Small change: adding SSL to gallery, more subdomains on CDN

Forums › Geekzone › Small change: adding SSL to gallery, more subdomains on CDN

freitasm

BDFL - Memuneh
79308 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#107149 8-Aug-2012 08:31

A couple of small changes: we already force SSL for profile update page, private messages pages and login. I have extended this to image uploads and gallery as well, just in case you feel more comfortable if someone is not looking at the stream from your PC ;)

We have also changed our resources a bit, moving to our CDN provider (current MaxCDN) but soon to CloudFlare since they have a closer POP - if they can fix a problem with their DNS...

Using the CDN for resources will allow for less bandwidth utilisation - currently we have about 95% cache hit on the existing cdn.geekz1.com and hope to get similar levels in our other subdomains now on the CDN.

The closer MaxCDN is about 200ms away, while the closer CloudFlare POP is only 40ms away. This will eventually make things event faster - although we think New Zealand's transparent proxies as implemented by most large ISPS do a good job of being a "fake CDN".

1 | 2

20589 posts

Uber Geek

Trusted

Lifetime subscriber

#669424 8-Aug-2012 09:05

I'd be interested how you find CloudFlare. I considered moving my static resources to them a while back, but until their Australia data centre opened there was no significant enough benefit. Putting the static stuff closer could be an effective way to speed up my image heavy website and still take advantage of the cheap hosting in the US.

freitasm

BDFL - Memuneh
79308 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#669432 8-Aug-2012 09:12

CloudFlare works ok for freitasm.com, which is still served from the Geekzone server but completely proxied by them. Not using all the optimization features as we use Stingray Aptimizer.

We use Aptimizer on Geekzone, which is the tool that made it so easy to have a CDN deployment a few years back, but using CloudFlare's SYD POP instead of MaxCDN LAX POP for New Zealand users would be great.

Alas, CloudFlare has hit a small problem when creating our CNAMES - we moved our NS from Dyn.com to CloudFlare but when activating the CloudFlare CDN/proxy for our resources (for example images.geekzone.co.nz) it just wouldn't create the correct CNAME for their proxied POP. They are currently investigating it.

In the meantime we moved all sub-domain resources to MaxCDN - not that we have much traffic on those, since most of the optimized combined resources come from cdn.geekz1.com and only non-optimized pages would use those sub-domain resources. All SSL pages are served by our server because we would need to have SSL certs in the CDN and the cost would go up very rapidly. We currently have a wildcard SSL cert in our server, and that's already expensive anyway.

When the CloudFlare DNS issue is fixed we will switch. This is probably happening in the next couple of days. If the CloudFlare DNS issue is not fixed we will decide on keeping the NS with them or moving back to Dyn.com.

On another note, jobs.geekzone.co.nz is currently being served by Google Page Speed. Latency is not great as the Google PS service doesn't use any local cache, so we are looking at moving it to our standard setup when CloudFlare comes online.

timmmay

20589 posts

Uber Geek

Trusted

Lifetime subscriber

#669436 8-Aug-2012 09:25

Interesting, thanks. I think my setup would be a LOT simpler than yours, one subdomain for static resources, and my wordpress SEO plugin integrates with Cloudflare directly (my whole site is run by wordpress).

freitasm

BDFL - Memuneh
79308 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#669490 8-Aug-2012 10:32

I have now switched the resources CDN to CloudFlare - you won't see much of an impact, unless the page is not being served from the optimized pool (shouldn't happen).

I've moved http://jobs.geekzone.co.nz from Google Page Speed to CloudFlare as well.

freitasm

BDFL - Memuneh
79308 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#669559 8-Aug-2012 12:24

Moved live.geekzone.co.nz to CloudFlare. Needed to do a bit of coding around the visitor's original IP address and it seems to be working fine.

Kyanar

4089 posts

Uber Geek

ID Verified

Trusted

#669704 8-Aug-2012 16:37

Just keep watch over those stupid "anti-DoS" protections Cloudflare has. They are ridiculously poor at identifying real user traffic and constantly prompt legitimate users to be asked to solve CAPTCHAs to prove they are legitimate.

I don't think I've ever seen anyone say anything positive about Cloudflare (except "it's OK for a free product") to be honest.

freitasm

BDFL - Memuneh
79308 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#669708 8-Aug-2012 16:38

We still have the dyn.com and MaxCDN configurations and will change things if that becomes a problem - we are essentially running with security off, really using it as a CDN only.

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

mercutio

1392 posts

Uber Geek

#673545 17-Aug-2012 01:14

the site is going slower than it was. i don't get why you're moving the web site to cloudflare?

cloudflare in general is slow - and you're sending dynamic pages there?

curl -v http://www.geekzone.co.nz/ > /dev/null 0.00s user 0.02s system 2% cpu 0.789 total

I tested that a while back - and it was around 350 to 380.

also for some reason now the dns ttl is insanely low - like 30 seconds?!

freitasm

BDFL - Memuneh
79308 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#673560 17-Aug-2012 08:00

mercutio: the site is going slower than it was.

Not from our sensors.

mercutio: i don't get why you're moving the web site to cloudflare?

We have reasons.

mercutio: cloudflare in general is slow - and you're sending dynamic pages there?

We have reasons.

At the bottom of every page you will see a comment with the time it took to create the page before sending it out.

mercutio: also for some reason now the dns ttl is insanely low - like 30 seconds?!

We have reasons.

You should be getting resources (cdn.geekz1.com and *.geekzone.co.nz) from Australia. From my desktop I'm getting 40ms latency.

This move means www.geekzone.co.nz is gone from 30ms to 40ms, while *.geekzone.co.nz and cdn.geekz1.com have gone down from 240ms to 40ms.

If you are not seeing this, then you have something in your network.

Noodles

487 posts

Ultimate Geek

#673629 17-Aug-2012 10:48

Once they fix the ipv6 on their SYD PoP then ipv6 will be faster too, but at the moment it's ~160ms for me.

Noodles

487 posts

Ultimate Geek

#673630 17-Aug-2012 10:50

freitasm: Are you using the paid version of Cloudflare? Have you tried out railgun/SPDY on www.geekzone.co.nz?

freitasm

BDFL - Memuneh
79308 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#673644 17-Aug-2012 11:45

Yes, it is paid. No SPDY because we only support SSL in some pages, not all. Railgun requires an appliance that will do the communication between our servers and theirs - not the case for it yet.

freitasm

BDFL - Memuneh
79308 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#676336 24-Aug-2012 10:57

Since we enabled SSL to our CDN and moved the domain to CloudFlare to take advantage of its new SYD POP I have now enabled SPDY on geekzone.co.nz... This is obviously only available in our SSL-enabled pages at the moment, but it's there.

freitasm

BDFL - Memuneh
79308 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#676386 24-Aug-2012 12:48

mercutio: the site is going slower than it was. i don't get why you're moving the web site to cloudflare?

curl -v http://www.geekzone.co.nz/ > /dev/null 0.00s user 0.02s system 2% cpu 0.789 total

Unrelated to SSL but I have just made a very small change that will speed up the frontpage and the forum discussion pages...

timmmay

20589 posts

Uber Geek

Trusted

Lifetime subscriber

#701489 15-Oct-2012 14:25

I'm curious to hear how the CloudFlare CDN's working out for you. Reliability, uptime and downtime, any other thoughts or observations.

1 | 2