitors, it’s indeed due to the fact
people visit in fact CDN POP instead of our website.

I was getting a CloudFlare generated error message informing me that the origin host could not be reached. There should be no effect on Piwik as all the statistics are collected by client side JavaScript and POSTed to Piwik. I’ll see today if the visitor numbers are back up and look at whitelisting Cloudflare’s IPs.

Update: visitor numbers have gone back up since I turned CloudFlare off for the main page. I think we need to look at whitelisting the CloudFlare IP addresses, and it will be a couple of days before I will be available again.

@raphael I noticed that the discourse-static subdomain is not behind CloudFlare anymore. Is there a reason for this or can I put it back?

You can put it back, i see no reason…