I don't want to have sensitive information (api key, etc.) in wrangler.toml, so I am running a shell

I don't want to have sensitive information (api key, etc.) in wrangler.toml, so I am running a shell in the build command that dynamically creates wrangler.toml from the build variables and runs wrangler deploy using that wrangler.toml.

How does everyone protect their sensitive information?

Sshun I don't want to have sensitive information (api key, etc.) in wrangler.toml, so ...

Hello, I’m Allie!•10/15/24, 2:50 AM

You shouldn’t be putting sensitive info in your wrangler.toml. Secrets can be deployed separately

HHello, I’m Allie!You shouldn’t be putting sensitive info in your wrangler.toml. Secrets can be de...

shunOP•10/15/24, 2:54 AM

Thank you very much! Yes, I know. So I have created wrangler.toml.template and run the build command to generate the wrangler.toml file shell with the build variables.
You can also refer to the values registered in github actions secrets in the secrets property of github actions, but I think it will be difficult to manage if you register PRD_API_KEY, STG_API_KEY, etc. for each environment. So I have Cloudflare Workers (PRD, STG, E2E, Test, etc...) created for each environment. I register environment variables in the build variables of What do you think about this solution?

Sshun Thank you very much! Yes, I know. So I have created wrangler.toml.template and r...

Hello, I’m Allie!•10/15/24, 3:31 AM

Did you do a wrangler secret putwrangler secret put for the deploy?

HHello, I’m Allie!Did you do a `wrangler secret put` for the deploy?

shunOP•10/15/24, 4:38 AM

OH, I didn't know there was such a practice! I will try it!

B1397KB•10/15/24, 6:23 AM

Hello everyone, how do you handle the long TCP SSL handshake when the worker is performing a fetch operation?

B1397KB•10/15/24, 6:24 AM

Is there any way to reduce the handshake time? In the worker's fetch

B1397KB•10/15/24, 6:25 AM

BASIS-64 Computer•10/15/24, 6:59 AM

will i get charged if cloudflare workers free plans reached the limit (100000 requests/day) ?

Brett Willis•10/15/24, 7:37 AM

We have an API which ingests images from the user and stores them in an R2 bucket. One part of that API which is hard to implement on the Workers platform is image transformation and validation. Use-cases such as

transforming the image on ingest to compress and shrink to a certain max resolution
validating image dimensions (must be 128x128px for example)
Does anyone have any experience or recommendations with these use-cases?
We used sharpsharp which cannot run on Workers. Perhaps could use jimpjimp but it's probably costly on CPU and Workers have limited memory. Cloudflare Images seems to be more about serving images with transformations, rather than transforming/validating on ingest via a worker (would prefer to store a single minified image in R2)?

0x146231489231923•10/15/24, 7:44 AM

how do yall do logging?

0x146231489231923•10/15/24, 7:44 AM

in cloudflare worker

BBASIS-64 Computer will i get charged if cloudflare workers free plans reached the limit (100000 re...

D Trombett•10/15/24, 7:51 AM

If you didn't upgrade to a paid plan no, further requests will simply fail

masd4•10/15/24, 9:43 AM

Hi, the feature matrix for "workers vs. pages" says that middleware isn't supported and to use service bindings. But how does that help to secure a *.workers.dev Url? That's an url I don't control, but I still want basic auth for those...

Walshy•10/15/24, 9:45 AM

We recommend disabling workers.dev or putting Access on it

masd4•10/15/24, 9:46 AM

I'm trying to achieve that somehow but the options seem very limited because "Workers which have static assets cannot be routed on a URL which has a path component".. so essentially I would need an entire custom domain just to have my worker for assets available anywhere. Half the problem might be that Cloudflare Access is probably overkill even if I do get access for that on the company account

PPato hey! does anyone knows why when testing a service worker in localhost gives me t...

Ashley•10/15/24, 10:55 AM

Your Wrangler version is very out of date - I had a similar problem, I think even now local service bindings are experimental - but I’d try updating to the latest version of Wrangler as a first step

Original message was deleted

Hello, I’m Allie!•10/15/24, 1:36 PM

Using a Router?

Original message was deleted

Hello, I’m Allie!•10/15/24, 1:37 PM

Any router

Hello, I’m Allie!•10/15/24, 1:37 PM

At least I know Hono and Itty could do that

Aster•10/15/24, 2:05 PM

Hey!

I am looking to expose prometheus metrics out of my workers.

What could be the best way for this?

have DO that stores the metrics. And expose the metrics on another /metrics worker
use analytics engine to store the metrics, and expose them on another /metrics worker
build recorded queries on top of logs with something like Loki?

What would you suggest

Aster•10/15/24, 2:08 PM

Basically I want to end up with otel metrics like:
http_server_duration_count{worker="my-worker", http_status_code=~"2.."}http_server_duration_count{worker="my-worker", http_status_code=~"2.."}

Walshy•10/15/24, 2:13 PM

i love Analytics Engine, prefer that over doing Prometheus in a DO

Walshy•10/15/24, 2:13 PM

but you can hack promjs to run in a DO and serve - others have done this before

Aster•10/15/24, 2:14 PM

Why would you prefer AE over Prom in a DO?

Aster•10/15/24, 2:15 PM

and I guess Prom in a DO means saving the state of a counter in the DO

0x146231489231923•10/15/24, 2:22 PM

how you all do logging for production debugging in worker?

0x146231489231923•10/15/24, 2:22 PM

the free plan doesnt do much

ac•10/15/24, 2:31 PM

Is there an issue with worker CI/CD builds? This happened yesterday and it's happening to me again, but all of my workers build statuses are just "Queued" even though there are no builds running.

ac•10/15/24, 2:43 PM

^ I believe I've found a bug with Workers CI/CD, what's the best place to report that? (I was able to reproduce the issue, and it seems related to my setup and how Workers CI is triggered)

Constantin•10/15/24, 2:56 PM

can anyone please advice related to custom domains. I'm trying to create a sass king of app.

I managed to create tenant wildcard subdomains by using pages and a custom proxy worker.

eg. https://ionica.app.greatoutdoors.live/

I added the custom domain on my side
tenant added CNAME servicii.cmnstmntm.com -> ionica.app.greatoutdoors.live

however, the request to https://servicii.cmnstmntmn.com/ is timing out. this is the traceroute

Constantin•10/15/24, 2:57 PM

is this even possible with my plan? i assumed it is since i could add the custom domain

CConstantin can anyone please advice related to custom domains. I'm trying to create a sass ...

Chaika•10/15/24, 3:02 PM

Do you have a wildcard catch-all route? https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/start/advanced-settings/worker-as-origin/.
Unproxied CF For SaaS hostnames come through as the actual hostname, ex it's looking for a worker route matching servicii.cmnstmntmn.comservicii.cmnstmntmn.com and Worker Custom Domains just won't work
Be careful not to break your existing subdomains/domain with that. I usually recommend people get a separate domain just for customer custom domains to avoid issues with that and the fact that all custom hostnames inherit your zone's configuration (waf rules, config rules, network settings, etc), so better to eliminate the possibility of non-intentionally changing settings for them/more flexibility with your custom domains

Cloudflare Docs

Workers as your fallback origin | Cloudflare for Platforms docs

Learn how to use a Worker as the fallback origin for your SaaS zone.

Constantin•10/15/24, 3:08 PM

yes, the worker has a pattern like this

Constantin•10/15/24, 3:14 PM

so i need a worker that handles the origin specifically

Constantin•10/15/24, 3:15 PM

thanks @Chaika i'll give it a try

CConstantin yes, the worker has a pattern like this

Chaika•10/15/24, 3:24 PM

no that's not a wildcard catch-all (well, not as wide as CF For SaaS needs)

Chaika•10/15/24, 3:24 PM

*/**/* is a wildcard catch-all

Chaika•10/15/24, 3:24 PM

sounds like you might have figured out the rest but yea, you need an actual full wildcard

Alexander Hupfer•10/15/24, 3:48 PM

Hi, I have a worker that somehow can't connect to a D1 datbase using Prisma, but it works locally. What would be you recommendation on debugging this? I just see "Internal Server Error"

Ricky U•10/15/24, 5:01 PM

Does Workers now support native Mongodb driver?
https://blog.cloudflare.com/more-npm-packages-on-cloudflare-workers-combining-polyfills-and-native-code/

Constantin•10/15/24, 5:21 PM

@Chaika you're a genius! thank you

timousy•10/15/24, 6:05 PM

Hello everyone
I have a static maintenance mode html page that is stored in Worker KV, which is only displayed to users whose ip address is not in the whitelist. I'm trying to replace some text in my html file stored in Worker KV with Worker
Here is a part from my html file

<section>
<h2>Your IP Address: <span id="user-ip">Loading...</span></h2>
</section>

I want to replace the word “Loading...” with the ip address of my user

timousy•10/15/24, 6:05 PM

Here's a script example from my Worker where I'm trying to replace

async function handleFetch(event) {
let ip = event.request.headers.get('cf-connecting-ip');
let customersIPsRangesJson = await $(cloudflare_kv_name).get('$(employee_ip_range_key)', 'json') || [];

const isIPInRange = customersIPsRangesJson.some(range => {
return range && range.includes('-') && checkIPInRange(ip, range);
});

if (isIPInRange) {
return fetch(event.request);
} else {
return handleEvent(event, ip);
}
}

class TextRewriter {
constructor(newText) {
this.newText = newText;
}

element(element) {
const newContent = <span id="user-ip">${this.newText}</span>;
element.replace(newContent, { html: true });
}
}

async function handleEvent(event, ip) {
try {
if (DEBUG) {
// customize caching
options.cacheControl = {
bypassCache: true,
};
}

const page = await getAssetFromKV(event, options);
const response = new Response(page.body, page);

// allow headers to be altered
response.headers.set("X-XSS-Protection", "1; mode=block");
response.headers.set("X-Content-Type-Options", "nosniff");
response.headers.set("X-Frame-Options", "DENY");
response.headers.set("Referrer-Policy", "unsafe-url");
response.headers.set("Feature-Policy", "none");

// Using HTMLRewriter to insert the IP address
const rewriter = new HTMLRewriter()
.on('span#user-ip', new TextRewriter(ip));

return rewriter.transform(response);
}

timousy•10/15/24, 6:05 PM

As you can see, I'm trying to get the ip from the > async function handleFetch(event) using the command let ip = event.request.headers.get('cf-connecting-ip');

Unfortunately, I cannot replace the word “Loading...” with the ip address, maybe you can help me with this, I will be very grateful

PS. I apologize in advance for any discrepancies in my explanations, I'm actually still quite new to Cloudflare Workers, and JS in general)

Constantin•10/15/24, 6:09 PM

@Chaika but now if i try to redirect to a different worker address, is giving the same timeout