CloudFlare or Similar Proxy In Front of data.openupstate.org

[allella]

@BigBlueHat given the progress on our map layer data, I'd like to consider putting something like CloudFlare in front of the site to cache the page content (HTML, GeoJSON) and static assets (images, CSS, JS) to give it scalability and such.

The map layers are being generated in real-time from Google Spreadsheets, much the same as the Leaflet map we did in 2014. I intend to write cron to visit and save a copy of the GeoJSON on our webserver, but we'd like to outsource the heavy lifting of serving the pages.

I've used KeyCDN for pull zone on static files but haven't gotten into caching pages.

Cloudflare is interesting because it is meant to cache all content.

Thoughts on services to consider? If CloudFlare then it seems we'd need to change the name servers over to them so they can do their thing.

[BigBlueHat]

I'm already a Cloudflare user, so I've set that up. ^_^ Things might take a bit to populate (because DNS), but let me know if you need more changes.

Let's leave this open until you're happy with it.

Cheers!

[allella]

Seeing an SSL error. Was the free SSL enabled?

We're using https://data.openupstate.org/

Thanks, Jim

On Mar 1, 2017 8:37 AM, "BigBlueHat" notifications@github.com wrote:

I'm already a Cloudflare user, so I've set that up. ^_^ Things might take a bit to populate (because DNS), but let me know if you need more changes.

Let's leave this open until you're happy with it.

Cheers!

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/codeforgreenville/OpenData/issues/25#issuecomment-283341393, or mute the thread https://github.com/notifications/unsubscribe-auth/ABsgcKF6lNAcpE-X27RslH3_mFeAo7gSks5rhXSLgaJpZM4MPDDU .

[BigBlueHat]

Yeah. Did you want that off? It looks like their "Flexible" SSL certs take ~24 hours to generate--so...slower than DNS apparently. 😛

Did you have one setup already?

[allella]

We already have a Let's Encrypt but seems like they need to generate one for you since they are in front. I'm fine with their cert, as the alternative seems to be paying for a plan just to upload our own cert. Doesn't seem necessary.

On Wed, Mar 1, 2017 at 10:09 AM, BigBlueHat notifications@github.com wrote:

Yeah. Did you want that off? It looks like their "Flexible" SSL certs take ~24 hours to generate--so...slower than DNS apparently. 😛

Did you have one setup already?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/codeforgreenville/OpenData/issues/25#issuecomment-283366057, or mute the thread https://github.com/notifications/unsubscribe-auth/ABsgcK_rKg1rxwRuVZGjhf9adRZJj0Mzks5rhYorgaJpZM4MPDDU .

[allella]

@BigBlueHat various issues have been ironed out on the Apache and Drupal end.

I can't tell if CF is actually yielding cache hits, or simply proxying straight through. Thoughts?

[allella]

@BigBlueHat Would you be around on one of the chat channels tomorrow night if I have needs or questions on Cloudflare? I think it's enabled but not sure if it's actually caching anything on the data domain.

[BigBlueHat]

It likely is caching things, but it should also be "smart" about updating the cache. There may be a "bypass" option...though I'm not sure what it is short of toggling it in the UI. Sadly, they don't have group accounts...

[BigBlueHat]

@allella I've switched it to "DNS only" to avoid any caching issues while you're updating. Let me know if/when you want it to start proxying again.

[allella]

@BigBlueHat I think we're okay to turn the caching/proxying back on.

The main Drupal + CloudFlare suggestion seems to be to add a PageRule for our admin section, which is /adminy

[allella]

@BigBlueHat the Drupal module is also requesting an API key and "Account e-mail address" as required fields to allow for cache purging. https://www.cloudflare.com/a/account/my-account

Could you share that securely with me?

[allella]

@BigBlueHat If you're attending the open data event in a couple weeks then perhaps we could carve out a couple hours to work through whatever we can do with CloudFlare.

[BigBlueHat]

Yep. Let's plan to do that!

[allella]

@pamelawoodbrowne not a big deal since I can probably front any initial costs, but curious if you could ask CFA if there's any relationship with KeyCDN. I think a free CloudFlare is going to be too many unknowns out of the gate. I've worked with KeyCDN before and they have free SSL certs.

[allella]

Related to this conversation, we've transferred the the hackgreenville and openupstate domains to RefactorGVL.

Cloudflare, or similar, could handle the DNS records too.

[allella]

Closing this issue as we'll be putting CloudFlare in front of hackgrenville.com and slowly phasing out the data.openupstate.org domain.