March 9th, 2020 × #cloudflare#cdn#dns
Hasty Treat - Scott asks Wes about Cloudflare
Overview of various Cloudflare services like DNS management, caching, DDoS protection and discussion on how to set it up.
- Overview of Cloudflare services
- Using Cloudflare for DNS only or with domain registration
- Caching and DDoS protection
- Moving DNS records over to Cloudflare
- SSL certificates
- Cloudflare firewall rules
- Cloudflare Workers for serverless functions
- Cloudflare services not being used
- Setting up Cloudflare step-by-step
Transcript
Announcer
Monday. Monday. Monday.
Announcer
Open wide dev fans. Get ready to stuff your face with JavaScript, CSS, Node modules, barbecue tips, get workflows, breakdancing, soft skill, web development, the hastiest, the craziest, the tastiest development treats coming in hot. Here is Wes Barracuda Bos and Scott El Toroloco Tolinski.
Scott Tolinski
Welcome to Syntax.
Scott Tolinski
In this Monday, Sanity treat. We're gonna be talking all about Cloudflare.
Scott Tolinski
Specifically, I'm going to be asking Wes to describe some things in Cloudflare, not because I don't know. I know everything. Right? Of course not. Of course, it's not something I don't know. But I'm just interested in learning some new things, from the audience perspective. So I'm gonna be asking Wes a whole bunch of things about Cloudflare, and we're gonna be talking about it. I should state, 1st and foremost, that we are not sponsored by Cloudflare. They have not paid us for this episode. This is just a pure curiosity and interest. So my name is Scott Tolinski. I'm a developer from Denver, Colorado. And with me, as always, is Wes Bos. Hey, everybody.
Scott Tolinski
Hey, Wes.
Scott Tolinski
This episode is sponsored by LogRocket.
Scott Tolinski
Now LogRocket is an amazing service to give you a session replay over what types of bugs are happening in your site. Something happened? Well, it's gonna be cataloged, logged in LogRocket, and you're gonna be able to check it out, see it, and you get this really cool thing. This is one of the services in my mind. You really wanna go to their website. I'm not just doing saying that because they're our sponsor. But if you do, go to logrocket.comforward/ syntax, so that way they they know where you came from.
Scott Tolinski
But you're gonna wanna watch this video that shows you exactly what you get with this session replay because it's a scrubbable video that shows you your network request, your console log. It shows you what the user did, and it is absolutely fascinating. You get to see all of the steps that they took before they broke your website, and it's so cool. So if you go to log rocket.comforward/syntax, you'll get 14 days for free, And you're definitely gonna wanna try this out or at least watch the video because that's enough to sell me. It is so very cool. So thank you to LogRocket for sponsoring.
Scott Tolinski
And, I bet Cloudflare wishes they could thank us for, you know, the amount of trust we're gonna give them from this episode even though they they don't need it. Cloudflare's a big, big company.
Scott Tolinski
So Cloudflare, for those of you who don't know, they provide a ton of different services, so many that it kind of makes me overwhelmed when I look at it. So I see Cloudflare, and I hear everyone talking about Cloudflare. And granted, I've used it in the past for some things, but there are so many different things that exist within Cloudflare here. I wanted to ask you, which of these services, that Cloudflare has are using, which are you not using, what and why? Maybe we can do a little bit of overview of these features and maybe what utility they provide.
Overview of Cloudflare services
Wes Bos
Yeah. Cloudflare does so much, and it actually powers, like, 10% of the Internet or something like that.
Wes Bos
1 in 10 requests go through Cloudflare. There's a bunch of people that don't like that because there's too much power in one spot, and that's that's a very valid concern. You definitely have to have trust in the company in order to use it. So what are they? Well, probably, at the very basic, they are a DNS provider, which means that when you buy a domain name and you set your name servers, you set your name servers to point at Cloudflare, and then you log in to Cloudflare, and you're able to manage your a records, your MX records, your all of your validations, all anything that you put in a domain name. So you you personally, are you hosting your domain
Using Cloudflare for DNS only or with domain registration
Scott Tolinski
there, or are you pointing your DNS there and or both? Like, are both of those things a, possibility just to point your name servers there and let them you do the DNS stuff?
Wes Bos
Yeah. At the very basics, they Yarn a free DNS provider with a really nice interface, but you can also now transfer your domain names to them. You can't register new domains with them yet. They will probably roll that out at some point.
Wes Bos
But because they want you to use the rest of the stuff that we're talking about, they offer domain name registration at cost, which means you're not gonna get them cheaper anywhere else. They don't have every single they don't have AF. So I still have to go to Gandhi to get AF, but you can just renew them. I'm I moved all of my domain names over as as many as I could.
Wes Bos
I personally I buy them at Hover, and then I just transfer them over to Cloudflare once the, like, 2 week lock is up because I know that they'll they'll renew their at cost. For those of you who've never transferred a domain, is that process simple? I've transferred domains, but do you wanna, yeah, do you wanna do a quick on that? That's a great question. Yeah. People so, like, one thing you need to know about transferring a domain name is you have to pay for a registration, but you don't have to wait until your domain name is about to be up for renewal. So if you've got 8 months left at GoDaddy or something like that, you just can move it over to Cloudflare, and then you get 1 year 8 months. So you'd be you have to pay the $8 for a .com, but you don't reset the clock. You still have that original time that you you paid at your original registrar, and you can then move it over. And how to do it? Well, first, you have to unlock the domain name, which is a setting in wherever you currently have your domain name, and then you have to get a transfer code. So you generate these one time transfer codes, and then you set up the you just basically set it up on Cloudflare, and then they ask you for that code.
Wes Bos
And then anywhere between 20 minutes and a week later, that domain name will transfer over. Some registrars make you log in and approve it. Some registrars don't like this because it's a cash cow for them. Spread. So they wanna make it very hard. Yeah.
Wes Bos
Yeah. But, yeah, once it's there, you have access to all of your DNS at Cloudflare. And then the Node Scott of the the initial thing that they did was they turn on what's called orange clouding. So you can either use Cloudflare just as a DNS provider, which is great because because they're such a big part of the Internet, I feel like my stuff updates quicker on Cloudflare.
Wes Bos
I'm not sure if that's true or not.
Caching and DDoS protection
Wes Bos
They provide, caching. So if you have an image or CSS or HTML, they are a layer in between your web server and your request. So when as soon as you go orange cloud, you're you're essentially putting another server in between.
Wes Bos
And at that layer, they will proxy all of your requests in, and they can do things like image compression.
Wes Bos
They can do caching. Like, I'm just looking at my beginner JavaScript course here.
Wes Bos
So in the last 2 days, I've cached a gig. So that's huge if you're paying Yeah. By the gig. Then that's out of 28,000 requests.
Wes Bos
95% of the visitors are receiving a cashed one to them. So that that's great. If you if you're paying by the gig, this is gonna save you tons of money, and and you don't have to pay for this on Cloudflare's.
Wes Bos
And another thing they do is DDoS protection. So if you're getting a DDoS's distributed denial of service, if somebody were to hammer your website or if you were to DDoS yourself, which I've done many times in my life, Cloudflare will recognize bad actors like that, and they will try to prevent that based on lots of stuff, most of which is secret sauce internal to Cloudflare because they don't wanna tell same thing how, like, Google spam recognition works. They don't tell you how that works because that's their secret sauce. Right? Totally.
Scott Tolinski
So this is all free so far. That's crazy.
Wes Bos
Yeah. Yeah. That JS that is totally free.
Scott Tolinski
Do you have to have all of your d like, do you have to have your DNS on there to take advantage of things like the DDoS protection. Wes. Yeah. You have to use their their DNS at a very low level.
Wes Bos
But even if you just use it, it's a very it's probably one of the best UIs I've seen for managing your Deno, so, big fan of of that.
Wes Bos
They also hide your server IP. So, like, one one sort of thing is, like, how how do you not get is don't let people know what your server's IP address is because as soon as somebody knows what the IP address to your box is or if your box is not set up, like, on DigitalOcean, you can set up firewall rules that will reject any requests unless it's coming from Cloudflare, and that will stop, malicious actors from trying to go directly to your box.
Wes Bos
But in general, you should not let people know what the the IP address of your box actually is. And if you look up the IP address of a Cloudflare domain, it will just send you a Cloudflare IP address, and and there's no way to tell. There's some, like, weird stuff around it JS if you need to SSH into your own box, you have to sort of work around that, but that's well worth your time.
Scott Tolinski
Cool.
Scott Tolinski
Wow. So I okay. Yeah. Although this is getting the wheels turning, the main barrier for me is moving my DNS, which I'm currently running on DNS simple.
Moving DNS records over to Cloudflare
Scott Tolinski
DNS simple is pretty cool, but, I think I need to move my DNS over, and they need to start doing some of this stuff, just to just to to get, I don't know, just to get a lot of these features. Right now, I Wes on DNS Simple specifically because of their they had these, like, really interesting sort of fake record that's not like a real record.
Scott Tolinski
Let me see what it's called. They they call it a like, an alias record, I think, if that's not a real thing. Are you familiar with the alias record concept?
Wes Bos
Yes. I am. There's there's some weirdness around if you wanna alias the root domain Yeah. Which Cloudflare does that as well. They they have some special sauce around that, which is not generally a thing that you can do. Right. It's super weird for me because I needed to do a reroute moving from HTTP
Scott Tolinski
to HTTPS. Yeah. And it looks like a lot of weird stuff. So cool. Alright. Well, I'm gonna have to do that. This is gonna be on my list today. So okay. We have that. If you also have here that there's a free h t t p s. Is that something you're using? Because I've always been using my SSL through, DNS symbol. TypeScript?
SSL certificates
Wes Bos
Oh, yeah. Or Well, yeah, it is Let's Encrypt, but it's automatically renewed and set up through Deno Simple. Oh, so DNS Simple does that for you. That's cool. Yeah. You don't even have to touch it. You just say, hey. This domain's got DNS, and then it renews automatically and stuff. That's how it should work. Yeah. So Cloudflare will give you free SSL certificates, which is was a big deal when you had to pay for them. It's not so much of a big deal now that they are free For everything. With Let's Encrypt.
Wes Bos
I still generate a Let's Encrypt SSL certificate for all of my sites because, the traffic between Cloudflare and your server and the traffic between Cloudflare and the user between the user and Cloudflare is encrypted, but by default, the traffic between Cloudflare and your server is not encrypted.
Wes Bos
So I'd like to have that on. Also, you can sometimes, I have to just turn off Cloudflare. It's called going gray cloud. Sometimes you gray cloud a a domain name, and that turns off all the Cloudflare features and just gives you raw DNS.
Wes Bos
And if that's the case, then you you lose SSL. So I still always do have a SSL cert for all of my my websites for those two reasons. Interesting. Great cloud. What, vapers and,
Scott Tolinski
Wes developers have in common. That's cool. Yeah. I
Wes Bos
that's great. I should say also, like, moving your DNS over, Cloudflare does this cool scan Wes they will take your existing DNS entries and warp them over. I gotta get And that Wes, like, the yeah. That was, like, the hard part about moving DNS is that, like, I don't wanna, like it's so scary to move your email, Node, Deno, because if you take down email, you're you're pooch.
Wes Bos
So they do a really good job at that. Yeah. I gotta get that. What else? They have firewall rules. So I've got a couple firewall rules that Yarn run on some of my course platforms just to keep malicious actors out. So I've I've put those up there. So, like, I think you got, like, 5 free firewall rules, and after that, you have to pay.
Cloudflare firewall rules
Wes Bos
A lot of these, they give you a couple for free, and then you pay for the rest after that.
Wes Bos
They give you scrape shield. So if you've got email addresses or phone numbers on your website, Cloudflare is really good at detecting if the person viewing the website is a bot or the what they do is they inject a little bit of JavaScript into your website that will the default they'll hide email addresses, and then they'll use JavaScript to show them. And then they can detect if it's a bot or not and and not show them, which is pretty cool.
Scott Tolinski
Interesting.
Wes Bos
That's cool. Yeah. They've got stats, which I really like. So, like, server it's similar. You know, we talked about, like, Netlify stats. Yeah. I was gonna say it looks like they have some analytics stuff in here that's new that I haven't seen. Yeah. Some pretty cool, analytics. I'm I'm a big fan of this. And, also, like, they're Cloudflare knows bots. Right? So I I feel like I trust the Cloudflare analytics a lot because they can filter out bots really, really well, and they're also not it's not client side stats. It's server side stats, which is pretty cool. Yeah. And, what else here? They we do had a whole show on serverless functions, so they have this new thing called Cloudflare Workers,
Cloudflare Workers for serverless functions
Scott Tolinski
which is pretty nifty. I always thought so Cloudflare Workers to me makes it seem like there's some sort of connection to service workers. Are they're not they're just they're just serverless functions that's, They're serverless functions, but they work similar to how service workers work in that you can intercept
Wes Bos
requests. Mhmm.
Wes Bos
Because of the unique position Cloudflare is in, you can run code in between the request and the response, and you can sort of step in much like a service worker would be able to intercept the fetch request and serve up a cache instead of letting it go to the server.
Wes Bos
Interesting.
Wes Bos
Yeah. They have their own Deno.
Wes Bos
Like, if you go on to your your router Do you use this? I do. Yes. I do.
Wes Bos
So they intelligently route your Wes, so they're a bit faster.
Wes Bos
It's just 1.1.1.
Wes Bos
So if you go to 1 on 1 on 1 on your website or you can even type in 1.1.1.1, like the the actual words. Mhmm. And it will Wow. Still work. Which is fun. Pretty nifty. So they must have registered the Scott t l d for just Scott Node just so they could get that name. That's weird. That's kinda wild. Yeah. Yeah. And then they have Cloudflare Warp, which is a how do you describe this? It's like a VPN, but not a VPN. Oh. So sometimes your ISP will it encrypts your traffic like a VPN does, but it doesn't hide you like most VPN does. Mhmm. It's not gonna fake your country or something like that. That's that's pretty useful. Right? Because there's so many times I go to YouTube TV, and YouTube TV JS like, you're using a VPN. That's it. You can't Oh, yeah. Watch our YouTube.
Wes Bos
Oh, I see. Yeah. Yeah. I didn't even think of that. That's because nothing in Canada is good enough to actually watch normally.
Wes Bos
But I should not lie. Actually, CBC has a pretty good app. But they have this little VPN that, like, I have an AT and T phone, and if you try this, it has this thing called stream saver where it, like, reduces if it tells you're streaming Netflix or YouTube or something like that, it will intentionally throttle those packets, and they shouldn't be able to do that. Like, data JS data. Right? You're paying for what you get. So, Cloudflare were warp will just encrypt that traffic.
Wes Bos
And currently, they only have it for your phone, and, I've been assuming they will, at one point, roll it out.
Wes Bos
Cloudfly doesn't seem to roll out stuff very quickly, but when they do, the rollout is usually pretty good. There's a little bit around Warp. It didn't work with YouTube initially, but I since went back to it after 6 months or so, and it it's awesome now. Interesting. So they're bangers. They they don't put out a lot of stuff, but when they do, it's a hit? Yeah. Well, like, they do a lot, but, like, they don't it doesn't seem like they rush anything out. Sure.
Wes Bos
But I can I definitely trust the company in terms of the stability, and this is probably at some point, someone will take this clip of me saying I trust them and probably come back for it? This happens anytime I talk about a company.
Wes Bos
Something happens.
Wes Bos
They get hacked, or they're found, like, colluding with government or something. Right. They're doing it. And, it comes back to get me. But
Scott Tolinski
That's funny. I'm, I'm taking that risk. So okay. So there's a lot of these services here. Right? There's these are a lot of services, and there's a a few that I see that you're not using. Do you wanna give some insight into what you're what you're not using and maybe why?
Cloudflare services not being used
Wes Bos
Yeah. One one thing I haven't used yet is they have a key value storage for their servers warp or serverless functions.
Wes Bos
What are they called? Workers? So if you need some sort of database, they they make that available via key value storage. The only reason I haven't used it is because they don't give you any for free. So if you wanna use even 1 little little bit, you have to pay for it, which is not how they've hooked me on the rest of their products.
Wes Bos
So, like, I don't know. Give me give me 10,000 requests a month or something for free. I I think that would be pretty cool if they did that. Sure.
Wes Bos
I I switched over to begin for a little project I just did. I made a hit counter on service work or serverless functions.
Wes Bos
And, in order to save the data about how many hits were there Yeah. That's fine. To begin because they have, like, a free tier of of data.
Wes Bos
They also have an entire video streaming product.
Scott Tolinski
Right. Which I'm very interested in if we're being entirely honest here.
Wes Bos
Yeah. Yeah. I I actually had calls with them, like, a year and a half ago when I was having trouble with Vimeo, and they were just in the early stages of rolling it out. And, like, they don't have a player. They might have a player now. At least at the time I looked at it, they didn't have a player. It was just straight up APIs for just doing raw. Like, it's really low level stuff where you give them your MP 4 file. They'll take care of the encoding and the transcoding and CDN ing it around the world and and all that kind of stuff, which is pretty cool because I like them as a company.
Wes Bos
So, I would definitely check that out if you are reevaluating
Scott Tolinski
your your video right now. Yeah. And it it JS. I mean, it is you're not hosting it there, so it's not like you're stuck there. Right? I mean, it's Yep. Yeah.
Scott Tolinski
Interesting. What? Sorry. Say that again? You're not hosting the video on Cloudflare. Right? You're hosting it in, like, an s 3 bucket. Right? You are. I thought you were just pointing it to an existing storage, but maybe I'm totally wrong. Oh, it does say store.
Wes Bos
Yeah. They they I'm sure that you they slurp it up from an s three bucket, or they can slurp it up from anywhere, but they are the the store and the, interesting, the thing to put it out. So that's one thing. Like, big files don't get cached. Like, whenever I talk about how expensive it is to offer downloads for my videos, everyone's like, why not just put Cloudflare in front of it? And I was like, oh, yeah. I'm sure Cloudflare will love to cache my 800 meg video download. You know? And they they don't they don't cache zips or large files over I forgot what the threshold is. It's more for images and CSS files. Interesting.
Wes Bos
Yeah. And the last thing I don't use is I don't use any of the, like, deep customization. So if you have, like, actual, like, really high level security threats where you need to block a lot of people, get really into firewall and access control, they have tools for that. It's just not something I I use all that often. The things I do use, I'm within the, like, 5 free per domain name.
Scott Tolinski
Cool. So, we did get into this last little bit, so we're not gonna I had another heading here that says how you set it up. We've kind of talked about this, but let's say, okay. So I'm on I'm on Cloudflare's dashboard. I have entered my domain.
Setting up Cloudflare step-by-step
Scott Tolinski
How do you go through the physical process on here of you have a domain somewhere else? Wes what do you do? We can do this real quick.
Wes Bos
Well, I would first yeah. I would first just like, don't worry about transferring the domain name to them. Just leave it on your current registrar while you you toy around with this. You can transfer that at a different point, and that has nothing to do with almost all of this.
Wes Bos
But you just basically, you you set it up. It slurps up all of your DNS records. How how do you how do you get it to where where's the slurp button? We're looking for the slurp button. You click add site. Yes. You type in, level up tutorials.com.
Wes Bos
Yeah. Yeah. And you click on the free plan. Yeah. Click on confirm, and then it says scanning for existing DNS records. And now it's telling me we've got level up tutorials.
Wes Bos
We got store dot level up tutorials. Those are both pointed to the same Yeah. Server. Yes. They are. Then you've got some stuff, looks like, around working with Galaxy and
Scott Tolinski
I got a lot of records.
Wes Bos
Mail sending sending mail and then some validations around, sending transactional email as Wes, and then finally, inbound postmark stuff. Yeah. You so you just have you've got, like, 6 or 7 records here. It slurped them up. Warp. And I don't Node. I keep saying slurp it up. Do you, so this is as, you know, as we do. We're
Scott Tolinski
Slurp? Did there's, like, a 711 slurp slurp song slurp song. Are you familiar with this slurp song? No. No. It's a 711 hit called dance the slurp.
Scott Tolinski
We should put this in the show notes. And I laugh about this because my boss, the guy who I started Vercel up tutorials with Ben, he used to play this song because it's so ridiculous in our office. And it was like a huge huge, like, hit in our office for a little bit just because it's so funny. I had never heard of a 711 branded song before, but this thing is it's from the seventies.
Scott Tolinski
It's very weird, and it's very worth your time. Larp it up.
Wes Bos
Larp? Larp? I'm gonna I I bookmark that. Yeah. Scott book it up. Anyways, so when you add all these DNS records, you continue. And then the last sort of thing that you need to do is you need to go into wherever you have registered your domain name right now and change your a rec or your sorry. Your name servers. Mhmm. So you there's generally 2 or 4 name servers. Cloudflare will give you 2 name servers. You pop them in, and then you gotta sit on your hands for anywhere from a half an hour to 48 hours. It's usually within a couple hours.
Wes Bos
They will move it over. And if everything went according to plan, nothing will have changed. That's fun. And then I would probably turn off sure. I would probably gray cloud all your your URLs while you wait for that transition to go, and that will ensure nothing breaks.
Wes Bos
And then just start turning on all of the cloud flare. You you orange cloud them all, and then just kinda visit your website and and see if if everything looks good. Cool. Wow. So, this is pretty interesting to me. I am gonna be just
Scott Tolinski
Cloudflare right now. Not that it's so funny because I used it so much in the past, but I haven't used it in a little while. And it seems like it's so much different and so much more evolved than it was before. So, very into this. And, again, once again, this episode is not sponsored by Cloudflare. But if they wanna throw some cash for this, they can do that. We'll take your money. Yeah. We'll take it. Yep. Yeah. Send me a hat, at least. Oh, yeah. You know, hat. Has anyone ever given you a hat? Hold on. Has anyone given me a hat? Got a hat from a company, have you? I got a hat.
Scott Tolinski
No. I I think I did get a a really bad hat from, like, one of those, like, really crappy foam trucker hats. I'm trying to remember who sent it, but I'm not sure. It wasn't good.
Wes Bos
I think my dog ate it. Alright. Well, Wes, actually, the Cloudflare went public. So they're, like, they're a publicly traded company. Oh, cool. And when they did, their CEO had a a suit, and the inside of the suit was orange like Cloudflare, which is so cool. And, apparently, his sister made it, which was is even cooler. Yeah. That is cool. Yeah. Kind of a cool company. So hopefully, you learned a thing or two. That is why I always talk about how much I love Cloudflare. It just gives you so much for free.
Wes Bos
I think the reason why they give you so much free is because they have major Major. Major clients. And, like, my silly website that gets a couple 100 hits a day is a drop in the bucket compared to, like Yeah. They're, like, probably defending, like, every half of, half of the world e commerce on Black Friday and things like that. You know?
Scott Tolinski
Right.
Scott Tolinski
Cool. Well, I hope you learned something about Cloudflare. It seems like it's one of those essential tools that you should have in your toolbox, your tool belt, whatever you're carrying around with you to do web stuff. So check it out. Try try this out. Add Node of your domains. Just play around with it. I always like to do this stuff on a test domain first or maybe, like, a fun little project one to see if it works. Yeah. So yeah. Yeah. Definitely do a low stakes one while you get comfortable with it. I've just clicked the go on the moving level up tutorials over there right now, so we'll see while we're recording this episode.
Wes Bos
That's that's a good idea. Yeah. Your your smallest project ever. Just the only thing that feeds your family.
Wes Bos
Yeah. Oh. Oh, that's life. Alright. This is getting a bit tasty, so we'll end it here. Thanks so much for tuning in. Catch you on Wednesday. Pleasure.
Wes Bos
Peace.
Scott Tolinski
Head on over to syntax.fm for a full archive of all of our shows, and don't forget to subscribe in your podcast player or drop a review if you like this show.