Get the most out of your Centmin Mod LEMP stack
Become a Member

Xenforo XenForo 2.1 CDN using Cloudflare free plan :D

Discussion in 'Forum software usage' started by rdan, Oct 7, 2019.

  1. rdan

    rdan Well-Known Member

    4,924
    1,174
    113
    May 25, 2014
    Ratings:
    +1,773
    Local Time:
    5:44 AM
    Mainline
    10.2
    Free and not using Cloudflare on main Domain.
    Just to save bandwidth and accelerate static files.

    Code:
    server {
        listen 443 ssl http2;
        server_name cdn.xf.com;
        include /usr/local/nginx/conf/ssl/xf.com_ssl.conf;
    
        access_log off;
        log_not_found off;
        error_log /home/nginx/domains/xf.com/cdn_error.log error;
        root /home/nginx/domains/xf.com/public;
    
        location /               { deny all; }
        location ~ \.(default|html|php|txt|xml)$ { deny all; }
       
        location /data/          { }
        location /js/            { }
        location /styles/        { }
        location ~ ^/(proxy.php) { include /usr/local/nginx/conf/php.conf; }
    
        include /usr/local/nginx/conf/staticfiles.conf;  
    }

     
  2. pdinh97qng

    pdinh97qng Member

    81
    10
    8
    Jan 24, 2016
    Ratings:
    +25
    Local Time:
    2:44 PM
    If I'm not wrong, CloudFlare doesn't allow customer to serve only static files. I saw an email for this situation before:p Better to not violate the rules :yawn:
     
    • Informative Informative x 1
  3. eva2000

    eva2000 Administrator Staff Member

    44,172
    10,067
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,560
    Local Time:
    7:44 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    I believe @rdan is setting up non-cloudflare protected domain.com hostname that serves static files directly from a separate cloudflare protected cdn.domain.com hostname on Centmin Mod Nginx origin web server. Basically disabling cloudflare orange cloud on domain.com DNS record and enabling cloudflare orange cloud on cdn.domain.com DNS record.

    Yeah they do have such a rule though it's open for interpretation and with their release of Cloudflare Workers, it is all about serving static files :) Cloudflare will contact you if you overstep their usage policy. So you can ask them if unsure.
     
    • Informative Informative x 1
  4. rdan

    rdan Well-Known Member

    4,924
    1,174
    113
    May 25, 2014
    Ratings:
    +1,773
    Local Time:
    5:44 AM
    Mainline
    10.2
    My fully working and updated config.

    Code:
    server {
        listen 80;
        server_name cdn.domain.com;
        return 301 https://cdn.domain.com$request_uri;
    }
    
    server {
        listen 443 ssl http2;
        server_name cdn.domain.com;
        include /usr/local/nginx/conf/ssl/domain.com/domain.com_ssl.conf;
    
        access_log off;
        log_not_found off;
        error_log /home/nginx/domains/domain.com/cdn_error.log error;
        root /home/nginx/domains/domain.com/public;
    
        location /                                { deny all; }
        location ~* \.(default|html|php|txt|xml)$ { deny all; }
    
        location ~* \.(gif|jpg|jpe|jpeg|png|ico)$ {
        gzip_static off;
        add_header Link "<https://domain.com$request_uri>; rel=\"canonical\"";
        add_header Access-Control-Allow-Origin *;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
        expires 30d;
        break;
        }
    
        location ~* \.(3gp|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|br)$ {
        gzip_static off;
        sendfile off;
        sendfile_max_chunk 1m;
        add_header Link "<https://domain.com$request_uri>; rel=\"canonical\"";
        add_header Access-Control-Allow-Origin *;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
        expires 30d;
        break;
        }
    
        location ~* \.(js|json)$ {
        add_header Link "<https://domain.com$request_uri>; rel=\"canonical\"";
        add_header Access-Control-Allow-Origin *;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
        expires 30d;
        break;
        }
    
        location ~* \.(css)$ {
        add_header Link "<https://domain.com$request_uri>; rel=\"canonical\"";
        add_header Access-Control-Allow-Origin *;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
        expires 30d;
        break;
        }
    
        location ~* \.(eot|svg|ttf|woff|woff2|less|otf|scss)$ {
        add_header Link "<https://domain.com$request_uri>; rel=\"canonical\"";
        add_header Access-Control-Allow-Origin *;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        expires 365d;
        break;
        }
    
    
    }
    
     
    • Winner Winner x 2
    • Like Like x 1
    • Informative Informative x 1
  5. pdinh97qng

    pdinh97qng Member

    81
    10
    8
    Jan 24, 2016
    Ratings:
    +25
    Local Time:
    2:44 PM
    @rdan can you share your page rules :nailbiting:
     
  6. rdan

    rdan Well-Known Member

    4,924
    1,174
    113
    May 25, 2014
    Ratings:
    +1,773
    Local Time:
    5:44 AM
    Mainline
    10.2
    Why :nailbiting:? :D

    Just basic Cache Everything option.
    upload_2019-10-10_3-20-41.png
     
    • Informative Informative x 2
  7. eva2000

    eva2000 Administrator Staff Member

    44,172
    10,067
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,560
    Local Time:
    7:44 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    looks good with canonical headers properly in place too :)
     
    • Like Like x 1
  8. negative

    negative Active Member

    382
    45
    28
    Apr 11, 2015
    Ratings:
    +88
    Local Time:
    12:44 AM
    1.9.10
    10.1.11
    Do you advice that add the canonical header even without using the cloudflare as CDN in free plan ?
     
  9. eva2000

    eva2000 Administrator Staff Member

    44,172
    10,067
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,560
    Local Time:
    7:44 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yeah doesn't hurt
     
  10. negative

    negative Active Member

    382
    45
    28
    Apr 11, 2015
    Ratings:
    +88
    Local Time:
    12:44 AM
    1.9.10
    10.1.11
    is it enough put that code to location / in my host conf ?
    Code:
    add_header Link "<https://domain.com$request_uri>; rel=\"canonical\"";
     
  11. rdan

    rdan Well-Known Member

    4,924
    1,174
    113
    May 25, 2014
    Ratings:
    +1,773
    Local Time:
    5:44 AM
    Mainline
    10.2
    Maybe, but static files won't have that header.

    After 1 month :)
    upload_2019-11-15_22-30-19.png
     
    • Like Like x 3
  12. eva2000

    eva2000 Administrator Staff Member

    44,172
    10,067
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,560
    Local Time:
    7:44 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    excellent results there :)
     
    • Like Like x 1
  13. JJC84

    JJC84 Ad astra per aspera Premium Member

    247
    109
    43
    Jan 31, 2018
    San Antonio, Texas
    Ratings:
    +168
    Local Time:
    4:44 PM
    1.15.x
    10.x.x
    I have to say this is an exemplary config! Thank you for sharing this @rdan it has helped me in squeezing a bit more performance.

    Because... performance matters right!
     
    • Like Like x 1
  14. upgrade81

    upgrade81 Premium Member Premium Member

    260
    15
    18
    Sep 5, 2016
    Italy
    Ratings:
    +26
    Local Time:
    11:44 PM
    1.17
    10.3

    Hi, can I know how you configured static and image files on Xen to point to the Cdn subdomain?

    That is, I miss the step before configuring the vhost relative to the cdn ...
    How do you PULL towards subdomain, that's it.