As some of my readers know I am co-host of the podcast The Dane & The Pain, a weekly show on tech, life and my co-host’s beard. As our show grows, the traffic to the website increases and being a tech show we wanted to make sure we follow the latest web standard to a certain degree. I don’t mean go all NSA proof and fine tune every single thing, but rather have a good set of practices in alignment with the current industry benchmarks. To be honest I am okay with spy agencies getting unencrypted access to my joke of the week.
Getting a SSL/TLS Certificate
The main thing is to get our content to be served securely via TLS and https. Normally this is done by following these steps
- Purchase certificate from one of many providers (there are also free ones available)
- Install certificate on web server
- If you are on a hosted platform, you need support to do this
- If you are on a cloud provider, this is tedious and error prone
- It often needs to be converted/exported/wizarded
- Renew certificate once a year, twice a year or whatever the cycle might be
- Go to 1
You get my drift. It is not fun and more often than not fails somehow. There has to be an easier way.
Cloudflare and Encryption
There is! I first heard about Cloudflare via my good friend Troy Hunt that has done a heap of work with the service. I won’t go into details of how Cloudflare does what it does, because you can just read Troy’s article instead. All you need to know for now is that Cloudflare sits between your website and the end user. They essentially manage the traffic to your website.
What that means for encryption is that if you don’t have a certificate for your website already, the traffic is encrypted from your browser to Cloudflare, but not the rest of the way to your server. As Troy points out, this is not 100% secure but it is a LOT better than having no encryption at all.
One of the issues we have with The Dane & The Pain website is that our listeners come from all over the world. In fact at last count we have people tuning in from 38 countries! The website and the hosting of the actual MP3 files are all in Microsoft Azure, and thus in a single physical location.
We could have Azure scale across multiple regions using geo distribution, but that gets expensive really quickly. And lets be honest with the amount of traffic we have so far, we just couldn’t justify it. However, we still want all of the listeners in as many countries as possible to have a smooth experience. Cloudflare is a global network and when you use their service, you get the benefit of users only having to reach the nearest edge node in the network.
There are currently 105 nodes that users of your website will be directed to depending on which is closest to their geographical location. Cloudflare then caches static content such as images and style sheets, and that content doesn’t have to be retrieved from the hosting server. In turn this saves a bunch of data to your website and makes it faster too. Win win.
In the last week 40% of our traffic to the website has been served from cached data on the Cloudflare CDN, which saved us about 1GB of data. Awesome. If we were paying for bandwidth, this would have saved us some $$$ too.
So, how do I get started?
This is the easy bit. The only piece of information you need to be able to change is your name servers for your domain. You then click the “add site” link and enter your domain name. Cloudflare will do some checks and balances to see what kind of DNS records you have and then give you a suggestion of which to route through CloudFlare.
You then update your DNS server to be what Cloudflare tells you, and within 24 hours you have your traffic routed through their service. You set up some page rules about how much to cache and what traffic to force via https, as well as a bunch of other configuration options. And all of this is free. Completely free. The paid tiers of their services gives you more control and more details analytics among other things, but the base level is all free. And for most that is by far good enough.
Got questions, experiences or feedback? Let me know in the comments.