Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 


BDFL
49736 posts

Uber Geek
+1 received by user: 4521

Administrator
Trusted
Geekzone
Subscriber

  Reply # 701502 15-Oct-2012 14:39 Send private message

Good questions...

We are now using Cloudflare Pro. The reason for that is because we wanted to provide SSL connections to CDN resources. Some of our pages are served over SSL (profile management, private messages, registration and login). With Clouddlare Pro we can continue to serve this with *.geekzone.co.nz without much fuss - none at all.

Latency from the nearest POP (Sydney) seems good. A couple of Page Rules were created to make sure our Riverbed Aptimizer resources were cached properly, otherwise they would be requesting every resource from our origin server instead of serving from the cache.

Uptime is very good, never had a problem with that.

DNS settings had a small glitch when we added our IPv6 address, causing some of the domains to point to the wrong place. This was solved by removing our IPv6 address from their DNS, and using their own automated IPv6. Not sure if this was fixed, no need for us to test again.

There's a small problem with SSL connections and Chrome. Basically we wanted www.geekzone.co.nz to go through Cloudflare to take advantage of the web application firewall, DDoS protection, spam protection, etc. But Chrome users were seeing a high number of "Too Many Redirects" errors.

What we do here is that if a page *IS NOT* to be served over SSL then we do a 301 redirect to the non-SSL version. This is followed by the browser with a new request to the URL provided.

What I've seen is that Cloudflare was requesting HTTPS resources even while the browser was requesting a HTTP resource. When using Cloudflare we only see the requests coming from their datacentre, not from the browser. So we don't know what the browser is requesting, so we obviously would issue the 301 to tell the client to ask for non-HTTPS. The browser would ask for the HTTP and again Cloudflare would request HTTPS insteand. After a few of these, Chrome wouls say "enough" and through the "Too Many Redirect" errors.

I confirmed this was the case because I saw it happening to myself, and immediately looked at the logs for the unique session id and other cookies we use. I requested a page only I have access to and I could clearly see the log entries with the requests coming in via HTTPS when I only ever requested HTTP.

I have spent a few weeks explaining the problem, supplying log entries and examples from end users.

Their first responses was that it was a configuration problem on my side - suggested that we didn't have a SSL cert (which we do, a wildcard one), suggested we were not redirecting correctly (we are, the problem doesn't happen when serving from our server), suggested it as a SPDY problem (it is not, as we turned it off in the Cloudflare configuration for a couple of weeks and the problem still happened), even suggested our server wasn't coping with load (it is, we monitor it very closely).

At the end I just bypassed the www domain and now serving it directly from our origin server. This means we are using Cloudflare only as a CDN. We had to do this because Chrome is responsible for 35% of our traffic at the moment. It's huge for us.

After much discussion I was told by their support that this is a Chrome problem, which will be default request HTTPS if a domain has previously served HTTPS. I couldn't find any documented bug on this, and certainly have not seen this happening when serving directly from our servers.

I suspect the Cloudflare proxy is injecting HTTPS somewhere by mistake but can't do much since it seems there's not much interest in having this fixed - it's a "Chrome problem".

So, there it is. Mixed results. Very good CDN, including uptime, good DNS tools, good management pages, good pricing, but still not quite happy with their support.




6811 posts

Uber Geek
+1 received by user: 457

Trusted
Subscriber

  Reply # 701505 15-Oct-2012 14:45 Send private message

Sounds like a bit of a mixed bag, but with https causing most of the problems. Good to know, thanks, I'm going to look at using it to accelerate one of my websites.




Asus eee pad transformer
iPod 2G
Windows 7 PC
Lots and lots of Nikon camera gear

1078 posts

Uber Geek
+1 received by user: 45


  Reply # 701506 15-Oct-2012 14:46 Send private message

fwiw i found the web site sped up a bit a while ago.

curl -v http://www.geekzone.co.nz/ > /dev/null 0.00s user 0.02s system 4% cpu 0.379 total

And the main page html loads about twice as fast as before.



BDFL
49736 posts

Uber Geek
+1 received by user: 4521

Administrator
Trusted
Geekzone
Subscriber

  Reply # 701509 15-Oct-2012 14:50 Send private message

mercutio: fwiw i found the web site sped up a bit a while ago.

curl -v http://www.geekzone.co.nz/ > /dev/null 0.00s user 0.02s system 4% cpu 0.379 total

And the main page html loads about twice as fast as before.


www.geekzone.co.nz doesn't currently go through Cloudflare (for the reasons I explained above), which means that "curl" of yours is not being impacted/improved by it. 

Remember we increased RAM in our servers by 150% a couple of weeks back which allowed us to tweak our SQL DBs even more, and increase the number of HTTP workers all around.





1078 posts

Uber Geek
+1 received by user: 45


  Reply # 701511 15-Oct-2012 14:53 Send private message

freitasm:
mercutio: fwiw i found the web site sped up a bit a while ago.

curl -v http://www.geekzone.co.nz/ > /dev/null 0.00s user 0.02s system 4% cpu 0.379 total

And the main page html loads about twice as fast as before.


www.geekzone.co.nz doesn't currently go through Cloudflare (for the reasons I explained above), which means that "curl" of yours is not being impacted by it.?

Remember we increased RAM in our servers by 150% a couple of weeks back which allowed us to tweak our SQL DBs even more, and increase the number of HTTP workers all around.



Ok, well subjectively it seems to feel faster, and more to the point less often does it feel slow. I don't remember feeling slow at all recently, even.

Curiously I tried --compressed, which seems to give widely varying curl times, so maybe not enough workers for compression?



BDFL
49736 posts

Uber Geek
+1 received by user: 4521

Administrator
Trusted
Geekzone
Subscriber

  Reply # 701512 15-Oct-2012 14:53 Send private message

That's good to know :)

We could have 40 servers like Wheedle - that would be a disaster.





1078 posts

Uber Geek
+1 received by user: 45


  Reply # 701513 15-Oct-2012 14:56 Send private message

freitasm: That's good to know :)

We could have 40 servers like Wheedle - that would be a disaster.



Or just an ultrasparc t4 :)


Baby Get Shaky!
1049 posts

Uber Geek
+1 received by user: 132

Subscriber

  Reply # 704237 21-Oct-2012 10:05 Send private message

Excuse the short post, I'm on the clock. Just tried logging in to GZ from work, IE7 locked down going through cfauth proxy. Used to work fine few weeks ago when last checked, now I get presented with a network error "Your request contacted a host which presented a certificate signed by an untrusted issuer". Looking in Certs it shows a cert issued to ssl2529.cloudflare.com but shows this as issued by our corporate Root CA. Nothing has changed on the network (machines are locked down and rarely changed) although this Is my first log in on this particular machine. Is this an issue with the cloudflare ssl migration? Before anyone asks no chance of upgrading from IE7, large organisation where change takes a long time!

Freitasm happy to send any further info that I can provide via PM. Not an urgent issue, more curiosity. Thanks

gzt

4504 posts

Uber Geek
+1 received by user: 223

Subscriber

  Reply # 704242 21-Oct-2012 10:19 Send private message

IE7. Are you on Windows XP? If yes, maybe your machine/network does not have the latest root certificates update installed.



BDFL
49736 posts

Uber Geek
+1 received by user: 4521

Administrator
Trusted
Geekzone
Subscriber

  Reply # 704243 21-Oct-2012 10:21 Send private message

Either what gzt said or the proxy is not trusting the certificate. Either way nothing much we can do.





Baby Get Shaky!
1049 posts

Uber Geek
+1 received by user: 132

Subscriber

  Reply # 704370 21-Oct-2012 17:47 Send private message

Correct GZT, good old Windows XP. Up until a few weeks ago when I last tried it worked flawlessly, on both my main work station and the auxiliary attached, today was the first time I tried accessing since the CF migration though. I'll chalk it up to an issue with the proxy and the certificate. Bit frustrating to get these problems in an organisation with over 10,000 employees! Thanks



BDFL
49736 posts

Uber Geek
+1 received by user: 4521

Administrator
Trusted
Geekzone
Subscriber

  Reply # 704379 21-Oct-2012 18:11 Send private message

We have been using CF for about six weeks now, on and off due to the redirect problem, which now seems solved.




1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Windows 10 announced, as well as developer preview
Created by macuser, last reply by Regs on 1-Oct-2014 22:24 (48 replies)
Pages... 2 3 4


Moment of Truth?
Created by BarTender, last reply by JimmyC on 29-Sep-2014 09:16 (441 replies)
Pages... 28 29 30


Can i have 2 ISP's at home?
Created by ReckITT, last reply by Lazarui on 30-Sep-2014 18:15 (49 replies)
Pages... 2 3 4


Why is your nickname what it is, what are the origins of it?
Created by Presso, last reply by hsvhel on 1-Oct-2014 11:52 (89 replies)
Pages... 4 5 6


What time will the Apple Store online be selling the iPhone 6?
Created by scotiwis, last reply by thewanderingv on 1-Oct-2014 22:49 (110 replies)
Pages... 6 7 8


iPhone 6 From Spark - Order Dates and Pricing?
Created by Otagolad, last reply by mahdibassam on 1-Oct-2014 17:03 (348 replies)
Pages... 22 23 24


Easiest way to have iPhone warranty service
Created by JoshWright, last reply by nitrotech on 30-Sep-2014 21:37 (15 replies)

Passwords and pesky teenagers
Created by martyyn, last reply by raytaylor on 1-Oct-2014 23:34 (27 replies)
Pages... 2



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.