Cloudflare

Cache content across Cloudflare's global server network. Available on all plans Cache stores copies of frequently accessed content (such as images, videos, or webpages) in geographically distributed data centers that are located closer to end users than origin servers, reducing server load and improving website performance.FeaturesDefault cache behavior Learn about default cache behavior, default cached file extensions and cache responses. Cache Rules Configure Cache Rules to optimize your website by specifying which resources should be cached and for how long. Tiered Cache Enable Tiered Cache to optimize content delivery by caching frequently accessed content in multiple locations for faster delivery and reduced origin traffic. Cache Reserve Use Cloudflare's persistent storage to increase cache times. Purge Instantly purge cached files to force Cloudflare to fetch fresh versions from your web server files. You can purge specific files or all at once. Load Balancing Cloudflare Load Balancing distributes traffic across your Any service or hardware that intercepts and processes incoming public or private traffic." tabindex="0">endpoints, reducing endpoint strain and latency and improving the end users experience. Images A suite of products tailored to your image-processing needs. Workers Cloudflare Workers allows developers to build serverless applications and deploy instantly across the globe for exceptional performance, reliability, and scale. Rules Cloudflare Rules allows you to make adjustments to requests and responses, configure Cloudflare settings, and trigger specific actions for matching requests. Cloudflare Network Interconnect Cloudflare Network Interconnect (CNI) allows you to connect your network infrastructure directly with Cloudflare – rather than using the public Internet – for a more reliable and secure experience. R2 Cloudflare R2 Storage allows developers to store large amounts of unstructured data without the costly egress bandwidth fees associated with typical cloud storage services. Aegis Cloudflare Aegis provides dedicated egress IPs (from Cloudflare to your origin) for your layer 7 WAF and CDN services, as well as Spectrum. More resources Plans Compare available Cloudflare plans Pricing Explore pricing options for Cache

The following section explains how Cloudflare directs traffic efficiently with anycast routing and serves as an intermediary between users and origin servers. The second part covers TCP connections and keep-alives for performance optimization, and lastly, TCP Fast Open (TFO), a protocol extension that enhances the speed of TCP connections.How Cloudflare connects user to originUsers connect to Cloudflare by sending requests from their devices to Cloudflare's global network. Cloudflare connects to the origin server by acting as an intermediary between the user and the origin.flowchart LRaccTitle: Connections with CloudflareA[Visitor] B[Cloudflare global network] C[Origin server]User traffic is routed to the nearest Cloudflare data center based on the shortest Border Gateway Protocol ↗ (BGP) path, thanks to anycast ↗ routing. Cloudflare then processes the request. In case a request is not served from Cloudflare’s data centers, Cloudflare will open a connection to the origin server to forward the request.TCP connections and keep-alivesHTTP (Hypertext Transfer Protocol) is a Layer 7 ↗ application protocol that operates over TCP. By default, HTTP opens a new TCP connection for each request-response cycle, which can lead to performance overhead due to the repeated connection establishment and teardown.Keep-Alives are a mechanism that bridges TCP and HTTP, and allow a single TCP connection to remain open for multiple HTTP requests and responses. This minimizes the connection overhead and latency associated with establishing new TCP connections for each web resource. Keep-Alives improve the efficiency and responsiveness of web applications by facilitating the reuse of existing connections, reducing network traffic, and enhancing user experience.TCP connections can persist even after HTTP requests have concluded. However, to manage resources efficiently, idle connections are typically terminated after a certain period of inactivity. To enhance connection reuse and minimize connection overhead, keep-alives are employed. These mechanisms collectively optimize the performance and reliability of web applications while conserving network resources.If either a user or an origin does not respond to two keep-alives, Cloudflare will sever the connection by sending a TCP Reset (RST) packet.For connections to users, Cloudflare has a default idle timeout of 400 seconds. After the 400 seconds, Cloudflare will start sending keep-alive probes every 75 seconds. If nine consecutive probes are unanswered, Cloudflare will sever the connection by sending an RST packet.TCP connection settings between the user and Cloudflare, and between Cloudflare and Origin can be customized for Enterprise customers. Reach out to your account team for more details.TCP Fast Open (TFO)TCP Fast Open ↗ (TFO) is a protocol extension that can significantly improve the speed of establishing TCP connections by allowing data to be sent in the initial SYN packet, rather than requiring a separate handshake before data transmission begins. TFO can reduce latency and improve website and application performance, particularly on high-latency networks. Cloudflare supports TFO on user connections.When a client initiates a connection to a web server protected by Cloudflare, it sends a TCP SYN packet to request a connection. Cloudflare, acting as a reverse proxy, intercepts the SYN packet and responds with a SYN-ACK packet to establish the connection. With

Cloudflare Tunnel runs a lightweight daemon (cloudflared) in your infrastructure that establishes outbound connections (Tunnels) between your origin web server and the Cloudflare global network. In practical terms, you can use Cloudflare Tunnel to allow remote access to services running on your local machine. It is an alternative to popular tools like Ngrok ↗, and provides free, long-running tunnels via the TryCloudflare service.While Cloudflare Pages provides unique deploy preview URLs for new branches and commits on your projects, Cloudflare Tunnel can be used to provide access to locally running applications and servers during the development process. In this guide, you will install Cloudflare Tunnel, and create a new tunnel to provide access to a locally running application. You will need a Cloudflare account to begin using Cloudflare Tunnel.Installing Cloudflare TunnelCloudflare Tunnel can be installed on Windows, Linux, and macOS. To learn about installing Cloudflare Tunnel, refer to the Install cloudflared page in the Cloudflare for Teams documentation.Confirm that cloudflared is installed correctly by running cloudflared --version in your command line:cloudflared version 2021.5.9 (built 2021-05-21-1541 UTC)Run a local serviceThe easiest way to get up and running with Cloudflare Tunnel is to have an application running locally, such as a React or SvelteKit site. When you are developing an application with these frameworks, they will often make use of a npm run develop script, or something similar, which mounts the application and runs it on a localhost port. For example, the popular vite tool runs your in-development React application on port 5173, making it accessible at the address.Start a Cloudflare TunnelWith a local development server running, a new Cloudflare Tunnel can be instantiated by running cloudflared tunnel in a new command line window, passing in the --url flag with your localhost URL and port. cloudflared will output logs to your command line, including a banner with a tunnel URL:cloudflared tunnel --url INF Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared]2021-07-15T20:11:29Z INF Version 2021.5.92021-07-15T20:11:29Z INF GOOS: linux, GOVersion: devel +11087322f8 Fri Nov 13 03:04:52 2020 +0100, GoArch: amd642021-07-15T20:11:29Z INF Settings: map[url: INF cloudflared will not automatically update when run from the shell. To enable auto-updates, run cloudflared as a service: INF Initial protocol h2mux2021-07-15T20:11:29Z INF Starting metrics server on 127.0.0.1:42527/metrics2021-07-15T20:11:29Z WRN Your version 2021.5.9 is outdated. We recommend upgrading it to 2021.7.02021-07-15T20:11:29Z INF Connection established connIndex=0 location=ATL2021-07-15T20:11:32Z INF Each HA connection's tunnel IDs: map[0:cx0nsiqs81fhrfb82pcq075kgs6cybr86v9vdv8vbcgu91y2nthg]2021-07-15T20:11:32Z INF +-------------------------------------------------------------+2021-07-15T20:11:32Z INF | Your free tunnel has started! Visit it: |2021-07-15T20:11:32Z INF | |2021-07-15T20:11:32Z INF +-------------------------------------------------------------+In this example, the randomly-generated URL has been created and assigned to your tunnel instance. Visiting this URL in a browser will show the application running, with requests being securely forwarded through Cloudflare's global network, through

There are many Cloudflare Tunnel setup guides on the net, but I found most are outdated and incomplete. Therefore I decided to put together this post in this subreddit with some updated information to help new users.Cloudflare is a popular CDN which provides a free tier of DDOS protection for websites. With Cloudflare, you can create a VPN to securely access your internal networks, and host your web services with malware and DDOS protection. You can get all these with Cloudflare's free plan.PrerequisitesTo use Cloudflare you need to own a domain name, you can get it from any domain provider, you may buy it directly from Cloudflare or somewhere like namecheap.com.Cloudflare Tunnel is part of Cloudflare Zero Trust, while the basic plan is free, a credit card is required.First sign up for a Cloudflare account. on the Account Home in the Cloudflare dashboard, go to Websites > Add a domain. Enter your existing domain name or register a domain, if existing domain, leave quick scan for DNS records checked and continue, choose free plan, click continue at the DNS management page, update your nameservers to the ones shown, and wait for few minutes, you will receive an email when it's ready. Once ready and you click on the email link, you will see a quick start guide page, just click "Finish Later".Cloudflare Tunnel SetupOn the Cloudflare dashboard, click on Zero Trust > Networks > Tunnels > Create a tunnel. Cloudflared. It's the recommended since it doesn't require opening firewall at router. WARP Connector requires a Linux VM and opening firewall.The name of your tunnel, for easy identification use server name, in this case your NAS name. Save.For environment, we just need token value. You can click on Copy and extract the token ID. The part on the dashboard is done for now, leave it open and go back to NAS.Server SetupDownload and run the Cloudflare docker image cloudflare/cloudflared from Container Manager, enable auto-restart, leave port and volume settings as default, for network choose “host” and for command put below where token is the token value you got earlier:tunnel run --token Click next and Done. It will register your server with Cloudflare tunnel, if you go back to your Cloudflare tunnel page, you should see status shown as Healthy.Publish Internal Websites Using Cloudflare TunnelSuppose you want to expose Overseerr on your NAS to the Internet so your families and friends can use it. You may use Public Hostname feature of Cloudflare Tunnel for that.Go to Cloudflare Dashboard > Zero Trust > Networks > Tunnels, choose Configure for your NAS tunnel. click on Public Hostname and then Add a public hostname. Suppose you want to access Overseerr with overseerr.example.com, use the following.subdomain: overseerrdomain: example.compath:type: httpURL: localhost:5055We use localhost not the NAP IP because our cloudflared is running on the NAS locally, using localhost to avoid unnecessary traffic on the network interface. Now try overseerr.example.com.Do the same for other docker services you want to publish.Cloudflare Zero Trust SetupPublish internal websites is only one

Cloudflare offers several tools to test the speed of your website, as well as the speed of your Internet connection.Test website speedUsing CloudflareOnce your domain is active on Cloudflare, you can run speed tests within the Cloudflare dashboard ↗.This speed test will provide information about critical loading times, performance with and without Cloudflare's proxy, and recommended optimizations.If you experience any issues, make sure you are not blocking specific user agents.Using third-party toolsIf your domain is not yet active on Cloudflare or you want to measure the before and after improvements of using Cloudflare, Cloudflare recommends using the following third-party tools:GTmetrix ↗DebugBear ↗Lighthouse ↗WebPageTest ↗If you use these third-party tools, you should do the following to test website speed:Pause Cloudflare to remove performance and caching benefits.Run a speed test.Unpause Cloudflare.Run a speed test1.Run a second speed test to get your baseline performance with Cloudflare.Improve speedBased on the results of these speed tests, you may want to explore other ways to optimize your site speed using Cloudflare.Test Internet speedTo test the speed of your home network connection (download, update, packet loss, ping measurements, and more), visit speed.cloudflare.com ↗.The results of your first speed test with Cloudflare will likely contain uncached results, which will provide inaccurate results.One of the key ways Cloudflare speeds up your site is through caching, which will appear in the results of the second test. ↩