The final nail, CloudFlare and Gitlab
September 10, 2021
The last few headaches with CloudFlare that have pushed me to moving
If you have been following this series, then this post will talk about some of the final issues that left me at a point of saying CloudFlare is no longer right for me. It’s a pity, but when something no longer works for you or infuriates you, it’s probably best to move on.
At this point, I had given up on Tunnel and Access, looking towards still leveraging the other features of CloudFlare. Gitlab was still my focus as I felt shifting my code base towards something I controlled was the priority. I still wanted to solve the SSH problem, which I started looking towards CloudFlare Spectrum as a possible solution. I quickly ruled this out however, as this was something that required 22 as the port number and I’m not running Gitlab on the host, rather a container. So, I would of had to change port numbers around which don’t get me wrong, I don’t mind doing, but it seemed a bit moot to have Spectrum only be able to do one service of Git clones or SSH to the box. Other points I considered was just having the DNS entry for SSH not be proxied by CloudFlare, but again that misses the main benefits of the service.
Another item that killed running CloudFlare for me was firewalls, which was around using Gitlab Container Registry. Anyone with experience on Docker and registries should know that a lot of the API calls arrive on a /v2/ end point. Now CloudFlare, thought this was a bot and to be honest I can get that, your regular ole websites are probably not serving content on /v2/. The only thing was, trying to get an exception added for this proved to be ridiculous. The impression I had was that I could use some of the Rule engines that CloudFlare has, to say “if traffic hits this endpoint, just allow through the firewall”. The problem was that the “allow through the firewall” rule was only for one of the firewalls that CloudFlare provided, not the WAF that my plan was using. Ultimately I did not want to have this main feature of my premium plan disabled, so I decided enough was enough and moved all self hosting services away from CloudFlare and form a plan for moving my websites away too.
In terms of solutions, my first approach is going to involve AWS, using a combination of S3, CloudFront and Route 53 for caching / CDN. I’m looking into AWS WAF for a security solution that could mirror what CloudFlare provided, but this may prove too cost prohibitive. I’m also considering other PaaS solutions such as DigitalOcean AppPlatform, platform.sh and others just for the all in one approach. I do enjoy building my own solutions, but sometimes with these things, you just want something that works and you can get up and running inside an evening? So, we will see but I’ll be sure to return with what approach I landed on once it is implemented.
Thank you!
You could of consumed content on any website, but you went ahead and consumed my content, so I'm very grateful! If you liked this, then you might like this other piece of content I worked on.
Part two of this journeyPhotographer
I've no real claim to fame when it comes to good photos, so it's why the header photo for this post was shot by Samuel Sng . You can find some more photos from them on Unsplash. Unsplash is a great place to source photos for your website, presentation and more! But it wouldn't be anything without the photographers who put in the work.
Find Them On UnsplashSupport what I do
I write for the love and passion I have for technology. Just reading and sharing my articles is more than enough. But if you want to offer more direct support, then you can support the running costs of my website by donating via Stripe. Only do so if you feel I have truly delivered value, but as I said, your readership is more than enough already. Thank you :)
Support My Work