Understood. 

I wasn't too worried about trying to nail connections down to the state level personally, just country. But yes you are correct by proxying the traffic through Cloudflare you would not be able to get a good geolocation on it for state-level awareness. I've come up with a different solution though and have sent a new email with my new mirror information :-)

For what it's worth for others that read this thread, I have received positive confirmation from Cloudflare support that as long as you are not caching the content, you *are* permitted to use the proxy service for non-static, non-website content, and it is not a violation of their TOS. Interesting information and good to know for the future!

image.png

On Wed, Mar 31, 2021 at 5:05 AM Fabian Arrotin <arrfab@centos.org> wrote:
On 28/03/2021 05:41, Russell Jones wrote:
> Hello admin,
>
> I would like to offer a new US CentOS mirror, but I will need to use
> Cloudflare to proxy the requests. I have a gigabit up/down connection
> that will be stable, however the ATT provided gateway/router/modem combo
> chokes on a large amount of different IP addresses coming in at once. I
> have found that if I route the traffic through Cloudflare, it can handle
> the 200 or so unique IP's Cloudflare uses without an issue. I am
> currently hosting EPEL and Fedora Buffet public mirrors without any
> problems this way.
>
> Any issues with this setup? 
>
>
> Thanks!
>

Hi (sorry for late answer).
We never had any official statement for people putting mirror behind
CDN, as we also use for some services CDNs providers (AWS and CDN77 are
sponsoring the project as one example).

But as you saw in previous answers, you should probably verify first
that it wouldn't be a problem with your CDN (cloudflare here) provider.

Second thing : as said too, we redirect traffic ourselves (through
mirrorlist.centos.org) by using GeoIP at the origin IP level, and
compare that with our lists, including for USA at the state level (for
efficiency).

I don't think you mentioned the State your mirror would be in, but in
fact that means that we'd be hitting cloudflare, so don't even know if
in that case people would still be redirected to correct state, or
instead other PoP in their network.

What do you think ?
--
Fabian Arrotin
The CentOS Project | https://www.centos.org
gpg key: 17F3B7A1 | twitter: @arrfab
_______________________________________________
CentOS-mirror mailing list
CentOS-mirror@centos.org
https://lists.centos.org/mailman/listinfo/centos-mirror