Using CloudFlare with NodeBB


  • GNU/Linux Admin

    @vstoykov Hm, that is quite interesting, so you need to manually set cookieDomain to .example.com with the leading period for it to work? I was always under the impression that it was optional...



  • Fyi I simply replaced

    proxy_set_header X-Forwarded-Proto $scheme;
    

    by

    proxy_set_header X-Forwarded-Proto https;
    

    in my Nginx config, to make my NodeBB work with CloudFlare, since I am using their automatic SSL certificate (my server receives HTTP requests then, not HTTPS).

    Hope this helps 🙂



  • So based on what I'm reading and after trying every combination of settings I can find, it seems like not using cloudflare ( at least the free plan). But given that there are people that will DDoS a site "just cause" is there a way to force the downgrade ?

    I'd like to add that even after disabling cloudflare I still seem to be having socket io issues.

    "GET /socket.io/?EIO=3&transport=polling&t=LlpXxXp HTTP/1.1" 400 23



  • @wolfman2g1 honestly CloudFlare is pretty senseless regarding DDoS protection. With a proper host the chance of a DDoS is close to 0. I am running a top 100K Alexa site without CloudFlare protection (just DNS for faster resolving) and never ran into any issues in the past 4 years.



  • @AOKP
    I think I'm fine with not using cloudflare. At the moment I'm just trying to get the site stable. I'm still getting disconnects even without using Cloudflare.


  • Swedes

    Seams to work great with cloudflare for me 🙂 I like the ssl support and DNS gui. But i guess I would not die without it 😛



  • @Jenkler Are you using ssl between your server and cloud flare?


  • Swedes

    Yes I do 😉 check out nodebb.se for usecase! Plz notify me if something seams broken! I am using Cloudflares own certs.



  • @Jenkler looks great man. I'm still trying to understand why I'm getting 400 errors for socket io.


  • Swedes

    I guess you have som configuration issues in nginx!

    Here is my config! Maybe this will help you 😉

    Server block

            server
            {
                    listen 443 ssl;
                    location @nodebb
                    {
                            proxy_pass http://www-nodebb-se:4567;
                    }
                    location ~ ^\/assets\/(.*)
                    {
                            root /server/nodejs/nodebb.se/www/;
                            try_files /build/public/$1 /public/$1 @nodebb;
                    }
                    location /plugins/
                    {
                            root /server/nodejs/nodebb.se/www/build/public/;
                            try_files $uri @nodebb;
                    }
                    location /
                    {
                            proxy_pass http://www-nodebb-se:4567;
                    }
                    proxy_http_version 1.1;
                    proxy_redirect off;
                    proxy_set_header Connection "upgrade";
                    proxy_set_header Host $http_host;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header X-Forwarded-Proto $scheme;
                    proxy_set_header X-NginX-Proxy true;
                    proxy_set_header X-Real-IP $remote_addr;
    
                    server_name nodebb.se www.nodebb.se;
                    ssl_certificate /server/nginx/ssl/nodebb.se.crt;
                    ssl_certificate_key /server/nginx/ssl/nodebb.se.key;
    
                    if ($host != 'www.nodebb.se')
                    {
                            rewrite ^/(.*)$ https://www.nodebb.se/$1 permanent;
                    }
            }
    
    

    Global block

          ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
            ssl_prefer_server_ciphers on;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_session_cache shared:SSL:10m;
            ssl_session_timeout 10m;
    

    BTW, if someone know any tweeks please advice 😛 And plz explain why!



Suggested Topics

| |