Part 6: Using SSL/TLS to Secure Your Site

January 6, 2020 - Reading time: 14 minutes

Cloudflare ensures that visitors browsing your site do so in a secure, private and encrypted manner using SSL/TLS.  This is done by default by all sites added to Cloudflare.  It is also recommended that Cloudflare communicate with your origin server over a secure connection.  This involves installing an SSL certificate at your origin and configuring Nginx to use HTTPS instead of HTTP.  

 

You can read more about SSL/TLS here:  https://www.cloudflare.com/learning/ssl/what-is-ssl/.  Now let’s configure our Raspberry Pi to make its first SSL handshake…

 

Read more


Part 5: Your First Argo Tunnel

January 6, 2020 - Reading time: 13 minutes

It’s now time to witness first-hand the magic that is Argo-Tunnel.  First, let’s go through some pre-requisite reading here:  https://developers.cloudflare.com/argo-tunnel/quickstart/.  

 

We now need to download the correct Cloudflared client compiled for Raspberry Pi.  The official client for Pi can be found here:  https://developers.cloudflare.com/argo-tunnel/downloads/.  However, there is a problem when using this version with a Pi Zero.  Instead, you’ll need to get a correctly compiled client here: https://hobin.ca/cloudflared.  

 

You are now ready to start digging your first tunnels!

Read more


Part 4: Cloudflare Me...

January 3, 2020 - Reading time: 9 minutes

It’s finally time to get hands-on with Cloudflare.  However, we first need to go through some pre-requisites:

  • Register a domain name.  There are numerous providers, and you can even get one for free.  Just make sure that the registrar allows you to change your name server records.

  • Create a Cloudflare account and add your site/domain.  Here is a great guide on how to do this.

  • Get familiar with DNS.  Think of it as a public phone directory where people can look up your name (or domain name) to find your phone number (or IP address of your web server).  However, sometimes you want to keep your number (IP address of web server) private, but still want people to reach you by name (domain).  You can do this by using Cloudflare to proxy (or represent) your DNS.  You can learn all about how DNS works here: https://www.cloudflare.com/learning/dns/what-is-dns/.

First, here is a traditional configuration without Cloudflare:

Read more


Part 3: Installing Nginx and PHP

January 3, 2020 - Reading time: 92 minutes

Having configured Raspbian and UFW, we are now ready to install software which will host our content.  The two main options are Apache and Nginx.  Apache is more prevalent, with more than 60% market share.  However, Nginx is considered to be more resource efficient.  This is particularly relevant for our underpowered Raspberry Pi.

We can use apt-get to download and install Nginx.  We will simultaneously install a variant of PHP called PHP-fpm.  This is a scripting language which can be embedded in HTML.  Scripts are executed on the web server, and the resulting HTML is passed to the client to be rendered.  Our Content Management System (or CMS), which we will install later on, uses PHP to display content. 

You can think of Nginx as a waiter at a restaurant who takes down your order, passes this to the kitchen, and then returns with your food once ready.

Read more


Part 2: Installing Raspbian and a firewall

January 2, 2020 - Reading time: 56 minutes

We will divide our tasks into several blog posts over the coming weeks.  However, it is important to visualise what we are trying to accomplish.  The diagram below illustrates how our Raspberry Pi cluster and Cloudflare work together to provide visitors with the best possible browsing experience.

Layers interact with each other, forming a complete stack of necessary services.  The Raspberry Pi has all the components needed to host and serve content.  Cloudflare sits in the middle between our Pi and our visitors, replacing traditional network hardware such as routers, firewalls and load balancers.  Our hardware is hidden behind Cloudflare, while our content is now accelerated, secured, and fault tolerant.

Read more


Part 1: Why Cloudflare?

December 27, 2019 - Reading time: 21 minutes

I’ve always been interested in tinkering with Raspberry Pi, but was put-off by the size, power requirements, and necessity to know my way around Linux.  Arduino micro-controllers on the other are easier to interface with various sensors, since there is no operating system, and everything is programmed in C through an IDE. They are also much smaller and consume far less power.

 

However, there are many things that Raspberry Pi can do beyond being a cheap desktop computer.  I recently changed jobs and started working at Cloudflare.  The technologies are completely new to me, having spent the last 20 years with Active Directory, Exchange, and SharePoint.  I had no idea about the Linux web-hosting world of Apache/Nginx, SSL, CDN, etc.  

 

I started off with building Debian VMs but wanted something a bit more tactile.  I then picked up a Raspberry Pi Zero W.  This tiny thing is a full Linux computer capable of pretty much anything.  I quickly learnt my way around Linux basics, installed Apache, and propped up a basic “hello world” website.  This is a great proof of concept exercise to show what’s possible with something so small.  However, it isn’t really production ready, nor scalable to handle real-world visitors to your site.  It’s not fast, nor secure, and cannot be configured for high availability.  

Read more


About

A playground of creativity that combines Cloudflare technology with hobbyists.