Difference between Cloudflare CDN and NGINX - nginx

I am reading but having hard time understand difference between the two. I am using Heroku for my apps and until now I was using NGINX to serve my content. I precompressed my static files to gzip and served them like that, turning off dynamic compression in NGINX config file.
Now I am learning about Cloudflare CDN. As I see it is also serving static content. Is there any point in using both NGINX and Cloudflare, what would be the benefits?
How does a flow of that goes when user visits the website?
Would it be:
End User -> Cloudflare DNS -> CDN -> NGINX -> Heroku
End User <- Cloudflare DNS <- CDN <- NGINX <- Heroku

Cloudflare does not serve static content itself. It only caches content originally served by some other server. You still need that other server -- known as your "origin server". You might still use nginx as your origin server. By putting Cloudflare in front of it, you can make your site faster and more secure, but Cloudflare does not replace your server.

From, How does Cloudflare work?:
The Short Answer, Cloudflare protects and accelerates any website online. Once your website is a part of the Cloudflare community, its web traffic is routed through our intelligent global network.
In terms of differences, you can't directly compare Nginx with a CDN (a group of services including Nginx), you can create a CDN using Nginx.

Related

NGINX Reverse Proxy - Preload the cache

NGINX Reverse Proxy is working well. Using the cache it's possible to store static content on every Reverse Proxy to reduce traffic on the main server. I can set a time after the last access it will be removed - so far I know.
Having more Reverse Proxies - is it possible to sync the cache between the Reverse Proxys or preload a special file to all of them? And if yes, how I can do it?
This would be a good speed up for new bigger files.
You could locate the cache files and synch them across your servers with something like rsync.
To pre-load a cache you‘d have to curl each possible URL.

Redirecting HTTP traffic to HTTPS in EC2 hosted web server using cloudfront

Current Scenario
I am hosting a wordpress website on a ECS instance which runs wordpress in a docker container
My wordpress is working fine but i want to change HTTP to HTTPS
What i dont want to use
1) ELB
2) Anything cost ineffective
What i tried
I tried using cloud front and setting ec2-52-64-xxx-xxx.ap-southeast-2.compute.amazonaws.com as origin domain and origin id
I also set it to redirect HTTP to HTTPS
Current CloudFront behaviour
What happens is when i goto the cloudfront link it redirects me to ec2-52-64-xxx-xxx.ap-southeast-2.compute.amazonaws.com (HTTP) instead of using the cloudfront link
Desired CloudFront behaviour
It should use the HTTPS cloudfront URL to use my wordpress website by redirecting any traffic from my origin from HTTP to HTTPS
Current Server configs
1) I don't have any SSL/TLS certificate installed in my ECS instance
2) My .htaccess file has default values (not sure if i even should update it or cloudfront will work without any changes to .htaccess)
3) Wordpress is not installed so the database does not have any values which might be causing a redirect ( I deleted the database to test if that might be causing the inconsistency)
I am really new to AWS,There might be a better way to achieve HTTP to HTTPS redirect i think any sugggestions/help is highly appreciated thanks :)

Dev site redirected to https because of STS rule in production

we have activated HTTP Strict Transport Security in production. It works well. But now, when wanting to use a subdomain to develop, the website is automatically redirected to https:
https://dev.tokeeen.com/app_dev.php/my-habits
Event if the host is set to 127.0.0.1
127.0.0.1 dev.tokeeen.com
Is there something to avoid this behavior? Of course I don't want to force the host for the main domain.
You are currently setting this on your main site:
Strict-Transport-Security max-age=63072000; includeSubDomain
If you change this to remove the includeSubDomain bit then it will only apply to your top level domain and not the dev sub domain:
Strict-Transport-Security max-age=63072000;
You then need to visit your production site to load this header and overwrite the existing one in your browser’s cache.
However this is less secure (for example someone could set up www.tokeeen.com and pretend to be your site with a bit of DNS manipulation for example).
But to be honest you should just use https on you’re dev site. The Internet is moving towards HTTPS and many new features do not work under plain HTTP. Additionally what you are developing is not similar to your production site so if you include http:// links instead of https:// for example you’ll suddenly see this failing when you release to production.
You look to use LetsEncrypt on your site so the cert is free. Do yourself a favour and just get another free one for your dev subdomain.
You have to get yourself a wildcard certificate as the ssl certificate is only for that domain. That's the whole point of having a secure site.
I'm not sure what server system you are using but in case you don't want to use wildcards and are ok with less secure, you can bind the other domains to
port 80 with the binding type http`

Basic CDN with Nginx or HA proxy to serve static content?

I have 2 servers A & B. On both server I serve static content via Nginx.
I would like to set up a HTTP redirection on A (Nginx, Ha proxy, Varnish ?) that check health of A & B and redirect HTTP requests to both servers depending on their availibility. Later the "balancer" will be on a separate dedicated server.
Actually I thought upstream from nginx would do the trick but all the bandwidth go throught this proxy which is not what.
I want to use all available bandwidth from A & B so I have to redirect request on A & B servers.
My searches:
HA Proxy have a HTTP redirection wich may help me : https://www.haproxy.com/doc/aloha/7.0/haproxy/http_redirection.html . Maybe using with https://www.haproxy.com/doc/aloha/7.0/haproxy/healthchecks.html to always send to available server. This mean installing and managing a new app I'm not familiar with (HA proxy).
There is mix with some perl code and nginx to achieve that here: http://www.sourceprojects.org/nginx-stateless-loadbalancer but It use external perl script and I'm not sure it is very robust solution.
I wonder if there is something I missed in Nginx or Varnish to achieve that ?

How to Eliminate Nginx from the Production Stack via using Cloudflare as a substitutable Reverse Proxy?

Is it possible to use "cloudflare" as a reverse proxy for hosting several websites on the same host machine but on different ports?
Cloudflare can replace some of the features of Nginx, specifically:
Caching resources
Rate limiting and protecting your website
Redirecting access to your website to another server
But you still need Nginx or another web server for the following tasks:
Handling the TCP connections between Cloudflare and the server which generates the response (+ HTTPS should be used)
Generating the actual response, via FastCGI (PHP, Python, Ruby, etc.) or just delivering a file/resource (server and location blocks in Nginx)
Setting the correct headers for the response, for caching and content type (Cloudflare relies on these)
Cloudflare does not support sending your requests to specific ports on the origin host - but that would still not help you much, because Cloudflare has a very specific feature set, and generating responses is not part of them, which is why you need a web server.
If you want to reduce the work needed to maintain Nginx, you can restrict Nginx to only reply to requests by Cloudflare and do the rate limiting and some other tasks in Cloudflare.

Resources