Categories
Cloudflare Hosting

Cloudflare Workers

I have been reading more and more about Cloudflare Workers and it looking really cool but I couldn’t think of how I might make use of them. Then I came across a post showing how to use the WP2Static plugin to take an existing WordPress site and migrate it into Cloudflare workers. That was the kick that I needed to migrate my site over. What I like about this solution is I get to keep the ease of content creation that goes with WordPress but the speed and security associated with a serverless site.

Therefore what I will do is maintain a WordPress Instance locally. It doesn’t need to be publically accessible & therefore no security risk. The Instance doesn’t need to be online either except if I want to edit content.

The WP2Static plugin supports a number of automated deployments to some hosting platforms. At the moment Cloudflare isn’t one of them so it does require a bit more manual work. Hopefully, they will support this in the future. I think this trade-off is worth it. Cloudflare has an extensive global network in more than 200 cities I’m going to leverage these to run this site.

The process itself is pretty straightforward

Add the WP2Static plugin to your WordPress site like any other WordPress plugin.

Make sure to set the export as a zip file and select offline usage. Click start static site export and then download the generated file, you will need this later.

On your machine, you need to have Wrangler installed. I have installed this with NPM

npm i @cloudflare/wrangler -g

Then navigate to your working folder and generate the config I have called my site wp-static

wrangler generate --site wp-static

This will then generate three things

  • Public Directory
  • Workers-site Directory
  • Wrangler.toml file

Then take the zip file generated earlier and drop the contents of it into the public folder.

The next step is to add the relevant config to your Wrangler.toml file You need to get the Zone Id and Account Id from within the Cloudflare portal. Below is an example of what my site looks like.

name = "wp-static"
type = "webpack"
account_id = "c9xxxxxxxxxxxxxxxxxxd"
workers_dev = true
route = ""
zone_id = ""

[site]
bucket = "./public"


[env.production]
# The ID of your domain you're deploying to
zone_id = "9881xxxxxxxxxxx4"
# The route pattern your Workers application will be served at
route = "jameskilby.co.uk/*"

Executing “Wrangler Preview” will build and deploy the site and launch a preview of it in your browser to check the site.

If it all looks good

wrangler publish 

will deploy it to a workers.dev based domain in my case I have registered kilby.workers.dev with Cloudflare so the site becomes:

https://wp-static.kilby.workers.dev

The final step is to publish calling the –env production parameter in my .toml file.

wrangler publish --env production

This is the final step and automatically deploys to Cloudflare under the jameskilby.co.uk domain.

Issues:

I have had to change a few things with the move to workers. I am now having to inject Google Analytics statically into the website. Previously I was dynamically injecting this on runtime however that didn’t appear to work with the new setup.

The way I have deployed the site means none of the dynamic elements of WordPress will work, however, I wasn’t using comments etc so this isn’t a big thing.

Performance:

The Cloudflare workers site Is much snappier than the native WordPress site even when it was using the Cloudflare CDN. It will also perform consistently globally whereas the old site would perform worse the further away from the UK the visitor was. This was due to only having a single origin server (running from my lab in the UK)

Testing with gtmetrix.com before and after the fully loaded page time has reduced to 1.6s from 5.5s

Cloudflare reports on the CPU consumed as part of running the side.

Costs

Due to the way this is using Cloudflare Workers it uses an element called Workers KV this is the global low latency Key-Value store. This is unfortunately not available in the free tier. Therefore I have upgraded to the Workers Unlimited plan for $5 a month something that I think is good value for money.

Categories
Cloudflare Hosting

Cloudflare Setup for WordPress Users

I have been a huge fan of Cloudflare since they first came to my attention.  I did a post on them a few years ago. They do an excellent job of improving web performance and increasing security. I also find Cloudflare’s Blog a fascinating read

I saw a tweet by Chris Wahl recently where he talked about a Cloudflare firewall rule he is using to protect his WordPress instance.

I am using something similar in the Firewall section and also leveraging a couple of other cool features.

Chris has done an excellent write up on the firewall part including how to achieve this with Terraform so for the detailed look check out his blog post here for a slightly simpler version see below.  This post will talk about some of the other features I am using to improve the Speed, Security and functionality of my site.

Firewall Rules

The most important thing when hosting a WordPress site is to protect the admin section.  This should be done with a strong password and preferably two-factor authentication.  However, if you can stop people even accessing this part of the site then even better.  If you are using Cloudflare then this is easy to achieve.

From the Cloudflare, portal navigate to My account > Firewall Firewall Rules and create a rule and give it an appropriate name then configure the settings as per below.   The IP(s) in the value section are the only ones that will be able to access the site once this configuration is live.

When the rule is live it will look like the below.  A really nice touch is the graph showing how many requests have matched this rule and you can also dig into see the individual events if required.  An example drop log is shown below

Page Rules

I also use another feature within Cloudflare called Page Rules. My account > Page Rules

Within the free tier of Cloudflare, you are allowed to create up to 3 rules.  At the moment I am using two of these.

The first of these is an automatic rule to rewrite to HTTPS. I am using this with wildcards to ensure that all pages are taken care of but still land on the intended page.   Details of what Cloudflare does are here

The other rule I use is for a status page.  This is more for demonstrating some AWS features as a status page but I am sure multiple other use cases exist.   As Cloudflare intercepts the request before any webserver the redirect is quicker.  However, in this case, they can do the redirect even if my webserver is not online.

Cloudflare Applications

Another really nice use case is Cloudflare’s applications.   As the HTML  CSS etc is passing through the Cloudflare network they can manipulate it.  They do this to improve performance using compression.  They also have the capability to inject code I use this to add Google Analytics into every web page.  They have a large number of Apps available to easily make functional changes to your site.

WordPress Plugins

WordPress has a plugin for interacting with Cloudflare via the API.  This has a couple of uses and it is highly recommended.  Firstly the plugin can optimise your WordPress install to work best with Cloudflare. It also gives you access to some of the basic settings allowing anyone with admin access to WordPress to tweak Cloudflare settings if required.

The second function that it performs is that performs automatic cache management automatically invalidating cache as the content is changed as required.

Categories
Homelab Hosting

Sophos UTM – Lets Encrypt

Lets Encrypt

 

I have written previously around my use of Sophos UTM within my homelab.   Now I know it’s not a perfect device and some diehard network engineers will say it doesn’t have a CLI. But for my lab, my requirements and my level of skill its a dam good device with SO many features.  It may not have a CLI but it does have an API which has been on my backlog to look into for a long time.

Version 9.6 has just been released and one of the features that has been added was the integration of let’s encrypt certificates. Here is a quick intro to get up and running with them.

Create a certificate

To get started first of we need to enable Lets Encrypt.  This is done in the advanced section of the Certificate Management console with a simple tickbox.

Once that’s been enabled its time to request some certificates.

Navigate to Webserver Protection > Certificate Management > Certificates.

Click on +New Certificate…  

Hosting.jameskilby.net Certificate Creation

 

When you select save the UTM Appliance creates a self signed certificate that can be used immediatly.  In the background it requests a certificate from lets encrypt and providing it passes the validation checks the signed Let’s Encrypt certicate is recieved back from Let’s encrypt.

 

Lets Encrypt Certificate

 

Then its simply a case of applying it. In this example I have added to the Web Application Firewall section protecting the webserver

This can then be validated by visiting the site and as can be seen its displaying properly.

I have created Lets Encrypt certificates for all of the services that I run on the UTM,  they auto renew and generally make life a lot easier.

Categories
AWS Hosting

AWS Lightsail

AWS Lightsail

I have been running this blog on-top of some of my Infrastructure at home but the performance ( due to my connection) has never been stunning.

So I decided to move it over to an AWS Lightsail instance to investigate more about the newer VPS service from Amazon and to hopefully help anyone that wants a read.

Assuming you already have an AWS account getting a Lightsail instance up is very quick and incredibly easy.

Options exist for either Linux or Windows

 

Pricing is also very straightforward

Pricing

I chose to go for the $10 a month Instance running Ubuntu with Plesk Included

Once you have decided what you want decide what AWS region you want ( Not all are currently available) I have gone for Ireland

 

 

Then your Instance OS and App

Pick the instance  spec/price and then give the instance a name and click Create

 

A few minutes later you will have a running instance

A public IP will be allocated  and on a Linux server SSH HTTP and HTTPS will be open by default

 

In summery.  Its not as complex as EC2 but the beauty is in the simplicity if your new to AWS its a great place to start and the  performance has  certainly surprised me.

 

 

Categories
AWS Hosting

AWS Status Page – Monitoring Included

AWS Status Page – Enhancements

In a previous post, I deployed a basic AWS status page.  The tool I deployed lambstatus supports pulling metrics from AWS Cloudwatch and displaying them.  As part of my personal development, I thought I would include this on my status page.

I managed to get this working as can be seen here. This is a lambda function running once a minute polling this website and adding the response time into AWS Cloudwatch which Lambstatus is allowed to call.  It has been running without a hitch for nearly a month now at effectivly zero cost

Site Response

The guide I followed is very good and is documented in the Git repo here

Categories
Hosting

Cloudflare

Cloudflare – What is it and why would I care ?

I have been using Cloudflare for a long time.  It is one of my goto services and I use it to protect all of the public services I run for myself and other sites/ organizations.

The basic premise of what Cloudflare do is that they are a distributed Web Application Firewall (WAF) and CDN but they also offer so much more. Because they have a large number of POP’s they can cache and push content closer to your end users to give them a better experience. This also offloads work from your firewall’s, DNS, Web and Database servers.  At present they have 139 sites globally allowing you to host a site anywhere and get good global performance.

Cloudflare has an amazing free tier so you can get started easily.   I use this to host all of my public DNS records. So what does that look like?

[codeblocks name=’host -a’]

As you can see they have given me 2 Nameserver records (Matt and Fay) and also 2 A records Neither of which are my source web server.

Then within the Cloudflare portal you input where the real webserver lives cloudflare will do the rest.  My blog is still a little bit light on readership but you can see Cloudflare handling the spike in requests.

Cache in action

They are also handling the SSL cert for me and the redirect so all traffic is HTTPS to my site allowing me to close port 80 on the firewall all within the free tier.

If you are using with wordpres I would strongly recomend the Cloudlfare plugin is installed.  This way when you make changes to your site it wil automatically purge the cache if required