Skip to content

NodeBB socket with CloudFlare

Unsolved Performance

  • 11 Votes
    47 Posts
    3k Views

    @DownPW Seems fine.

  • 1 Votes
    1 Posts
    89 Views
    No one has replied
  • 3 Votes
    4 Posts
    605 Views

    @crazycells hi - no security reason, or anything specific in this case. However, the nginx.conf I posted was from my Dev environment which uses this port as a way of not interfering with production.

    And yes, I use clustering on this site with three instances.

  • Podcast Share NodeBB

    Solved Configure
    15
    4 Votes
    15 Posts
    485 Views

    @cagatay You could experiment with nodebb-plugin-ns-embed but I expect the x-origin tag on the remote site to prevent playback.

  • 1 Votes
    3 Posts
    239 Views

    @qwinter yes, I recently migrated this site to CF in full and noticed the same thing. Seems CF also has native socket support now under the free plan, so win/win. I’ve not noticed any degradation of service since moving so happy to stay put for the time being.

  • 3 Votes
    10 Posts
    775 Views

    @Hari DDoS protection is not just a switch, or one component. It’s a collection of different and often disparate technologies that when grouped together form the basis of a combined toolset that can be used in defence.

    Typically these consist of IDS (Instrusion Detection System) and IPS (Intrusion Prevention System) components that detect irregularities in network traffic, and will take decisive action based on predefined rulesets, or in the case of more modern systems, AI and ML.

    Traditional “traffic shaping” technology is also deployed, so if an attack cannot be easily identified as malicious, the bandwidth available to that connection is severely limited to nothing more than a trickle rather than a full flow.

    Years ago, ISP’s used traffic shaping (also called “policers”) as an effective means of stopping applications such as BearShare, eDonkey, Napster, and other P2P based sharing systems from functioning correctly - essentially reducing the “appeal” of distributing and seeding illegal downloads. This was essentially the ISP’s way of saying “stop what you are doing please” without actually pulling the plug.

    These days, DDoS attacks are designed to overwhelm - not assume control of - webservers and other public facing components. It’s rare for small entities to be attacked unless there is some form of political agenda driven by your site or product. A classic example is governmental institutions or lawmakers who effectively are classed as “enforcers” and those who disagree are effectively making a statement in the form of Denial of Service.

    DDoS protection is effectively the responsibility of the hosting provider, but you shouldn’t just assume that they will protect you or your site. Their responsibility stops at their infrastructure, so it’s then up to you too decide how you full the gap in between your host and the website.

    Typically, you’d leverage something like Imunify360 which you can get for Plesk (and something I’d strongly recommend) but it’s not free, and is a paid (not expensive per month) subscription. If you want to use VirtualMin then there are a variety of tools readily available out of the box such as firewalls and fail2ban.

  • 5 Votes
    1 Posts
    249 Views
    No one has replied
  • 38 Votes
    193 Posts
    30k Views

    OMG make sense

    Thanks dude 🙂