What's new
PGBlitz.com

Register Now! Find useful tips, Interact /w Community Members and join the part the Best Community on the Internet!

Discussion How to setup Traefik on cloudflare like an absolute unit

systemd

Blitz 3rd Class
PG Version
latest
Server Type
Remote - VPS
I have a leaseweb feeder and a cheap ovh vps to stream to me.

step1- login to cloudflare, and create the following things as I have done. Make 2 A records, both pointing to the ip one from * and one from your domain name. Then make a cname for each of the apps, under the value field put a @ symbol and it will point to the main domian. Make all of them that your using.


PIC KILLED /MrDoob *MOD*
RULE 1 Dont post your Domain or ip.




Like this for the apps


Make your plex through cloudflare cdn if you feel your traffic is too slow. This will hurt racing but help long term seeding if your into that. I can go into more details if you want to know how this effects peering.

step 2: run through the traefik setup
to get your api key login and click profile


Scroll down


And then grab a coffee. When your DONE WITH YOUR COFFEE (as in 5 mins)



PIC KILLED /MrDoob *MOD*
RULE 1 Dont post your Domain or ip.



Now, your remote acsess wont work right, or at least it didnt for me.... soooooo





20190214_121011.png


hit these a few times until it works. Took me twice until it "took"


PIC KILLED /MrDoob *MOD*
RULE 1 Dont potst your Domain or ip.




And that is how you get your domain name to be 100% secured like an absolute unit.
 

vFlagR

Blitz 3rd Class
Thanks for this guide, just the right level of detail to get things set up properly. I realised I was being an idiot and adding a new A record for every app because I forgot about the wildcard/aliases.

Is there any chance you could explain what you mean by, "Make your plex through cloudflare cdn". I'm not sure I'm doing this but it sounds interesting.
 

doperyde

Blitz 1st Class
Staff
I don't want to burst a bubble here... as everyone can appreciate the effort you put into creating this guide.

However, you render all of the CNAME records useless by using an A * wildcard record.
It's also the reason you aren't orange clouded and you should want to be orange clouded. Especially because you aren't currently utilizing CDN at all with the current configuration. Grey cloud means you're getting DNS resolution only.

Don't use * wildcard A records, especially if you want CDN. Cloudflare doesn't support most all of the reasons to be using cloudflare on the free tier when you use a * wildcard A record. If you're paying for CF it's a different story.

Your domain is not 100% secure, you are only utilizing DNS and are leaking your origin server IP address instead of proxying through cloudflare. Also you are not using CDN.

To fix it all, remove the A * wildcard record. Then click all the grey clouds on the rest of your CNAME and remaining A record and turn them orange. Then your domain will be as close to 100% secured like an absolute unit.

refer to posts by @hooper and myself in this thread:
https://plexguide.com/threads/confused-regarding-traefik-instructions.3353/

also @timekills here (linked to in above thread too):
https://plexguide.com/threads/plex-domain-com-not-working.2078/page-2#post-13381
 

systemd

Blitz 3rd Class
Couple things I'll be changing. Doperyde is right about the wild card.


You need to click the cloud button to make the traffic go through the cdn.

I live in a weird place in Canada, so my Canada VPS has better connection to me than cloudflare does. Hetzner and leaseweb could not stream 1080p to me reliably without cdn on. For my vps I can do 1080p thru cdn, but I need to turn it off for 4k.

The star does nothing, and has been left on when I was trying to get something else to work.



If you go to peeringdb.com you can see what is a direct peer to your ISP. What this means in layman's terms


Your ISP has several 100gbps and 10gbps "lines" to various exchanges. Those exchanges will either have a direct connection with the destination or another exchange. If traffic has to hop multiple exchanges speeds will be greatly reduced. Cloudflare is a global company with high quality servers dotted across the globe. Your ISP's exchange(s) likely have a direct connection to cloudflare. This makes your traffic take a more direct route. Personally I had trouble with leaseweb and hetzner and could only get a few MBps. With it on, I could get 10-40MBps. With my 100mbps vps (4cad$) I can get about 6MBps cloudflare and 12MBps native. You want to try with it on and off, and compare results. 4k is about 60mbps or 4-8MBps, so I have to leave it off.


As far as security as doperyde pointed out... Cloudflare can actually hide your servers IP address from the outside world. This is actually really cool. I am more concerned with traffic inspection (my ISP) than server IP hiding. Ovh is an honest company, not shady at all, so traffic to them is reasonable. They will suspend you for dishonest behavior.

PS: Don't use public trackers on ovh without setting up a eth interface that is vpned, I can make a guide if interest. Also plexguide VPN is a VPN to your server, not your server to other computers. Using public trackers will earn a dmca, and you will most likely be suspended.
 

systemd

Blitz 3rd Class
Thanks for this guide, just the right level of detail to get things set up properly. I realised I was being an idiot and adding a new A record for every app because I forgot about the wildcard/aliases.

Is there any chance you could explain what you mean by, "Make your plex through cloudflare cdn". I'm not sure I'm doing this but it sounds interesting.
The cdn is activated by clicking the cloud icon. I have it off because of personal reasons. (I have a better direct connection to ovh than CF does, but that's because I'm Canadian)

Delete the star, it does nothing. It's left over when I was trying to do something else. Then click the cloud icon on the left. When it's orange, all traffic is going thru cdn.

I personally like to send only the Plex subdomain through the cdn as you will have better connections to other seedbox via torrents with cloudflare off, but worse connection to users outside your seedbox's coutry. This is ONLY if you are "racing" on an announce channel/rss. If you use the tracker as a sonarr and radarr feeder you are not racing.
 
S

subse7en

Guest
You got some things wrong.

CF cdn has nothing to do with torrents or peering with torrents...

The CF cdn comes into play between your domain and your browser. It doesn't affect any server originated traffic.

There's also a big misconception going around that CF helps Plex performance, it doesn't! CF proxy is only used for one thing, hiding the server IP. Inside your server, usenet and torrents do not go through cloudflare.

CF cdn doesn't have your Plex files... So how would it play videos better? The only thing it can do is cache files, but its not going to cache your videos, even if it did, it wouldn't until after 1st playback.

I notice some ppl just repeat what they heard from others, but most of it is BS. That's not how CF works.
 

hooper

Blitz Samurai
Staff
Donor
another benefit of using cloudflare CDN is that you might reduce network hops due to their network peering. This can improve performance significantly. Or, it might not improve performance at all, YMMV.

it really all depends on the peering policies of your host provider or isp though.

in my setup, without using Cloudflare CDN I have 16 hops to get to my server from my home network. Using Cloudflare CDN there are 13 hops.
 
Last edited:

quadiator

Blitz 3rd Class
another benefit of using cloudflare CDN is that you might reduce network hops due to their network peering. This can improve performance significantly. Or, it might not improve performance at all, YMMV.

it really all depends on the peering policies of your host provider or isp though.

in my setup, without using Cloudflare CDN I have 16 hops to get to my server from my home network. Using Cloudflare CDN there are 13 hops.
When you say it reduces hops, in theory my media traversing a more efficient path is meant to speed things up?

I have a Droplet in London, few friends wanting to stream from New Zealand/Australia. In your opinion is it worthwhile setting up a domain & cloudflare?

Also, should i be buying a domain with godaddy or namecheap? Is one better than the other for PG/CF?
 
Assists Greatly with Development Costs

hooper

Blitz Samurai
Staff
Donor
When you say it reduces hops, in theory my media traversing a more efficient path is meant to speed things up?

I have a Droplet in London, few friends wanting to stream from New Zealand/Australia. In your opinion is it worthwhile setting up a domain & cloudflare?

Also, should i be buying a domain with godaddy or namecheap? Is one better than the other for PG/CF?
I use cloudflare for everything now, although I started with godaddy for DNS and registered a domain with them.

Performance from London to NZ/AUS all depends on your host provider ISP, your friends ISP, etc. and the peering agreements between them all. the CDN is supposed to help with these exact situations, but you should test it first.

Cloudflare is free (at least the features we need for PG are free) and it is easy to setup with the information provided in these forums.
 

UncleBuck

Blitz Sergeant
Staff
You got some things wrong.

CF cdn has nothing to do with torrents or peering with torrents...

The CF cdn comes into play between your domain and your browser. It doesn't affect any server originated traffic.

There's also a big misconception going around that CF helps Plex performance, it doesn't! CF proxy is only used for one thing, hiding the server IP. Inside your server, usenet and torrents do not go through cloudflare.

CF cdn doesn't have your Plex files... So how would it play videos better? The only thing it can do is cache files, but its not going to cache your videos, even if it did, it wouldn't until after 1st playback.

I notice some ppl just repeat what they heard from others, but most of it is BS. That's not how CF works.

But doesn't it improve peering between North America and Europe? Plex was unusable for me on hetzner or online.net until I setup CF. I am in Texas and speed tests are drastically improved to my hetzner vps when I go through the CF CDN.
 

hooper

Blitz Samurai
Staff
Donor
But doesn't it improve peering between North America and Europe? Plex was unusable for me on hetzner or online.net until I setup CF. I am in Texas and speed tests are drastically improved to my hetzner vps when I go through the CF CDN.
Cloudflare CDN does give you additional peering options that may help improve performance. It all depends on your hosting provider and the ISPs involved and the peering agreements they have in place. For me, using Cloudflare CDN has improved performance for me and everyone who is using my plex server. But I have heard from other people that it has not helped performance and/or decreased perf. so YMMV.
 

UncleBuck

Blitz Sergeant
Staff
Cloudflare CDN does give you additional peering options that may help improve performance. It all depends on your hosting provider and the ISPs involved and the peering agreements they have in place. For me, using Cloudflare CDN has improved performance for me and everyone who is using my plex server. But I have heard from other people that it has not helped performance and/or decreased perf. so YMMV.
Yes, this is exactly as I understand it. I have seen posts on other forums about this an very specifically it seems many areas in Texas has especially bad peering to Europe for some reason.

This will all be moot for me soon as cabling crews are wiring up my neighborhood with fiber as we speak. 1Gbps symmetrical is coming my way soon so time to start planning out my server. :D
 

gadgethome

Blitz 1st Class
Donor
Would this work and is it the best setup for cloudflare?

A mydomain IPaddress
CNAME www mydomain
CNAME plex @
CNAME portainer @
and so on for each sub-domain?
 
Assists Greatly with Development Costs

nocturne1

Blitz 2nd Class
Donor
I think I've read absolutely everything I could find about using Cloudflare, PG, and Traefik, but no matter what, I'm unable to get Traefik to properly work when I have the CDN enabled. Without it, when I deploy (most recently trying PG 8.5-beta3), everything works fine when CDN (orange clouds) turned off. But when I turn on CDN, everything is broken and can't get to anything. When I then try to redeploy, it fails to validate the deployment.

3000

Now, I am using PGshield - could that have something to do with it?

I'd really rather prefer getting things working through cloudflare...
 

Trasher

Blitz 1st Class
I think I've read absolutely everything I could find about using Cloudflare, PG, and Traefik, but no matter what, I'm unable to get Traefik to properly work when I have the CDN enabled. Without it, when I deploy (most recently trying PG 8.5-beta3), everything works fine when CDN (orange clouds) turned off. But when I turn on CDN, everything is broken and can't get to anything. When I then try to redeploy, it fails to validate the deployment.

View attachment 3000

Now, I am using PGshield - could that have something to do with it?

I'd really rather prefer getting things working through cloudflare...
Try with disabling the orange cloud on oauth? I don't have that CNAME and everything works for me.
 

nocturne1

Blitz 2nd Class
Donor
Try with disabling the orange cloud on oauth? I don't have that CNAME and everything works for me.
Just tried that, thanks. Still no luck. Even tried excluding portainer from pgshield, just in case that was interfering with the validation.
 

UncleBuck

Blitz Sergeant
Staff
I think I've read absolutely everything I could find about using Cloudflare, PG, and Traefik, but no matter what, I'm unable to get Traefik to properly work when I have the CDN enabled. Without it, when I deploy (most recently trying PG 8.5-beta3), everything works fine when CDN (orange clouds) turned off. But when I turn on CDN, everything is broken and can't get to anything. When I then try to redeploy, it fails to validate the deployment.



Now, I am using PGshield - could that have something to do with it?

I'd really rather prefer getting things working through cloudflare...
You don't need CNAMES. Here is how I set mine up and it works great.

3001

You want to make an A record with the wildcard that points to your static IP. This will send all sub-domains to Traefik. Subdomains that are routed this way will not use the CDN and will expose your IP address.

Then you make an A record for your TLD and point it to your static IP. Since the cloud is orange all traffic following this route will go through the CDN and your public IP will be protected.

You can then create A records for all subdomains you want to go through the CDN and point them to your static IP address. I created an A record for every subdomain I have running.

I would not worry about PGGuard just yet. Get everything working with PGShield and Traefik first. Once that is all working them use PGGuard if you like.
 
Assists Greatly with Development Costs

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.


Development Donations

 

Top NZB NewsGroups!

Members - Up To a 58% Discount!

Trending

Top