3.8 KiB
3.8 KiB
CDN URL Architecture Fix - Cloudflare Configuration
This document describes the Cloudflare configuration for the new CDN URL architecture.
Domain Structure
| Domain | Purpose | Cloudflare Proxy |
|---|---|---|
| cdn.banatie.app | CDN for images | Yes (orange cloud) |
| api.banatie.app | API server | Yes (orange cloud) |
| banatie.app | Landing page | Yes (orange cloud) |
Cache Rules
Rule 1: Cache UUID Images (High Priority)
Cache static images with UUID filenames for maximum performance.
When: Custom filter expression
(http.host eq "cdn.banatie.app" and http.request.uri.path matches "^/[^/]+/[^/]+/img/[0-9a-f-]{36}$")
Then:
- Cache eligibility: Eligible for cache
- Edge TTL: Override origin, 7 days
- Browser TTL: Override origin, 1 year (31536000 seconds)
- Cache Key: Include query string = No
Rule 2: Bypass Cache for Aliases
Aliases need dynamic resolution, bypass cache.
When: Custom filter expression
(http.host eq "cdn.banatie.app" and http.request.uri.path matches "^/[^/]+/[^/]+/img/@")
Then:
- Cache eligibility: Bypass cache
Rule 3: Bypass Cache for Live URLs
Live URLs need dynamic generation, bypass cache.
When: Custom filter expression
(http.host eq "cdn.banatie.app" and http.request.uri.path matches "^/[^/]+/[^/]+/live/")
Then:
- Cache eligibility: Bypass cache
Page Rules (Alternative)
If not using Cache Rules, use Page Rules:
Page Rule 1: Cache UUID Images
- URL:
cdn.banatie.app/*/img/* - Cache Level: Cache Everything
- Edge Cache TTL: 7 days
- Browser Cache TTL: 1 year
Page Rule 2: Bypass Aliases and Live
-
URL:
cdn.banatie.app/*/img/@* -
Cache Level: Bypass
-
URL:
cdn.banatie.app/*/live/* -
Cache Level: Bypass
DNS Configuration
Ensure DNS records point to your VPS:
cdn.banatie.app A YOUR_VPS_IP Proxied (orange cloud)
SSL/TLS Configuration
- SSL Mode: Full (strict)
- Always Use HTTPS: On
- Automatic HTTPS Rewrites: On
- Minimum TLS Version: TLS 1.2
Performance Settings
- Auto Minify: CSS, JavaScript (not HTML for API responses)
- Brotli: On
- Early Hints: On
- Rocket Loader: Off (may break API responses)
Security Settings
- Security Level: Medium
- Challenge Passage: 30 minutes
- Browser Integrity Check: On
Rate Limiting (Optional)
Create rate limiting rule for live URL abuse prevention:
Rule Name: Live URL Rate Limit
When:
(http.host eq "cdn.banatie.app" and http.request.uri.path matches "^/[^/]+/[^/]+/live/")
Then:
- Rate limit: 10 requests per minute per IP
- Action: Block for 1 minute
Verification
After configuration:
-
Test UUID caching:
curl -I "https://cdn.banatie.app/org/proj/img/uuid-here" # Check for: cf-cache-status: HIT (on second request) -
Test alias bypass:
curl -I "https://cdn.banatie.app/org/proj/img/@alias" # Check for: cf-cache-status: DYNAMIC or BYPASS -
Test live URL bypass:
curl -I "https://cdn.banatie.app/org/proj/live/scope?prompt=test" # Check for: cf-cache-status: DYNAMIC or BYPASS
Troubleshooting
Images not caching
- Verify the URL matches UUID pattern (36 character UUID)
- Check Cache Rules order (UUID rule should be first)
- Purge cache and retry
Alias/Live URLs being cached
- Verify bypass rules are active
- Check rule order (bypass rules should run before catch-all)
- Development mode may disable caching
Slow first requests
- Expected behavior for cache MISS
- Subsequent requests from same edge should be HIT
- Consider using Cache Reserve for longer edge retention
Notes
- UUID pattern ensures only static, immutable images are cached at edge
- Aliases and live URLs are always fresh from origin
- 1-year browser cache is safe because UUID = immutable content
- Cloudflare caches at edge, browser caches locally