Cdn #477
Cdn #477
Conversation
|
what value does this documentation add? Is this a WIP or the finished state? (From the description I assume it's a work in progress, but on #467 you mentioned it was ready for review) |
|
The Cloudflare section is complete. I'm sure there are other CDNs that are used, however, I have no experience with them fronting Mastodon. The value it adds is to prevent another admin who uses Cloudflare as a CDN (And possibly SSL termination) to not waste 8 hours on trying to figure out why Mastodon is delivering broken assets when behind the CDN. So, it's complete for the single section. I was looking for a place in an existing doc, and was told to just create a new doc for this. |
There was a problem hiding this comment.
I don't feel comfortable including this in the documentation without an explanation of the security and privacy problems with using Cloudflare SSL termination. Also, as it is the PR nearly no information on how to set up cloudflare beyond the very obvious (enable SSL termination, expose port 80).
Running-Mastodon/Using CDNs.md
Outdated
| # Using Mastodon Behind A CDN | ||
| Mastodon behind a CDN such as Cloudflare or Akamai, allows you to save bandwidth on your host, by offloading processing elsewhere. Other benefits with many CDNs are also available, such as dynamic routing, or SSL termination. | ||
|
|
||
| While there are benefits to such a setup, it can be very complex, and make issues difficult to troubleshoot. You will definitley want to have a development/testing instance of Mastodon that is not behind the CDN, in order to test new code deployed to your system. |
Running-Mastodon/Using CDNs.md
Outdated
| @@ -0,0 +1,14 @@ | |||
| # Using Mastodon Behind A CDN | |||
| Mastodon behind a CDN such as Cloudflare or Akamai, allows you to save bandwidth on your host, by offloading processing elsewhere. Other benefits with many CDNs are also available, such as dynamic routing, or SSL termination. | |||
There was a problem hiding this comment.
I'm not sure this sentence needs to be in here. it's just fluff.
There was a problem hiding this comment.
I don't know if it's fluff, but I fleshed it out for those who might be considering using a CDN.
| ## Cloudflare | ||
| Cloudflare is a service that provides SSL termination, DNS hosting, and additional CDN services. Only the DNS hosting and SSL termination is viable to use with Mastodon. | ||
|
|
||
| If you are wanting Cloudflare to terminate your SSL, you will need to open port 80 to the world, and ensure that the CDN option is always on for your domain record. However, you will need to create page rules to turn off the other acceleration features. |
There was a problem hiding this comment.
We really don't recommend terminating SSL with cloudflare for security and privacy reasons. Also the instructions on how to do so here are very vague, and don't provide any concrete information.
There was a problem hiding this comment.
Added verbiage explaining security implications.
|
From what I experienced in mstdn.jp, when you want to use CloudFlare for all Mastodon instance you have to care about:
I don't recommend to apply CloudFlare termination for all Mastodon instance. Using CDN to deliver assets and media is enough, almost all of the other data needs to be rendered dynamically and CDN has no merit for them. Regarding to SSL termination, you can use Let's Encrypt, so I highly recommend to use it. |
|
I don't think we should recommend users enable cloudflare, and I don't think this pull request does a good enough job for saying why it should be included. |
Initial start for CDN documentation, re: issue #467