Chaika
CDCloudflare Developers
•Created by The Doomfire on 11/22/2024 in #general-help
How can I ensure that both mywebsite.com and www.mywebsite.com work correctly?
Alternatively you could reidrect from apex -> www
6 replies
CDCloudflare Developers
•Created by The Doomfire on 11/22/2024 in #general-help
How can I ensure that both mywebsite.com and www.mywebsite.com work correctly?
You need to add any Pages Custom Domains that you want to work, under your Pages Project -> Custom Domains tab (it'll make the record for you too). Otherwise just adding the record alone won't work.
6 replies
CDCloudflare Developers
•Created by Ohbihave on 11/21/2024 in #general-help
DNSSEC
might be a bit too much technical info/jargon, sorry if that doesn't make sense, what it simply boils down to is that you need to tell your registrar that you want to enable dnssec and with what keys (which is what the ds record is), so that the rest of the DNS System knows what to trust. Cloudflare does its part automagically, and you just need to do that part with your Registrar.
13 replies
CDCloudflare Developers
•Created by Ohbihave on 11/21/2024 in #general-help
DNSSEC
DNS is a hierarchy. Sometimes records need to go higher. When you modify your nameservers at your Registrar, what it's actually doing is telling the TLD (for example
com) nameservers "hey start serving these NS records with these values, for this domain". If your domain is example.com for example, the hierarchy looks like this:
. (root) example.com -> talk to the com nameservers
com example.com -> talk to cloudflare name servers
example.com example.com -> you're talking to the cloudflare nameservers which have the authoritative answers
DS records need to be at the higher com (or whatever your TLD) level is too, which is why you have to go through your Registrar/tell them what ds records you want. For DNSSEC to work, both your Registrar/the TLD and your auth nameservers have to serve specific records. The Registrar/TLD tells DNS Resolvers what to trust, and your auth nameservers respond with more dns key information as well as signed records.
Think about it this way: How would DNSSEC be secure in any way if it was purely your nameservers who had to return the keys/info about it? The point of dnssec is to protect against mitm attacks and such, if you just trusted what the auth nameservers said, you'd be no better then not having it at all13 replies
CDCloudflare Developers
•Created by Ohbihave on 11/21/2024 in #general-help
DNSSEC
not too much on the internet about network solutions dnssec, looks like one user got it working: https://community.cloudflare.com/t/dnssec-cloudflare-and-network-solutions/375100/4
13 replies
CDCloudflare Developers
•Created by Ohbihave on 11/21/2024 in #general-help
DNSSEC
DNSSEC, just like nameservers, is just one of those "Registrar level" coordinated settings, essentially
13 replies
CDCloudflare Developers
•Created by Ohbihave on 11/21/2024 in #general-help
DNSSEC
So my question is since CloudFlare now hosts the records do I need to add the DS record to the domain under CloudFlare.No, that part within Cf is automatic. If Network Solutions is your Registrar, you need to go into their portal, on the domain registrar side, and look for dnssec setup
13 replies
CDCloudflare Developers
•Created by Ohbihave on 11/21/2024 in #general-help
DNSSEC
If you're confused who your registrar is, what is your domain?
13 replies
CDCloudflare Developers
•Created by Ohbihave on 11/21/2024 in #general-help
DNSSEC
There's no such thing as an "Authoritive DNS Registrar". There's two concepts here, the nameservers/dns ("Authoritative Nameservers") for your website, and the registrar, who you registered the domain from. DNSSEC is special, you basically need to tell your registrar, "I'm enabling dnssec, push these keys to the TLD/higher authorities, so they know to tell resolvers what to trust"
13 replies
CDCloudflare Developers
•Created by Ohbihave on 11/21/2024 in #general-help
DNSSEC
You need to add the ds records/dnssec info at your Registrar
13 replies
CDCloudflare Developers
•Created by ivk on 11/21/2024 in #general-help
ERR_SSL_VERSION_OR_CIPHER_MISMATCH when trying to retrieve a picture from R2 from localhost
lol, I mean the url of the r2 picture. Are you using R2 Custom Domains or the s3 api/presigned urls?
8 replies
CDCloudflare Developers
•Created by ivk on 11/21/2024 in #general-help
ERR_SSL_VERSION_OR_CIPHER_MISMATCH when trying to retrieve a picture from R2 from localhost
What's the domain/url that doesn't work?
8 replies
CDCloudflare Developers
•Created by Wes on 11/20/2024 in #workers-help
Workers running in a different continent from the requester
it is curious though, I was able to reproduce what you saw. Randomly requests hitting GRU show as being handled by MIA/IAD/EWR, it looks very network level though as you can make a request to a biz site with an ent ip (and curl override) and not see it, and vice versa, to ent w/ biz ip, and you do see it/randomly some requests ending up handled out of country. The fact they're going so far away is weird when there's lots of closer locations, must be pretty limited in scope because there's no other forum mentions or anything
36 replies
CDCloudflare Developers
•Created by Wes on 11/20/2024 in #workers-help
Workers running in a different continent from the requester
yea they do have a lot of good blogs about their arch, here's the one about their internal lb: https://blog.cloudflare.com/unimog-cloudflares-edge-load-balancer/, it's just l4 to the server which handles the entire request. Flame will be interesting but I don't think it changes much here
36 replies
CDCloudflare Developers
•Created by aleksandr on 11/20/2024 in #pages-help
Removed an HTML page but it's still showing up on my website
I haven't heard of any plans for it on the Pages side of things, Pages is soft replaced by Worker Assets now as well, and it looks like Workers Assets just doesn't have that logic at all so far
7 replies
CDCloudflare Developers
•Created by aleksandr on 11/20/2024 in #pages-help
Removed an HTML page but it's still showing up on my website
It's Pages Asset Preservation: https://developers.cloudflare.com/pages/configuration/serving-pages/#asset-retention
We will insert assets into the cache on a per-data center basis. Assets have a time-to-live (TTL) of one week but can also disappear at any time. If you do a new deploy, the assets could exist in that data center up to one week.It's from the underlying pages.dev, so not going to reflect in cf-cache-status on a custom domain, since that's now your custom domain's cache status It's cached based on the received url, which means it's different cache between custom domain and pages.dev/previews, ex:
https://www.aleksandrhovhannisyan.com/blog/javascript-game-loop/
It's per data center so depends where you're viewing it from, and you have no way to clear it since it lives on the underlying pages.dev.7 replies
CDCloudflare Developers
•Created by Wes on 11/20/2024 in #workers-help
Workers running in a different continent from the requester
The debug test site uses the virtual /cdn-cgi/trace paths, not Workers, so it'd probably just be a network level forward for http requests or something simpler. They've posted about their traffic manager before: https://blog.cloudflare.com/meet-traffic-manager, if they run out of capacity for a specific plan they remove anycast routes and predict where it's going to land
36 replies
CDCloudflare Developers
•Created by Wes on 11/20/2024 in #workers-help
Workers running in a different continent from the requester
But I'm getting to the edge on GRUIt's absolutely routing related, you're not consistently being routed to the closer location. Your note that routing isn't consistent/sometimes you hit gru on free plan reinforces that, sometimes issues like these are transient and just get fixed, ISP trying to optimize routes and accidentally flinging traffic far away, etc. Higher plans get access to more paths/routes overall which helps If you don't have smart placement on, workers run on the same edge machine they hit/same cdn machine, they're not routed to a workers cluster or anything like that, so pretty simple deployment. Routing is a sort of shared responsibility, the provider (Cloudflare) publishes specific routes/paths to reach them. Your ISP has the final say in which one they pick though. Generally when stuff goes wonky it's safe to blame the ISP, since they can always manually override stuff/it's usually in their interest to find a way to keep traffic local & cheap, could be Cloudflare changing stuff too, but would need more samples/info to say anything more. Traceroute of the bad route might show something more interesting, but probably wouldn't be too helpful
36 replies
CDCloudflare Developers
•Created by Wes on 11/20/2024 in #workers-help
Workers running in a different continent from the requester
Routing is always ISP related at least to a degree. There's never any guarantees about which plans get which colocations or specific routes except for Enterprise, and even then ISPs can just override/do whatever they want if they want. You could VPN to a nearby datacenter, and you'd probably get routed to the local cloudflare data center on a datacenter connection. Otherwise it is probably ISP related and not Cloudflare location related as Cloudflare does have a good amount of capacity down there, but would need more reports/info to know
36 replies
CDCloudflare Developers
•Created by Wes on 11/20/2024 in #workers-help
Workers running in a different continent from the requester
Based on that smaller sample size, looks like only Business plan or higher is being routed locally for you. What's your ISP? Haven't heard too much about routing issues in South America, mostly just Indian ISPs demanding money for peering/causing eh routing
36 replies