This post is not sponsored by Cloudflare; it is an update on my self-hosting journey with the Raspberry Pi.
I am happy with the result of the script that I shared on my last post because I no longer have to manually reboot the Pi every time the Internet connection goes down. However, it is still suboptimal; if the Internet connection goes down for an extended period of time, the blog goes down with it. Not only is it bad for would be readers, it was also frustrating on my end. The thought of moving this blog to a cheap cloud instance crossed my mind during the first few days, but I had to think of something more pragmatic. That was when I decided to check Cloudflare out. When I found out that they are offering a free plan that has more features than what I would need for this blog, I was sold.
Cloudflare is a security company that gained notoriety for stopping DDoS attacks through their Content Delivery Network (CDN)-like feature. It can help your site become more performant by caching your static content in their data centers around the world. This enables your site to load faster and allows more concurrency by serving cached content first before hitting your server. Cloudflare offers this and more for free; including three page rules, analytics, free SSL through their network and even enabling security measures like HTTP Strict Transport Security (HSTS). All of these can be easily configured in their nice looking dashboard. If you want to read more about the company's history, here is a good article about their humble beginning.
Getting a Cloudflare account is straightforward. A walkthrough video of the initial setup process is available on their landing page. In a nutshell, the process only has three steps:
- Signing up with your email address and password
- Adding your domain
- Pointing your domain's nameservers to Cloudflare's own nameservers
After going through those steps quickly, you will be presented with a modern, easy to use admin interface:
It will be impossible to discuss all of what Cloudflare has to offer in a single post, so I will just write about the tweaks that I did to suit my current self-hosted Raspberry Pi setup.
I obtained my domain's SSL certificate through Let's Encrypt, a trusted certificate authority that issues certificates for free. Since I have my own certificate configured on NGINX, I do not need to use Cloudflare's free SSL. I just selected Full (Strict) mode under SSL and enabled HSTS, Opportunistic Encryption and Automatic HTTPS Rewrites.
This is the feature that I needed the most. I clicked on this menu before I even explored the other settings above. I made sure Always Online™ is on, and made some minor adjustments with the Browser Cache Expiration.
Cloudflare gives you three page rules for free, and you can subscribe should you need more. Here's how I made use of my free page rules:
Dynamic DNS Configuration
My blog's DNS records are now being handled by Cloudflare so I need to make sure that they are updated automatically if my ISP gives me a new IP address.
The easiest way to achieve this is to install
ddclient from Raspbian's default repository, along with the Perl dependencies:
sudo apt-get install ddclient libjson-any-perl
Unfortunately, this version of
ddclient does not support Cloudflare's Dynamic DNS API. We need to download the current version here, and overwrite the executable that has been installed by the previous command:
$ wget http://downloads.sourceforge.net/project/ddclient/ddclient/ddclient-3.8.3.tar.bz2
$ tar -jxvf ddclient-3.8.3.tar.bz2
$ cp -f ddclient-3.8.3/ddclient /usr/sbin/ddclient
We installed the old version first to benefit from the daemon that comes with it. This daemon keeps
ddclient running in the background and spawns it automatically after each reboot.
This new version of
ddclient looks for the configuration file in a different directory so we need to create that directory and move our old configuration file:
$ sudo mkdir /etc/ddclient
$ sudo mv /etc/ddclient.conf /etc/ddclient
ddclient.conf for reference:
# Configuration file for ddclient generated by debconf
login=*Enter your cloudflare email address here*
password=*Enter your API key here*
We can now restart
ddclient and check its status to make sure that everything is working as expected:
$ sudo service ddclient restart
$ sudo service ddclient status -l
The last command should give you the current status of the daemon along with the latest event logs. Check the event logs for any error messages or warnings, and if everything turned out to be okay, you should see something similar to this:
SUCCESS: blog.johncrisostomo.com -- Updated Successfully to xxx.xxx.xxx.xxx.
So far this setup works well and I am happy with the blog's performance. It is a shame that I have not gathered data before Cloudflare to objectively compare the performance boost I am getting out of it. However, the blog's initial loading time has become noticeably faster, at least on my end. I guess we will have to see in the next couple of days.