According to my page revision history, 9 months ago I started writing a guide on using Cloudflare as a free CND for websites. I’m sure I’ll finish that eventually, but for now here is why I think it is so great. Free load balancing!
What is Cloudflare and Load Balancing?
I go into some detail about Cloudflare in a old post, but here is a quick recap. Cloudflare provides a lot of services but primarily they are all about making websites fast an secure. As a CDN (content delivery network), they serve websites and content directly of their servers, reducing the load on yours.
Since they have servers all over the world, this gives a few nice benefits:
- Load reduction on host servers (your data is cached)
- Reduced latency through Cloudflares geolocate servers (you data can be physically closer to users)
- Protection fro DDoS attacks (through the size of the network and their constant filtering of malicious activity)
- Easy scaling (you can just upgrade you package or add extra features as needed)
Load balancing is the processes of ensuring your server(s) don’t become over loaded with data requests and traffic. This is usually done by having a controller direct traffic to different resources based on load (very over simplified explanation). By caching your website through Cloudflare, you have automatic load balancing, since they handle where to serve your site from.
Obviously you don’t get everything for free, but the free plan is fairly compelling. Mainly this only works if you are serving static content: no video and no dynamic webpages for different users. (This can be done through the paid plan).
I use my 3 free page rules to bypass caching for wp-login and wp-admin, since I don’t want these cached because they are restricted viewing. The page rules also set those pages at a higher security level. Since they are not cached, excessively loading them would but the load directly on my server. Using the high setting for security level means that an attacker will be blocked much faster. This is fine for pages that no one needs to view, but might restrict legitimate viewing for other pages.
The 3rd rule caches the whole site (bar the other 2 higher priority rules) for a month, including all HTML, CSS, JS and image content. My site is around 45MB total, and Cloudflare have ~180 edge nodes (at the time of writing). So if I was hit with a DDoS attack globally I would only need to serve 8.1GB of data.
The cache is cleared every 30 days, or when I publish new content, which isn’t often… (and then only pages that have changed).
How can I be sure that this actually works? To test it out I wrote a small script to load all the pages in a website sitemap and left the looping on 2 servers in France and on my laptop at home.
The script can be found on my GitHub page. It should work with any similar style XML sitemap. If you have a large site with sub indexes (like Hackaday), it should handle these too, but it isn’t very robust.
So, to the results. Originally I had a snapshot of the week as I left it going for a weekend, but it turns out I forgot to turn it off. Here is the month view of requests and bandwidth from the Cloudflare dashboard.
As you can see, my server barely had to do anything while the site was being continuously loaded. The server logs confirm this. During the last month RAM usage never exceeded 25%, CPU load never exceeded 10% and network traffic never exceeded 3.5Mb/s.
Pretty good price to performance.