[CentOS-mirror] Offer new US mirror, but use Cloudflare for proxy?

Fri Apr 2 06:39:23 UTC 2021
Russell Jones <arjones85 at gmail.com>

Understood.

I wasn't too worried about trying to nail connections down to the state
level personally, just country. But yes you are correct by proxying the
traffic through Cloudflare you would not be able to get a good geolocation
on it for state-level awareness. I've come up with a different solution
though and have sent a new email with my new mirror information :-)

For what it's worth for others that read this thread, I have received
positive confirmation from Cloudflare support that as long as you are not
caching the content, you *are* permitted to use the proxy service for
non-static, non-website content, and it is not a violation of their TOS.
Interesting information and good to know for the future!

[image: image.png]

On Wed, Mar 31, 2021 at 5:05 AM Fabian Arrotin <arrfab at centos.org> wrote:

> On 28/03/2021 05:41, Russell Jones wrote:
> > Hello admin,
> >
> > I would like to offer a new US CentOS mirror, but I will need to use
> > Cloudflare to proxy the requests. I have a gigabit up/down connection
> > that will be stable, however the ATT provided gateway/router/modem combo
> > chokes on a large amount of different IP addresses coming in at once. I
> > have found that if I route the traffic through Cloudflare, it can handle
> > the 200 or so unique IP's Cloudflare uses without an issue. I am
> > currently hosting EPEL and Fedora Buffet public mirrors without any
> > problems this way.
> >
> > Any issues with this setup?
> >
> >
> > Thanks!
> >
>
> Hi (sorry for late answer).
> We never had any official statement for people putting mirror behind
> CDN, as we also use for some services CDNs providers (AWS and CDN77 are
> sponsoring the project as one example).
>
> But as you saw in previous answers, you should probably verify first
> that it wouldn't be a problem with your CDN (cloudflare here) provider.
>
> Second thing : as said too, we redirect traffic ourselves (through
> mirrorlist.centos.org) by using GeoIP at the origin IP level, and
> compare that with our lists, including for USA at the state level (for
> efficiency).
>
> I don't think you mentioned the State your mirror would be in, but in
> fact that means that we'd be hitting cloudflare, so don't even know if
> in that case people would still be redirected to correct state, or
> instead other PoP in their network.
>
> What do you think ?
> --
> Fabian Arrotin
> The CentOS Project | https://www.centos.org
> gpg key: 17F3B7A1 | twitter: @arrfab
> _______________________________________________
> CentOS-mirror mailing list
> CentOS-mirror at centos.org
> https://lists.centos.org/mailman/listinfo/centos-mirror
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20210402/ff2499cb/attachment-0004.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 70533 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20210402/ff2499cb/attachment-0004.png>