Removing cloudflare from the VPS

diana_coman‘s comment about removing cloudflare’s service from my VPS made me realise: I went ahead (on autopilot??) in setting up Cloudflare for my VPS considering no logical basis.

As mentioned in this blog article, cloudflare.com acts as a ‘reverse proxy server’ for websites. Using cloudflare is by no means compulsory or critical for general purpose websites. UltimateByte‘s comment on said blog article provides some extra insight regarding the wide spectrum of opinions. Cloudflare also offer a CDN (Content Distribution Network), paired with their reverse proxy.

Worth noting that Cloudflare offer the above for free, including the ‘promise’ of providing secure SSL connections to the website. It would appear there are no downsides, and in fact only up sides to signing up for Cloudflare.

[2019-07-24 Wed] – As diana_coman pointed out: “eh, so “for free” my foot; basically there’s nothing for free and if you don’t know who pays, it’s probably you being sold.”

As I recall, my original intention was to convey that it is very tempting to sign up for Cloudflare after a superficial reading, and that they make it easier by not charging money for it. That is no excuse to sign up though… you can’t, for example, murder a person just because there is an easy opportunity to do so and you feel like it. The question that is more interesting is, what benefits do Cloudflare gain by offering their basic service ‘free of charge’?

Proxy server:

Cloudflare’s own documentation provides an introduction to proxies. A proxy server can be of the ‘forward’ or ‘reverse’ type.

A ‘forward’ proxy sits in front of a client (web browser). A ‘middle-man’ so to say between a web browser (client) pointed to your website, and the web server itself. However, in this case all the client requests are set pass through the forward proxy.

There are several uses for a forward proxy, including accessing restricted content and maintaining privacy and so on. None of which are currently applicable to my VPS.

[2019-07-23 Tue] Well privacy is obviously important. I think I’ve overlooked the importance of an encrypted connection between my computers and the server. I’m sure there are other factors.

A reverse proxy sits in front an ‘origin server’ or my webserver and this essentially means that all traffic to my little website / server can (or rather will) be monitored by Cloudflare.

There are many advantages to using a reverse proxy. Protection from attacks, load balancing, content caching and so on. Proxy servers can also be used to take some load off the web server by performing SSL encryption. None of which I require now.

[2019-07-23 Tue] I’m only saying I do not require it now. It would be interesting to monitor the resources consumed by serving wordpress. Incidentally, I saw an error today on btcbase.org which indicated that it is also run on Nginx.

CDN

a method to get servers geographically closer to the user and reduce latency. This is an ‘edge optimisation’ strategy, i.e one that is not related to the website’s design itself.

However, general indications are that CDN’s in general can cause random speed fluctuations, irrespective of your server load.

A strategy that is more reliable and also technically correct to ensure speedy loading of the website is ‘origin optimisation’, i.e designing the website to become inherently faster, rather than rely on external ‘band-aids’.

SSL

Cloudflare’s free SSL certificate apparently encrypts only the connection between the client and cloudflare, and not between cloudflare and the web server.

How does HTTPS tie into this? Let’s Encrypt, a free and open certificate authority has documentation that explains: “a certificate from a certificate authority is required to enable HTTPS on a website.” The deployment varies depending on whether SSH access to the web server is available or not.

Intermediate conclusion:

For now – it appears clear that Cloudflare, CDN and reverse proxies are more relevant for high traffic, high availability type servers and websites. Overall – it is better to build things up from simple, known blocks which can be controlled. All that glitters is not gold.

Forward steps: [1/2]

  • [X] Remove the cloufdlare redirection, and focus on a basic web server based on wordpress, and then optimise when required.
  • [ ] Enabling HTTPS is on my TODO list (but why is it needed exactly?). I will look deeper into Let’s Encrypt soon.

Leave a Reply

Your email address will not be published. Required fields are marked *