Cloudflare Access can be used to secure any URL in less than a minute! We will secure our Grafana instance behind Cloudflare Access. There are numerous authentication methods available including Google, Facebook, and Cloudflare’s own One-Time Pin. Auditing is also available.
It’s time to let our hair down and play a little now that we’re done building our cluster. We’re now going to use Prometheus, Node Exporter, and Grafana to capture various metrics such as CPU temperature, memory and network usage, etc. This will then be visualised into lots of pretty dials and graphs.
We’ve created three identical cluster nodes, each with nginx, and bludit. Furthermore, each node is part of a load balancing pool for https://makerflare.com. However, we need to now create a fourth cluster node which will serve as our authoring node. We will use a subdomain called admin.makerflare.com for this node.
Visitors continue to use https://makerflare.com to access your content (served by 3 nodes). However, https://admin.makerflare.com will be used to author content (using our 4th node). Once saved, the content (blog pages, images, etc) will be automatically synced to the other three nodes.
The installation process for admin.makerflare.com will not be covered here. The only change you need is to change the URL in your Argo Tunnel config.yml file to reflect the subdomain. Once done, bludit will need to be installed by first browsing to https://admin.makerflare.com. This will ensure the site.php file reflects the correct URL. You can also of course edit this URL manually if needed.
We are now ready to install Syncthing, a real-time file sync application that will keep content created on admin.makerflare.com in sync with all our cluster nodes. Thankfully this process is far less painful than having to listen to Insync!
Our project shows us that a lot is possible with a single Raspberry Pi and Cloudflare. However, we can use Argo Tunnel to easily scale up multiple origin servers as needed. This can be done by adding a single line in the Argo Tunnel config file we created earlier! You can read more about this here: https://developers.cloudflare.com/argo-tunnel/reference/load-balancing/
At this point we are using Cloudflare as follows:
1. As our authoritative DNS - Cloudflare facilitates fast and secure DNS lookups as soon as your visitors open their browsers and type in our domain name. Additionally, we should create a CNAME record for “www”, redirecting it to makerflare.com (our base domain). This ensures that visitors reach the same content if they type www.makerflare.com or makerflare.com into their browsers.
2. Cloudflare Universal SSL – Provides secure and encrypted connections between your visitors and Cloudflare, and also between Cloudflare and your origin server. We also need to turn on the option to “Always Use HTTPS”, so that visitors trying to access http://makerflare.com get redirected to https://makerflare.com (which offers a secure connection).
3. Argo Tunnel – Allows our Raspberry Pi to establish the fastest possible connection to Cloudflare’s vast network. All visitor web traffic will flow to your origin through this secure, encrypted and highly available tunnel. We also enabled load balancing for Argo Tunnel in the config.yml file we created for the Cloudflared agent in Part 5. More on this topic in Part 9.
There is still some further configuration to be done.
All our work so far has been to set up a foundation which we can then use to publish content on our site. We’ve set up Raspbian as a base operating system, configured our firewall, installed Nginx, created an Argo Tunnel, and started using SSL.
The next step is to install a Content Management System (CMS) which allows us to easily create and publish a blog just like this one. The most popular CMS today is WordPress, and others include Joomla, Drupal, etc. Each of these use a database (MYSQL, or MariaDB) to store content, images, and metadata. However, there are also a few non-database CMS such as Bludit. These are better for simple blogs as they’re more resource efficient. Content is stored in JSON formatted text files. We will be using Bludit for our blog.