Discover Centmin Mod today
Register Now

CDN Cloudflare Cloudflare Flexible SSL, Nginx & XenForo

Discussion in 'Domains, DNS, Email & SSL Certificates' started by BamaStangGuy, Oct 1, 2014.

  1. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    6:01 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Hope you're keeping track of geographic page load times after the switch to Cloudflare.. will be interesting to see which geographical regions benefit most :D

     
  2. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    6:01 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  3. BamaStangGuy

    BamaStangGuy Active Member

    668
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    3:01 PM
    AspiesCentral isn't using Flexible SSL (Full SSL (Strict)).

    What does a traceroute from your place look like?
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    6:01 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    traces and ping times look good so probably something else as each page load has like 2-4 seconds delay before rendering the page. It gets slightly faster the more pages you view (caching coming into effect). Most noticeable delay is on front page with the featured threads setup
    Code:
    tracert www.aspiescentral.com
    
    Tracing route to www.aspiescentral.com [108.162.207.48]
    over a maximum of 30 hops:
    
      1     9 ms     8 ms     7 ms  10.205.224.1
      2     8 ms     7 ms     7 ms  58.160.20.202
      3    12 ms     8 ms     9 ms  58.160.23.238
      4     8 ms     8 ms     9 ms  bundle-ether4.cha-edge902.brisbane.telstra.net [203.50.44.38]
      5    12 ms     7 ms    10 ms  bundle-ether7.cha-core4.brisbane.telstra.net [203.50.11.142]
      6    29 ms    35 ms    25 ms  bundle-ether11.ken-core10.sydney.telstra.net [203.50.11.72]
      7    26 ms    27 ms    27 ms  bundle-ether19.ken-core4.sydney.telstra.net [203.50.11.128]
      8    34 ms    32 ms    24 ms  tengigabitethernet7-1.ken45.sydney.telstra.net [203.50.20.64]
      9    33 ms    23 ms    26 ms  pacnet2.lnk.telstra.net [139.130.94.34]
    10    26 ms    27 ms    31 ms  te0-2-0-0.cr2.syd5.asianetcom.net [203.192.174.181]
    11    26 ms    24 ms    32 ms  gi2-0-0-900.gw1.syd2.asianetcom.net [202.147.55.90]
    12    25 ms    25 ms    24 ms  CDF-0011.asianetcom.net [203.192.167.86]
    13    24 ms    29 ms    26 ms  108.162.207.48
    
    Trace complete.
    
    from my local virtualbox CentOS 7 instance
    Code:
    mtr --report www.aspiescentral.com       
    Start: Thu Oct  2 22:41:55 2014
    HOST: centos7.localdomain         Loss%   Snt   Last   Avg  Best  Wrst StDev
      1.|-- 10.205.224.1               0.0%    10   15.9  10.8   7.1  15.9   3.1
      2.|-- 58.160.20.202              0.0%    10   10.9   9.8   7.9  11.5   1.1
      3.|-- 58.160.23.238              0.0%    10   13.8  12.0   8.2  17.7   3.2
      4.|-- bundle-ether4.cha-edge902  0.0%    10   10.2  12.0   8.7  18.1   3.2
      5.|-- bundle-ether7.cha-core4.b  0.0%    10   10.8  14.5   9.6  20.2   3.9
      6.|-- bundle-ether11.ken-core10  0.0%    10   28.1  28.1  25.0  34.2   2.3
      7.|-- bundle-ether19.ken-core4.  0.0%    10   27.6  28.4  26.1  35.0   2.4
      8.|-- tengigabitethernet7-1.ken  0.0%    10   26.5  27.2  24.3  31.5   1.9
      9.|-- pacnet2.lnk.telstra.net    0.0%    10   25.3  30.8  25.1  41.2   5.6
    10.|-- te0-2-0-0.cr2.syd5.asiane  0.0%    10   28.1  29.3  27.9  32.4   1.6
    11.|-- gi2-0-0-900.gw1.syd2.asia  0.0%    10   26.4  26.2  24.5  28.3   1.1
    12.|-- CDF-0011.asianetcom.net    0.0%    10   23.9  28.5  23.9  41.4   4.9
    13.|-- 141.101.124.48             0.0%    10   23.9  27.0  23.9  32.7   3.1
    
     
  5. BamaStangGuy

    BamaStangGuy Active Member

    668
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    3:01 PM
  6. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    6:01 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    less of a delay but it does get faster the more pages I browse, so could be delay for non cached guest page viewing ?

    you using Cloudflare with CDN only, or CDN + basic optimisations or CDN + full optimisations ?
     
    Last edited: Oct 4, 2014
  7. BamaStangGuy

    BamaStangGuy Active Member

    668
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    3:01 PM
    Cloudflare with CDN only. I do have Minify Javascript and HTML checked in Cloudflare though. I also don't have any cache add-ons installed and do not use pagespeed. So its basically default XenForo with Cloudflare.
     
  8. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    6:01 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    maybe try with CDN + basic optimisations ?
     
  9. rdan

    rdan Well-Known Member

    5,439
    1,397
    113
    May 25, 2014
    Ratings:
    +2,186
    Local Time:
    4:01 AM
    Mainline
    10.2
    I think Flexible SSL should be more faster than the other selection since From your server to Cloudflare there's no encryption.
     
  10. rdan

    rdan Well-Known Member

    5,439
    1,397
    113
    May 25, 2014
    Ratings:
    +2,186
    Local Time:
    4:01 AM
    Mainline
    10.2
    Fixed most of the issues :)
    Pinoy Internet and Technology Forums now serve by Cloudflare Free Plan using Full SSL.
    Already added some white list on csf.allow and csf.ignore, real ip forwarding on nginx.conf.
     
  11. rdan

    rdan Well-Known Member

    5,439
    1,397
    113
    May 25, 2014
    Ratings:
    +2,186
    Local Time:
    4:01 AM
    Mainline
    10.2
    Revert back, Windows XP SP2 and SP3 user's having problems.
     
  12. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    6:01 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  13. rdan

    rdan Well-Known Member

    5,439
    1,397
    113
    May 25, 2014
    Ratings:
    +2,186
    Local Time:
    4:01 AM
    Mainline
    10.2
    I have one user using Windows XP SP3 that is using Google Chrome v37 can't browse my forum using Cloudflare SSL also.
     
  14. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    6:01 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    interesting can you get the user to try my test ECC 256 bit SSL certificate site at sslspdy.com - Nginx + Google SPDY/3.1 SSL and see if they can browse and view that as well
     
  15. rdan

    rdan Well-Known Member

    5,439
    1,397
    113
    May 25, 2014
    Ratings:
    +2,186
    Local Time:
    4:01 AM
    Mainline
    10.2
    Sure i will try.
     
  16. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    6:01 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  17. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    6:01 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    actually it might be the SNI support that might be the problem if you look at the SSLLab report SSL - Cloudflare Universal SSL incompatible with WinXP Internet Explorer <=8 browsers | Centmin Mod Community

    when the WinXP SP3 user tests their browser at Qualys SSL Labs - Projects / SSL Client Test check to see if in protocol details that Server Name Indication (SNI) is yes or no
     
  18. rdan

    rdan Well-Known Member

    5,439
    1,397
    113
    May 25, 2014
    Ratings:
    +2,186
    Local Time:
    4:01 AM
    Mainline
    10.2
    she said, it's the same error with that page.
     
  19. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    6:01 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    so means WinXP SP3 + Chrome 37 doesn't like ECC 256 bit SSL certificates either as my sslspdy.com site is on dedicated IP so SNI doesn't factor into it.

    would be interesting to see her results of when she uses WinXP SP3 + Chrome 37 to check her browser at Qualys SSL Labs - Projects / SSL Client Test
     
  20. eva2000

    eva2000 Administrator Staff Member

    53,142
    12,108
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,643
    Local Time:
    6:01 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Last edited: Oct 7, 2014