Using CloudFlare with NodeBB
-
@lenovouser I am aware how to setup NodeBB in a folder, however the issue is that the above given instructions of yours, do not work with a folder based installation.
-
@AOKP are there any errors I could take a look at?
-
@lenovouser basically the same as if you wouldn't use the config.
If you try to visit the forum under the new URL for example (live.<domain.tld>) it is saying that the page wasn't found, so it seems that the "entrance" of it is false. -
Is this working for anyone? I've been struggling trying to make it work. I'm getting an "invalid session" error whenever the site uses websockets.
I have the realip installed and it's working according to my nginx logs.
Seems like it could be something wrong with the forums, the request query is blank (no sid), and doesn't have any cookie. (My Java app, which injects the cookie itself, seems to be working with websockets.)
EDIT: My default cookie settings were somehow incorrect, setting and unsetting fixed it.
-
Good news, CloudFlare will open WebSockets for everyone
https://www.cloudflare.com/websockets/
https://support.cloudflare.com/hc/en-us/articles/200169466-Can-I-use-CloudFlare-with-WebSockets- -
This is great news!
We're now running on CF CDN.
We have around 2-300 concurrent connection. No problem so far. Much snappier! And nice to offload the SSL to them
-
anyone got ws and polling working at same time with cloudfare?
i did 3 test ith different config and this plugin to disable ws https://addons.mozilla.org/en-US/firefox/addon/websocket-disabler/
"socket.io": {
"transports": ["websocket"]
]
result: only websocket"socket.io": {
"transports": ["polling","websocket"]
}
result: only polling"socket.io": {
"transports": ["websocket","polling"]
}
result: only websocketso disabling ws it doesnt let you write a post
-
@exodo you can now totally remove the whole configuration and let it run over your main domain as CloudFlare has enabled WebSockets for free.
-
@lenovouser said in Using CloudFlare with NodeBB:
@exodo you can now totally remove the whole configuration and let it run over your main domain as CloudFlare has enabled WebSockets for free.
I have it that way
@lenovouser said in Using CloudFlare with NodeBB:
@exodo you can now totally remove the whole configuration and let it run over your main domain as CloudFlare has enabled WebSockets for free.
-
I ended up configuring ssl on our domain (Cloudflare Full SSL setup).
I had to adopt config.json to enable ssl for websockets. But as you can see I didn't change the socket.io transports defaults.{ "port": ["4567", "4568", "4569"], "ssl": { "cert": "/etc/nginx/ssl/mysensors_certificate.pem", "key": "/etc/nginx/ssl/mysensors_key.pem" }, "url": "https://forum.mysensors.org", "secret": "****************", "database": "redis", "redis": { "host": "127.0.0.1", "port": "6380", "password": "**********", "database": "1" } }
This is our nginx config.
upstream io_nodes { ip_hash; server 127.0.0.1:4567; server 127.0.0.1:4568; server 127.0.0.1:4569; } server { server_name forum.mysensors.org; listen 443 ssl spdy; ssl on; ssl_certificate /etc/nginx/ssl/mysensors_certificate.pem; ssl_certificate_key /etc/nginx/ssl/mysensors_key.pem; # enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # disables all weak ciphers ssl_ciphers 'AES128+EECDH:AES128+EDH'; ssl_prefer_server_ciphers on; # prevents 502 bad gateway error large_client_header_buffers 8 32k; client_max_body_size 2M; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_redirect off; proxy_buffering off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; gzip on; gzip_min_length 1000; gzip_proxied off; gzip_types text/plain application/xml application/x-javascript text/css application/json; location @nodebb { proxy_pass https://io_nodes; } location ~ ^/(images|language|sounds|templates|uploads|vendor|src\/modules|nodebb\.min\.js|stylesheet\.css|admin\.css) { root /home/msforum/NodeBB/public/; try_files $uri $uri/ @nodebb; } location / { error_page 502 =200 @maintenance; # prevents 502 bad gateway error proxy_buffers 8 32k; proxy_buffer_size 64k; proxy_pass https://io_nodes; } location @maintenance { root /opt/nginx/maintanance/; try_files $uri /index.html =503; } }
Quite a few browsers still seem to use polling. I really don't know why.
We got quite a peak in cloudflare.. But a slowly decreasing bandwidth usage:
-
actually my problem is not with ssl @hek @yariplus i have similar config of your forum, but if you not setting transport then not using real websocket i think
actually with my test
- first test, transports config empy, you can see many polling connections and 1 websocket, will be same if you put ["polling", "websocket"] as it takes the default, not sure what this mean @administrators
-
now with transport set with websocket only, then only websocket appears
-
last test setting [ "websocket","polling"] same result as before , only websocket happens
so last 2 options should be the correct one but testin with websocket disabler to see if it fallbacks to polling it doenst seem to be working
of course website works but you wont be able to write post etc
finally i checked this community and it seems it mixes polling and websocket like option 1, not sure why. @julianlam
if someone can make this test and test this plugin will be apreciated
https://addons.mozilla.org/en-US/firefox/addon/websocket-disabler/ -
@exodo That is the correct way it is supposed to work. The reasons are described here. https://github.com/socketio/socket.io-client/issues/883#issuecomment-160106858
In short, if the app only used websockets, there's a good chance many users would get disconnected, or see long wait times as the connection attempts to downgrade.
-
@yariplus said in Using CloudFlare with NodeBB:
@exodo That is the correct way it is supposed to work. The reasons are described here. https://github.com/socketio/socket.io-client/issues/883#issuecomment-160106858
In short, if the app only used websockets, there's a good chance many users would get disconnected, or see long wait times as the connection attempts to downgrade.
i understand but if upgrade way is the correct one why "only websocket" is accepted? test 2 and 3.
also only websocket is way faster -
@yariplus said in Using CloudFlare with NodeBB:
@exodo Hmm, I'm not sure. I just tried to duplicate your tests with the disabler, and for me,
['websocket', 'polling']
gracefully downgraded back to polling.wow that breaks my mind
do you have any special config on nginx or nodebb?
using cloudfare right? any setting there?