Cloudflare Developers•15mo ago

For D1 generation errors see also -> https://discord.com/channels/595317990191398933/789155108529111

For D1 generation errors see also -> pages-discussions

Ffry69 For D1 generation errors see also -> https://discord.com/channels/59531799019139...

fry69OP•10/22/24, 10:57 PM

Fixed -> pages-discussions

justaname•10/23/24, 12:53 AM

When is it cloudflare time to build a nuclear power plant
https://www.nytimes.com/2024/10/16/business/energy-environment/amazon-google-microsoft-nuclear-energy.html#

The New York TimesBy Ivan Penn and Karen Weise

Hungry for Energy, Amazon, Google and Microsoft Turn to Nuclear Power

Large technology companies are investing billions of dollars in nuclear energy as an emissions-free source of electricity for artificial intelligence and other businesses.

inaya•10/23/24, 1:32 AM

Diogo Ferreira•10/23/24, 3:50 PM

Hello!!

thomasgauvin•10/23/24, 6:59 PM

Does anyone have a solution for setting up a devserver using Hono with client components? All I can find is https://github.com/Luzefiru/hono-react-tailwind

GitHub

GitHub - Luzefiru/hono-react-tailwind: A proof of concept project t...

A proof of concept project to use Hono & TailwindCSS to build a React SPA to be deployed on Cloudflare Pages. - Luzefiru/hono-react-tailwind

OlAMlO•10/23/24, 7:40 PM

does anyone know the correct field name for Destination IPDestination IP / http.dst.iphttp.dst.ip?

Getting an unknown field name in Terraform

https://developers.cloudflare.com/cloudflare-one/policies/gateway/http-policies/#destination-ip

Cloudflare Docs

HTTP policies | Cloudflare Zero Trust docs

HTTP policies allow you to intercept all HTTP and HTTPS requests and either block, allow, or override specific elements such as websites, IP addresses, and file types. HTTP policies operate on Layer 7 for all TCP (and optionally UDP) traffic sent over ports 80 and 443.

paul•10/23/24, 8:06 PM

hi i'm paul. I just purchased a domain through cloudflare. Does it come with a custom email address? I tried the routing page but it isn't working. When I test it I receive an email from postmaster.

Ppaul hi i'm paul. I just purchased a domain through cloudflare. Does it come with a c...

David Wang•10/23/24, 8:43 PM

As far as I know, it doesn't come with a full-blown email service, just email forwarding.

Walshy•10/23/24, 9:02 PM

Have you done a reload?

Walshy•10/23/24, 9:02 PM

If so, can you submit with like "FloppyDisk report"

Original message was deleted

Chaika•10/23/24, 9:18 PM

it's just that tab for me. Are you getting it anywhere else?

Uncle Ruffles•10/23/24, 9:24 PM

Helloooo

Uncle Ruffles•10/23/24, 9:24 PM

Kind of weird stuff going on with me. I have a site, have the SSL by Let's Encrypt. Checked Full/Strict modes, and every other SSL mode. My SSL Certs are all empty. Nothing inside any of them and CF just says that I need to buy an Advanced Cert... what? Since when?

David Wang•10/23/24, 10:21 PM

Can you force a renewal of certs with letsencrypt?

DDavid Wang Can you force a renewal of certs with letsencrypt?

lucidplot•10/23/24, 10:27 PM

certbot renewcertbot renew https://eff-certbot.readthedocs.io/en/stable/using.html#renewing-certificates

David Wang•10/23/24, 10:27 PM

Ty. I figured they would already know how or at least be able to look it up

fry69OP•10/23/24, 10:33 PM

You only need to get your own certificates via Let's Encrypt/cerbot when you bypass the Cloudflare proxy, which degrades Cloudflare to basically a simple DNS zone manager.

David Wang•10/23/24, 10:40 PM

Well it's either LE cert or installing CF cert, no?

David Wang•10/23/24, 10:40 PM

If you turn on proxy and set ssl to full you still need a cert on the origin

fry69OP•10/23/24, 10:43 PM

Yes, but why use LE when you can use a 15 year lifetime cert generated from Cloudflare that even comes with its own CA, so your server can authenticate the connection via client auth and deny any other attempt to communicate with the raw webserver? ("Authenticated Origin Pulls")

David Wang•10/23/24, 10:46 PM

Arguably certbot is easier to use for beginners. Plus i'm lazy to move over

fry69OP•10/23/24, 10:46 PM

Of course you should block the raw HTTP ports anyway when behind the Cloudflare proxy, e.g. with ->

for cfip in `curl -sw '\n' https://www.cloudflare.com/ips-v{4,6}`; do ufw allow from $cfip to any port 443 comment 'Cloudflare IP'; done

for cfip in `curl -sw '\n' https://www.cloudflare.com/ips-v{4,6}`; do ufw allow from $cfip to any port 443 comment 'Cloudflare IP'; done

David Wang•10/23/24, 10:47 PM

Where does that go?

David Wang•10/23/24, 10:47 PM

Oh. Ran as a bash script?

fry69OP•10/23/24, 10:48 PM

Sets up the ufwufw firewall to allow only Cloudflare IPs to the local HTTPS port

David Wang•10/23/24, 10:49 PM

I'm gonna need to modify that for iptables

fry69OP•10/23/24, 10:50 PM

Generating the certs and installing them is pretty easy IMHO, as easy as setting up LE certs with nginx and you do not have to run certbot ever.

David Wang•10/23/24, 10:50 PM

Still need to be done manually, no?

DDavid Wang I'm gonna need to modify that for iptables

fry69OP•10/23/24, 10:50 PM

ufwufw is a simple frontend for iptables, very common.

David Wang•10/23/24, 10:50 PM

Also i have a a reverse proxy container on 3 VPSs that handles LE certs automatically, so that's actually easier

Ffry69 `ufw` is a simple frontend for iptables, very common.

David Wang•10/23/24, 10:51 PM

But not universal, which is my point. I don't think any of my VPSs have it installed

DDavid Wang But not universal, which is my point. I don't think any of my VPSs have it insta...

fry69OP•10/23/24, 10:51 PM

Any debian/ubuntu box should have ufwufw installed IMHO

David Wang•10/23/24, 10:51 PM

Eh. Unnecessary overhead to me

fry69OP•10/23/24, 10:53 PM

Well Cloudflare is also "unnecessary", but makes life so much easier.

David Wang•10/23/24, 10:53 PM

People would disagree with the WAF rules and ddos protection

DDavid Wang People would disagree with the WAF rules and ddos protection

fry69OP•10/23/24, 10:56 PM

Unnecessary overhead when you just want raw performance, like writing your own iptables scripts

David Wang•10/23/24, 10:57 PM

Um. No. Cf handling the firewall and ddos protection takes the overhead off the server

David Wang•10/23/24, 10:57 PM

Although i heard proxying adds time to the request cycle. Is that right?

DDavid Wang Um. No. Cf handling the firewall and ddos protection takes the overhead off the ...

fry69OP•10/23/24, 11:00 PM

As long as you have an origin server which serves stuff you need to administrate that, e.g. with tools that are available there. I can only recommend to a have a look at ufwufw, it is pretty simple and very useful for these tasks. Also helps avoiding yourself shooting in the foot, aka locking yourself out by accident.

David Wang•10/23/24, 11:01 PM

So far my foot is free of bullet holes

David Wang•10/23/24, 11:01 PM

I've heard of ufw but i don't see the need for it

DDavid Wang Although i heard proxying adds time to the request cycle. Is that right?

fry69OP•10/23/24, 11:02 PM

Of course a proxy adds latency and processing time when the request needs to get forwarded to the origin server, but if static content can get cached by the proxy, it reduces this overhead, so it should be in almost all cases advantageous.

David Wang•10/23/24, 11:02 PM

Having CF proxy on doesn't automatically mean caching is on, does it?

DDavid Wang Having CF proxy on doesn't automatically mean caching is on, does it?

fry69OP•10/23/24, 11:04 PM

If your origin server sends content with correct cache flags, I'd be surprised if the CF proxy would not cache those

fry69OP•10/23/24, 11:05 PM

You can turn the cache off in a "development mode"

fry69OP•10/23/24, 11:08 PM

Looks like 4h cache time is default for a standard proxy setup

David Wang•10/23/24, 11:10 PM

Hm. Ok

David Wang•10/23/24, 11:10 PM

I'll have to look into that

RyanKnack•10/23/24, 11:58 PM

This is a full documentation of CF's default caching behavior.

This is useful cuz if you need specialized caching behavior, this can tell you where to look and what to cache if you need it in your use case

https://developers.cloudflare.com/cache/concepts/default-cache-behavior/

Cloudflare Docs

Default cache behavior | Cloudflare Cache (CDN) docs

Cloudflare respects the origin web server’s cache headers in the following order unless an Edge Cache TTL cache rule overrides the headers. Refer to the Edge TTL section for details on default TTL behavior.

For D1 generation errors see also -> https://discord.com/channels/595317990191398933/789155108529111

Similar Threads

Similar Threads

Similar Threads