Best of CloudflareOctober 2024

  1. 1
    Article
    Avatar of quastorQuastor Daily·2y

    How Cloudflare Optimized their Reverse Proxy with Tries

    Cloudflare optimized their reverse proxy performance by using a data structure called a trie. This change cut latency by 75% for a path handling 35 million requests per second. Their process included extensive benchmarking with the Rust criterion crate, inverting their header removal function, and creating a custom optimized trie implementation. This effort's result was a reduction in average header removal time from 3.65 to 0.93 microseconds.

  2. 2
    Article
    Avatar of cloudflareCloudflare·2y

    The story of web framework Hono, from the creator of Hono

    Hono is a fast, lightweight web framework that works across various JavaScript environments, including Cloudflare Workers, Deno, Bun, and Node.js. It uses a Trie tree-based router and adheres to Web Standards, ensuring a 'write once, run anywhere' experience. Hono simplifies development with concise syntax, built-in middleware, strong type system, and server-side JSX support. It also has features for authentication, context model for state management, and robust testing capabilities. Recent updates include static site generation, client components, and file-based routing, allowing full-stack application development.

  3. 3
    Video
    Avatar of christianlempaChristian Lempa·2y

    Simple HTTPs for Docker! // Traefik Tutorial (updated)

    Learn how to set up and manage HTTPS and routing for Docker applications using Traefik, a free and open-source reverse proxy. This tutorial focuses on Docker integration, configuring Let's Encrypt for TLS certificates, and the benefits of using Traefik. Suitable for both beginners and advanced users, the guide provides detailed steps on installation, configuration, and deploying Traefik to secure your web applications. Additionally, it highlights integrating Cloudflare for DNS management and SSL certificate issuance.

  4. 4
    Article
    Avatar of communityCommunity Picks·2y

    We got DDoSed

    The post details a real-world incident where a company faced DDoS attacks and the steps they took to mitigate them. Initially, rate limiting with ingress-nginx failed due to overwhelming traffic. Shifting to Cloudflare, they enabled various rules including Custom, Managed, and Rate Limiting rules to better handle the attacks. They also faced issues like blocking their own IPs and had to optimize settings repeatedly to effectively defend against these attacks. Key insights include the necessity of logging and regularly reviewing requests to avoid false positives.

  5. 5
    Article
    Avatar of phoronixPhoronix·2y

    Cloudflare Continues To Praise Open-Source OpenBMC

    Cloudflare highlights its successful experiences using OpenBMC, an open-source firmware for Baseboard Management Controllers (BMCs), across its global server fleet. The blog post describes how the collaboration with the OpenBMC community and various vendors has improved system reliability and allowed Cloudflare greater control over server management. The team encourages others to adopt open-source firmware based on their positive experiences.

  6. 6
    Article
    Avatar of cloudflareCloudflare·2y

    Introducing Access for Infrastructure: SSH

    Cloudflare has introduced Access for Infrastructure, integrating BastionZero's features to enhance secure SSH access through Zero Trust principles. This solution uses short-lived SSH certificates to eliminate the risks associated with long-lived credentials, simplifies key management, and provides comprehensive auditing capabilities. It's designed to integrate seamlessly with existing Cloudflare One deployments and ensures that SSH connections are secure without compromising usability.

  7. 7
    Article
    Avatar of hnHacker News·2y

    Zero-latency SQLite storage in every Durable Object

    Cloudflare's Durable Objects have been upgraded from a key/value store to a full relational system using SQLite, significantly improving read and write performance by colocating application logic with data. Each Durable Object operates on the same physical host as its SQLite database, supporting fast single-threaded persistence operations. The system also includes mechanisms for data durability and point-in-time recovery using object storage and writes to multiple replicas.

  8. 8
    Article
    Avatar of quastorQuastor Daily·2y

    How Cloudflare Optimized their Reverse Proxy with Tries

    Cloudflare significantly cut latency by 75% in their reverse proxy service Pingora by utilizing a trie data structure for optimizing the removal of internal HTTP headers. Their original method, which iterated through potential headers to remove, was inefficient. By inverting the search and then applying a trie, they reduced the average runtime from 3.65 microseconds to 0.93 microseconds. This optimization is crucial given their scale, handling 35 million requests per second.

  9. 9
    Video
    Avatar of primeagenThePrimeTime·2y

    The Worlds Largest DDos Attack 3.8 Tbps

    Cloudflare automatically mitigated the largest publicly disclosed DDoS attack, peaking at 3.8 terabits per second. The attack was part of a month-long campaign targeting bandwidth and resource exhaustion, leveraging a network of compromised devices globally. Cloudflare's defenses, utilizing techniques like anycast and ebpf, operated autonomously to protect their customers, showcasing their significant network capacity and advanced DDoS protection capabilities. The piece also criticizes the proliferation of IoT devices contributing to such vulnerabilities.

See all Cloudflare archives