Full IPS 4 Site Delivery by CDN

[sobrenome]

Has anyone set a CDN to full delivery IPS in the edges locations?

IPS 4 is very good in caching for guests. If its power could be used to cache the html output for guests by a CDN (not only usual assets like images, JS and CSS), the website would be extremely fast. It´s like having a Varnish Cache in the server more closer to the website visitor.

I have found this tutorial related to cloudfront:

http://fideloper.com/cloudfront-full-site-delivery

But I really would like to hear any experience from a IPS 4 user to see how the caching could be done considering the particular aspects of IPS 4.

[dccfoux]

Just use CloudFlare then

[ipbfuck]

i've cloudflare free, and thanks to cloudflare i've also free ssl (https)

just some problem in acp (eg, session expired)! but thanks to rewrite rule in cloudflare option i've disabled for acp and all work fine!

[sobrenome]

Is cloudflare free plan reliable?

[ipbfuck]

im My opinion yes!

just some feature minor from pay plan.

[sobrenome]

Nice, I guess I will try it!

I read some complains that they block legitimate traffic sometimes.

[ipbfuck]

i've only 4block request in cloudflare firewall report. all from bad browser request. but My firewall is set, from default, to medium. if u prefer u can set to lower level... anyway, u can setup and try! is very simple! in suite u don't need to change anything. u need just to reconfigure your domain nameserver.

regards...

[Ian Ehrlich]

cloudflare free is nothing to complain about, I used it before on my legit servers and I'm sure

it blocked hackers a few times. Also shows a Always online when your server is offline it's really

helpful to have cloudflare.

[sobrenome]

Is there a way to set a cloudflare page rule to cache html for guests?

As long as IPS 4 servers the same content for guests, it's perfectly cachable for some seconds.

If a page rule could be set to distinguish logged users from guests, the community accessed by guests would be entirely served by the CDN PoPs.

[sobrenome]

I am setting clouflare for testing today.

I have set the page rule to avoid /admin/ caching.

Also have installed mod_cloudflare.

Now I ask: is there any advantage to set a page rule to "cache everything" on /uploads/?

And if I set the IPS 4 cache system to be file system /datastore/ is the system going to be served by the CDN or the file system? I guess it's by the file system. But if there is a way to be served by the CDN, the dynamic content cached for a few seconds or minutes could the served by the CDN!

[sobrenome]

I am testing free CloudFlare for some days by now. Everything doing good.

I had a few problems only one day when cloudflare was telling that my origin server was down, but it was not. This situation lasted for a couple of hours. Besides that, no more problems.

It's very nice the CloudFlare firewall. I have some problem with chinese bots spam. I used the firewall to ask chinese visitors to prove that they are not bots, and the problem was resolved. So far so good.

I am wondering if would make a difference to pay for the Pro plan to have Mirage and Polish for images. Is anyone having good results with it?

 

 

[ipbfuck]

instead I've removed it!

I've try essentially for free ssl, but I've found some problem in register pages, contact pages, status ecc... And pages rules permit max 3custom rules in free version (to disable all in this pages - I think cause of bad cache with captcha and script). So, not sufficient for fix all!

-

Cause of it, I've removed cloudflare and add startssl only for https. All work very well

[Paul.F]

Running cloudflare for 3 sites with IPS4 and no issues at all. And using the free SSL

[ipbfuck]

I've found issues with recaptha2 (no image) and to open new status (no textarea). I don't have mod_cloudflare. maybe my issue is caused by this.

-

edit: Ah, also issued in acp with bad session/ip... so, more problem than benefits :|

[sobrenome]

I am using mod_cloudflare. It's a must for real ips.

you can remove admin via page rules.

I guess recapcha is working fine.

[ipbfuck]

Thanks to this article i've try again: https://support.cloudflare.com/hc/en-us/sections/200805497-Restoring-Visitor-IPs

Ok, i don't have mod_cloudflare, but isn't a great problem thanks to ipb dev: https://support.cloudflare.com/hc/en-us/articles/200170756-How-do-I-restore-original-visitor-IP-with-IPB-Invision-Power-Board-

I've try, and now all seems to work as expected and thanks to startssl+cloudflare i've enabled ssl in strictmode + hsts and now, in sslabs.com, i've A+ (before of cloudflare a badly "F") > https://www.ssllabs.com/ssltest/analyze.html?d=laltroweb.it&latest

 

ACP security setting/fix (proxies):

 

Page rules fix (always https+don'twork in admin):

 

SSL Report:

[sobrenome]

Is anyone having problems with Rocket Loader?

I guess that it is causing problems with replies in some browser like chrome.

[Joel R]

Yes.  IPS support told me to disable Cloudflare.  

 

[Paul.F]

5 hours ago, sobrenome said:

Is anyone having problems with Rocket Loader?

I guess that it is causing problems with replies in some browser like chrome.

Rocket loader is beta and does not work with IPS

[GriefCode]

On 6.10.2015, 17:06:56, Paul.F said:

Running cloudflare for 3 sites with IPS4 and no issues at all. And using the free SSL

If you dont care the XP users

XP users are not able to use the SSL certificate on the free plan and gets blocked.

[ipbfuck]

50 minutes ago, Michael Schneider said:

If you dont care the XP users

XP users are not able to use the SSL certificate on the free plan and gets blocked.

this problem isn't from cloudflare, but from any ssl without static ip (also with startssl).

xp User with a serious browser (Firefox, chrome...) do not have any problem cause by sni (ssl without static ip)

 

https://en.wikipedia.org/wiki/Server_Name_Indication

[GriefCode]

1 hour ago, laltroweb.it said:

this problem isn't from cloudflare, but from any ssl without static ip (also with startssl).

xp User with a serious browser (Firefox, chrome...) do not have any problem cause by sni (ssl without static ip)

 

https://en.wikipedia.org/wiki/Server_Name_Indication

Interesting, i used to have startsll certificates where some of my members didnt issue problems of the certificate, but once i switched to cf they did.

Maybe because i activated HSTS  

Thankls for the info.

[ipbfuck]

i use also hsts, and also startssl crt (plus cloudflare strict)! imho is best to enable and fix only https For security reason with hsts. In % browser without sni support is very minority!

-

ps: u can test your ssl here https://www.ssllabs.com/ssltest/analyze.html

this is mine: https://www.ssllabs.com/ssltest/analyze.html?d=laltroweb.it&s=104.24.118.101

[sobrenome]

I have disable Rocket Loader and everything seems to work fine again with replies.

What about Polish and Mirage? Do they work fine with IPS?

Is there a manual rule that could make Rocket Loader work fine with IPS?

[sobrenome]

I have opened a ticket support in Cloudflare to ask them to make Rocket Loader compatible with IPS 4.