Hello admin,
I would like to offer a new US CentOS mirror, but I will need to use Cloudflare to proxy the requests. I have a gigabit up/down connection that will be stable, however the ATT provided gateway/router/modem combo chokes on a large amount of different IP addresses coming in at once. I have found that if I route the traffic through Cloudflare, it can handle the 200 or so unique IP's Cloudflare uses without an issue. I am currently hosting EPEL and Fedora Buffet public mirrors without any problems this way.
Any issues with this setup?
Thanks!
I believe this would violate cloudflares TOS. Excerpt and link below. It also would probably not have the best performance.
https://www.cloudflare.com/terms/
2.8 Limitation on Serving Non-HTML Content
The Services are offered primarily as a platform to cache and serve web pages and websites. Unless explicitly included as part of a Paid Service purchased by you, you agree to use the Services solely for the purpose of (i) serving web pages as viewed through a web browser or other functionally equivalent applications, including rendering Hypertext Markup Language (HTML) or other functional equivalents, and (ii) serving web APIs subject to the restrictions set forth in this Section 2.8. Use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service or expressly allowed under our Supplemental Terms for a specific Service. If we determine you have breached this Section 2.8, we may immediately suspend or restrict your use of the Services, or limit End User access to certain of your resources through the Services.
________________________________ From: Russell Jones arjones85@gmail.com Sent: Saturday, March 27, 2021 11:41 PM To: centos-mirror@centos.org Subject: [CentOS-mirror] Offer new US mirror, but use Cloudflare for proxy?
Hello admin,
I would like to offer a new US CentOS mirror, but I will need to use Cloudflare to proxy the requests. I have a gigabit up/down connection that will be stable, however the ATT provided gateway/router/modem combo chokes on a large amount of different IP addresses coming in at once. I have found that if I route the traffic through Cloudflare, it can handle the 200 or so unique IP's Cloudflare uses without an issue. I am currently hosting EPEL and Fedora Buffet public mirrors without any problems this way.
Any issues with this setup?
Thanks!
I do not believe the Project would accept a mirror that is proxied via Cloudflare. This is due to the fact that the requests are not being served directly by the mirror. The Project also uses GeoIP lookups to determine your mirror location and the GeoIP information for Cloudflare would (almost) with 100% surety not match the details for your host.
Furthermore, if your router cannot handle 200+ connections on a gigabit link then your network would not be of a type suitable for providing a mirror. By the sounds of it, this is not being hosted in a proper datacentre and while the Project appreciates your offer, it may not be acceptable due to the potential unreliability.
Regards, Christopher Hawker
Sent from my iPhone
On 28 Mar 2021, at 2:42 pm, Russell Jones arjones85@gmail.com wrote:
Hello admin,
I would like to offer a new US CentOS mirror, but I will need to use Cloudflare to proxy the requests. I have a gigabit up/down connection that will be stable, however the ATT provided gateway/router/modem combo chokes on a large amount of different IP addresses coming in at once. I have found that if I route the traffic through Cloudflare, it can handle the 200 or so unique IP's Cloudflare uses without an issue. I am currently hosting EPEL and Fedora Buffet public mirrors without any problems this way.
Any issues with this setup?
Thanks! _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror
Thanks all,
I am not too concerned about Cloudflare, I am proxying only, not caching. Its this terrible ATT gateway that starts struggling at 500 or so active sessions.
No worries if not wanted, just thought I'd offer :-)
On Sun, Mar 28, 2021, 12:46 AM Christopher Hawker email@chrishawker.com.au wrote:
I do not believe the Project would accept a mirror that is proxied via Cloudflare. This is due to the fact that the requests are not being served directly by the mirror. The Project also uses GeoIP lookups to determine your mirror location and the GeoIP information for Cloudflare would (almost) with 100% surety not match the details for your host.
Furthermore, if your router cannot handle 200+ connections on a gigabit link then your network would not be of a type suitable for providing a mirror. By the sounds of it, this is not being hosted in a proper datacentre and while the Project appreciates your offer, it may not be acceptable due to the potential unreliability.
Regards, Christopher Hawker
Sent from my iPhone
On 28 Mar 2021, at 2:42 pm, Russell Jones arjones85@gmail.com wrote:
Hello admin,
I would like to offer a new US CentOS mirror, but I will need to use
Cloudflare to proxy the requests. I have a gigabit up/down connection that will be stable, however the ATT provided gateway/router/modem combo chokes on a large amount of different IP addresses coming in at once. I have found that if I route the traffic through Cloudflare, it can handle the 200 or so unique IP's Cloudflare uses without an issue. I am currently hosting EPEL and Fedora Buffet public mirrors without any problems this way.
Any issues with this setup?
Thanks! _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror
CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror
On 28/03/2021 05:41, Russell Jones wrote:
Hello admin,
I would like to offer a new US CentOS mirror, but I will need to use Cloudflare to proxy the requests. I have a gigabit up/down connection that will be stable, however the ATT provided gateway/router/modem combo chokes on a large amount of different IP addresses coming in at once. I have found that if I route the traffic through Cloudflare, it can handle the 200 or so unique IP's Cloudflare uses without an issue. I am currently hosting EPEL and Fedora Buffet public mirrors without any problems this way.
Any issues with this setup?
Thanks!
Hi (sorry for late answer). We never had any official statement for people putting mirror behind CDN, as we also use for some services CDNs providers (AWS and CDN77 are sponsoring the project as one example).
But as you saw in previous answers, you should probably verify first that it wouldn't be a problem with your CDN (cloudflare here) provider.
Second thing : as said too, we redirect traffic ourselves (through mirrorlist.centos.org) by using GeoIP at the origin IP level, and compare that with our lists, including for USA at the state level (for efficiency).
I don't think you mentioned the State your mirror would be in, but in fact that means that we'd be hitting cloudflare, so don't even know if in that case people would still be redirected to correct state, or instead other PoP in their network.
What do you think ?
Understood.
I wasn't too worried about trying to nail connections down to the state level personally, just country. But yes you are correct by proxying the traffic through Cloudflare you would not be able to get a good geolocation on it for state-level awareness. I've come up with a different solution though and have sent a new email with my new mirror information :-)
For what it's worth for others that read this thread, I have received positive confirmation from Cloudflare support that as long as you are not caching the content, you *are* permitted to use the proxy service for non-static, non-website content, and it is not a violation of their TOS. Interesting information and good to know for the future!
[image: image.png]
On Wed, Mar 31, 2021 at 5:05 AM Fabian Arrotin arrfab@centos.org wrote:
On 28/03/2021 05:41, Russell Jones wrote:
Hello admin,
I would like to offer a new US CentOS mirror, but I will need to use Cloudflare to proxy the requests. I have a gigabit up/down connection that will be stable, however the ATT provided gateway/router/modem combo chokes on a large amount of different IP addresses coming in at once. I have found that if I route the traffic through Cloudflare, it can handle the 200 or so unique IP's Cloudflare uses without an issue. I am currently hosting EPEL and Fedora Buffet public mirrors without any problems this way.
Any issues with this setup?
Thanks!
Hi (sorry for late answer). We never had any official statement for people putting mirror behind CDN, as we also use for some services CDNs providers (AWS and CDN77 are sponsoring the project as one example).
But as you saw in previous answers, you should probably verify first that it wouldn't be a problem with your CDN (cloudflare here) provider.
Second thing : as said too, we redirect traffic ourselves (through mirrorlist.centos.org) by using GeoIP at the origin IP level, and compare that with our lists, including for USA at the state level (for efficiency).
I don't think you mentioned the State your mirror would be in, but in fact that means that we'd be hitting cloudflare, so don't even know if in that case people would still be redirected to correct state, or instead other PoP in their network.
What do you think ?
Fabian Arrotin The CentOS Project | https://www.centos.org gpg key: 17F3B7A1 | twitter: @arrfab _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror
-
Christopher Hawker -
Fabian Arrotin -
kylem@serverforge.org -
Russell Jones