CloudFlare

[Ryan Boyd]

Hello guys,

I was thinking about adding CloudFlare to my community.

How can I do it? (I register for the free plan) and I am looking to use the professional soon.

Also I saw some forums that have something like this:

Checking your browser before accessing osbot.org.

This process is automatic. Your browser will redirect to your requested content shortly.

Please allow up to 5 seconds…

 

DDoS protection by CloudFlare
Ray ID: ********************

 

How can I do this and what is it useful for?

 

Any idea also on how can I add the cloudflare to make my community much safer and faster?

Thank you a lot guys and have a great weekend!

 

Best regards

UKF

[Xelphos]

CloudFlare caused nothing but problems for our forum. Is there any particular reason you want to use them?

 

If you just want SSL, you could keep an eye on Let's Encrypt.

[Ryan Boyd]

2 hours ago, Xelphos said:

CloudFlare caused nothing but problems for our forum. Is there any particular reason you want to use them?

 

If you just want SSL, you could keep an eye on Let's Encrypt.

 

I was just looking for random forums and I have found this website so I curious on how it loads.

 

[GriefCode]

4 minutes ago, UKF_HHA said:

I was just looking for random forums and I have found this website so I curious on how it loads.

I have posted once a post explains the advantages and disadvantages of cloudflare here:
https://community.invisionpower.com/topic/419441-cloudflare-and-ips/?do=findComment&comment=2576054

Please keep in mind that this are only some major points of cloudflare, there tons of small things that are also not that bad.
The screenshot or 'filter' is actually only useful when you are currently on a flooding/ddos attack. It does not prevent ddos attacks that are not against web ports. And only ~1% of the ddos attacks are on web ports (made by stupid kiddys). If you are looking for a ddos protection, cloudflare wont be your solution.

2 hours ago, Xelphos said:

CloudFlare caused nothing but problems for our forum. Is there any particular reason you want to use them?

If you just want SSL, you could keep an eye on Let's Encrypt.

This sounds more like configuration issues and false settings  Or if you are not aware of the cloudflare's use case and uses, it can cause problems. (Dont get me wrong here, but i was also in your position, then i started looking deeper into things and started to understand when and how to use cf).

Regards

[Ryan Boyd]

1 minute ago, Michael Schneider said:

I have posted once a post explains the advantages and disadvantages of cloudflare here:
https://community.invisionpower.com/topic/419441-cloudflare-and-ips/?do=findComment&comment=2576054

Please keep in mind that this are only some major points of cloudflare, there tons of small things that are also not that bad.
The screenshot or 'filter' is actually only useful when you are currently on a flooding/ddos attack. It does not prevent ddos attacks that are not against web ports. And only ~1% of the ddos attacks are on web ports (made by stupid kiddys). If you are looking for a ddos protection, cloudflare wont be your solution.

This sounds more like configuration issues and false settings  Or if you are not aware of the cloudflare's use case and uses, it can cause problems. (Dont get me wrong here, but i was also in your position, then i started looking deeper into things and started to understand when and how to use cf).

Regards

 

How can I get a certificate from the Let's Encrypt site?

I am not really familiar with these stuff, I was searching in the past couple of hours regarding the SSL certificates but ended in a dead end.

Could you help me to get my own certificate from Let's Encrypt?

 

Best regards

UKF

[GriefCode]

19 minutes ago, UKF_HHA said:

 

How can I get a certificate from the Let's Encrypt site?

I am not really familiar with these stuff, I was searching in the past couple of hours regarding the SSL certificates but ended in a dead end.

Could you help me to get my own certificate from Let's Encrypt?

 

Best regards

UKF

Never worked with Let's Encrypt. You may wanna ask at the topic there:

https://community.invisionpower.com/topic/416755-free-ssl/

[Rugger]

Let's Encrypt is in Beta stage only at present so you would need to wait a while before you can use it.

I would not advise using CF for SSL. However. I would advise if you want to use it's CDN features you can simply serve static resources by changing the urls in the ACP and having a cdn sub domain pass through CF.

That works quite well for me at least.

[ipbfuck]

i use startssl + cloudflare free as strict mode.

my ssl now is in A+, all works good, all for free.

[Xelphos]

9 hours ago, UKF_HHA said:

 

How can I get a certificate from the Let's Encrypt site?

I am not really familiar with these stuff, I was searching in the past couple of hours regarding the SSL certificates but ended in a dead end.

Could you help me to get my own certificate from Let's Encrypt?

 

Best regards

UKF

Let's Encrypt isn't released yet(that's why I said keep an eye on it.), but once it is, it will be the same as if you went to Comodo, and bought one.

9 hours ago, Michael Schneider said:

This sounds more like configuration issues and false settings  Or if you are not aware of the cloudflare's use case and uses, it can cause problems. (Dont get me wrong here, but i was also in your position, then i started looking deeper into things and started to understand when and how to use cf).

Probably. I wasn't the one who set it up though. I just know that it was doing something with Java Script, and a few other things which made the forum buggy, and broken.

[GriefCode]

11 hours ago, laltroweb.it said:

i use startssl + cloudflare free as strict mode.

my ssl now is in A+, all works good, all for free.

I got also multiply startssl certificate, but even the free CF cert is better, its from COMODO, which is actually "a bit" more secure and known.
Since i got that, im using CF certificates, it doesn't matter in that case anymore.

 

4 hours ago, Xelphos said:

Probably. I wasn't the one who set it up though. I just know that it was doing something with Java Script, and a few other things which made the forum buggy, and broken.

Thats false caching :-) Its recommend putting your whole cloudflare domain once in dev mode to clear up all cache, or simply delete the cache (I do that always with dev mode, because i don't trust clear cache )

[ipbfuck]

45 minutes ago, Michael Schneider said:

I got also multiply startssl certificate, but even the free CF cert is better, its from COMODO, which is actually "a bit" more secure and known.
Since i got that, im using CF certificates, it doesn't matter in that case anymore.

yes, I know! But with startssl (my cert) + cloudflare I can enable strict mode and is also if for some reasons I need to disable cloudflare my https remain active

 

[Paul.F]

14 minutes ago, laltroweb.it said:

yes, I know! But with startssl (my cert) + cloudflare I can enable strict mode and is also if for some reasons I need to disable cloudflare my https remain active

 

With full SSL from cloudflare your data is still fully encrypted, it just uses openssl which is already on your server.

[ipbfuck]

yes, is sufficient a self signed certificate!

but startssl is free and is a real certificate from a valid authority. so, thanks to startssl+cloudflare is possible to set strict, and have https also if - for some reason - is necessary to disable cloudflare. I've hsts etc... if cloudflare fail my SSL remain valid from startssl! in my opinion - for free - is a very good setup

 

[GriefCode]

8 hours ago, laltroweb.it said:

yes, is sufficient a self signed certificate!

but startssl is free and is a real certificate from a valid authority. so, thanks to startssl+cloudflare is possible to set strict, and have https also if - for some reason - is necessary to disable cloudflare. I've hsts etc... if cloudflare fail my SSL remain valid from startssl! in my opinion - for free - is a very good setup

 

Definitly a nice setup. And nice idea of fallback ssl option

I have disabled HSTS since i used to have also this domain to access my servers. Since i have too many IP's to remember them exactly  Having short and pointing subdomains for your server can help in some ways. :-)