Hi, I wanted to host a personal Lemmy instance online (for just myself, I don’t think I can take the upkeep for other users - please let me know if this is not possible) and wanted to understand how to “attach” a CDN service to it.

The idea behind doing this is that I’m in the US but I’m looking to host a server in Europe. I am looking into Cloudflare’s free CDN service, but it would be great if someone could point me towards how I can configure this setup to speed up the loading time for my Lemmy instance (which is going to be far away from me, geographically).

I would also like to know about your setups and how you have hosted Lemmy.

Thanks!

  • jjakc
    link
    fedilink
    English
    11 year ago

    When you make a dns request, it goes to the nameservers first to see which server is has the dns config. A CNAME record is in the dns config

    • @MigratingtoLemmyOP
      link
      English
      11 year ago

      I’m sorry, what I don’t understand is how does changing my nameservers to cloudflare’s nameservers help propagating my traffic through their CDN infrastructure?

      • jjakc
        link
        fedilink
        English
        2
        edit-2
        1 year ago

        Because changing your nameservers to cloudflare’s allows you to use their DNS service, which comes with the CDN infrastructure.

        Here is the cloudflare dns for my lemmy server’s domain:

        The switch where it says proxied means that I am using the CDN to obfuscate the real IP of the server.

        • @MigratingtoLemmyOP
          link
          English
          11 year ago

          Thank you, but I’m still having trouble understanding the technical reason for Cloudflare to require users to change their nameservers. Let me try and summarise what I understand:

          When a user changes their nameservers to Cloudflare nameservers, all requests to the domain are routed to Cloudflare’s DNS endpoints. Because we are using a CDN (and are proxying traffic to our site through Cloudflare), the CDN endpoint (because it is the proxy) intercepts all traffic directed towards our domain. If we were to not change the nameservers for our domain to Cloudflare’s nameservers, Cloudflare would not be able to link our domain to the specific CDN endpoint it has likely set up for us at the back-end, which would defeat the purpose of the CDN and the proxying wouldn’t work.

          Do I understand this correctly?

          • jjakc
            link
            fedilink
            English
            2
            edit-2
            1 year ago

            Pretty much yes.

            If you want a more in-depth explanation of DNS and how nameservers work etc check out this article from cloudflare.

            Specifically the part; “There are 4 DNS servers involved in loading a webpage:” It explains it much better than I can.

            • @MigratingtoLemmyOP
              link
              English
              11 year ago

              Thank you, I conceptually understand what nameservers (and their types) are, it’s just that I’m struggling a bit to link my understanding of DNS to how Cloudflare is proxying traffic through its own network. I assume that my previous comment had an OK explanation, a high-level overview of what happens.

              Thanks for your time!

              • oranki
                link
                fedilink
                English
                21 year ago

                Cloudflare has several reverse proxies all around the world. When you enable their proxy service, CF decides which proxy is used for your traffic. To be able to control this better, they need to have control over the DNS record.

                If you have an issue with changing your domain’s nameservers (perfectly valid), my guess is you’ll also have an issue with the fact that using CF proxy essentially means they are a man-in-the-middle for all your HTTPS traffic and decrypt everything before proxying it forward.

                • @MigratingtoLemmyOP
                  link
                  English
                  11 year ago

                  Hi, thanks a bunch for your comment. I love trying to understand the inner workings of more complex networking.

                  To be able to control this better, they need to have control over the DNS record.

                  Could you detail on how using their nameservers helps them control the allocation of proxies and other infrastructure better? I’m probably asking a stupid question but I really want to connect the dots. I want to know how using their nameservers enables them to proxy my traffic, and what technical limitations are present such that they won’t be able to proxy my traffic if I don’t use their nameservers (which btw is not true, because if you are an enterprise customer they have a provision where you can just get a CNAME instead of using their nameserver and it will still work - but for the sake of this discussion I will assume that it won’t be possible to proxy traffic without their nameservers. I just want to know why).

                  Well, technically using Cloudflare isn’t the most private thing one can do (I have a feeling they ask free account holders to use their nameservers because they can then run analytics on the data, which is fine. It’s “free”), and eventually I’d like to use my own VPS instance as a reverse proxy into my network (to access it from outside) instead of having to use a Cloudflare proxy. However, when strictly speaking of CDN infrastructure, I have no problems with using Cloudflare, since there is no chance of me coming up with infrastructure on my own anyway.

                  I didn’t realise that Cloudflare acts as a MiTM: this is new for me. I would love if you could explain further (or point me to a resource that does) and how this ties in with using Cloudflare as a proxy/CDN setup.

                  Thanks!

                  • oranki
                    link
                    fedilink
                    English
                    21 year ago

                    The reasons for having to use their nameservers is probably about getting some data in the process. But DNS queries are quite harmless compared to the MITM issue for the actual traffic.

                    Traffic proxied via CF uses their TLS certificates. Look up how HTTPS works, and you’ll understand that it means the encryption is terminated at Cloudflare.

                    For the record, CF DNS infrastructure is really solid. For something already public anyway, I’d use their services in a heartbeat. You get some WAF features and can add firewall rules like geoblocking, even on the free tier.

                    For sensitive data, I probably wouldn’t use the proxy service.