Cloudflare CDN for HollaEx

📺 Watch on YouTube!: Get Faster Loading Speeds For Your Exchange with CloudFlare

Cloudflare provides a powerful CDN along with DNS services for your domain. While enabling the CDN, you can also get an SSL certificate from Cloudflare for free.

Applying CDN with Cloudflare can significantly boost the loading speed on your website as it uses optimized caching methods that help content and images to load faster.

Before You Get Started

DIY Operators 🧰

For On-Premise operators, please issue an SSL certificate on your server end before you go through to enable the CDN. You can issue the SSL certificate by running hollaex prod command.

Cloud Operators☁️

Please keep in mind that if you are using the Cloud, turn on the CDN proxy (the orange cloud) only after you have set your domain on the dashboard (No longer using the 'hollaex.cloud' domain supplied).

Setting Up Cloudflare

To get started, simply visit cloudflare.com, create an account, and click the "Onboard a domain" button on the console.

Type your domain, and click "Continue. It is okay to leave the selections as the default.

Here, select a plan. Fortunately, the free plan provides a decent setup to start with and you can always upgrade it later if you desire.

Cloudflare then displays the existing DNS configurations for your domain. Compare what Cloudflare has found to what is in your DNS settings and add anything it has missed (it's generally pretty good at picking up everything it needs though).

Again, please keep in mind that if you are using the Cloud, turn on the proxy (the orange cloud) only after you have set your domain on the dashboard.

After editing the DNS records page, if needed, if your domain was obtained through a provider other than Cloudflare, you will need to change these nameservers as shown in the screenshot below.

This will mean heading over to your DNS settings and finding a 'Change Nameservers' option. This will vary depending on what provider you use, so if you are struggling Google 'change nameservers <your-domain-provider>'.

Once you find how to do this for your provider, copy both the Cloudflare nameservers and swap out the old for the new.

The transfer will usually take a few minutes but it could take a few hours (up to 48 in rare cases). You will get an email notification once the transfer is completed.

One final step for better security and compatibility, after receiving this email, set the SSL/TLS encryption mode to 'Full', as you can see in the image below.

In case you have an existing SSL on your server side, the server connection will fail if you do not set this to 'Full'.

Once the nameservers are fully migrated and the SSL is applied, you will be able to reach your HollaEx Core with SSL and CDN enabled. You can confirm the status by checking the SSL certificate details on your website. The SSL certificate will be issued either under Cloudflare's name or under the "Google Trust Services" name.

Additionally, you can access the https://<YOURDOMAIN>/cdn-cgi/trade domain to see whether you are getting routed through Cloudflare. You'll see a page like below if it's well configured.

IP Logging

While Cloudflare functions as a broker between the user and your HollaEx Kit server, the Kit server could not read the user's original IP properly without adding a special configuration.

Instead of relying on a remote_addr To read the user's IP, you need to set the source of the user's IP to X-Forwarded-For HTTP header.

Please check the detailed explanation here.

TL;DR

Please add a header option like the one below to your HollaEx Kit's Nginx configuration file (nginx/nginx.conf) and restart the server.

http {
  include    /etc/nginx/mime.types;
  include    /etc/nginx/proxy.conf;
  include    /etc/nginx/conf.d/upstream.conf;

  default_type application/octet-stream;
  log_format   main '$remote_addr - $remote_user [$time_local]  $status '
    '"$request" $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

  (...)

  real_ip_header X-Forwarded-For; # The part you should add.

Advanced Use Cases

Looking for a place to set an IP rule? Whitelists? or Geo-lock for your website? You can set up those at the "Security rules" page and/or "Page rules" page.

IP Whitelist

IP whitelists can be set by listing the "safe IPs" on the security rule. This can be combined with the URI path if you want to apply the rule for specific paths only.

IP Ban

The IP ban can be set by defining malicious IPs in the security rules. This can be combined with the URI path if you want to apply the rule for specific paths only.

Geolocational Lock

The country lock (geolocational lock) can be set by defining countries in the security rules. This can be combined with the URI path if you want to apply the rule for specific paths only.

Domain redirection

You can define the redirection rules for your domain in the page rules page. For example, when your exchange URL is myexchange.com, and you want to make www.myexchange.com also work, the page rule can be the solution.

PreviousContents Delivery Network (CDN)NextCloudFront CDN for HollaEx

Last updated 6 days ago