Why I moved to Cloudflare

So I’m a shameless geek, and I’ve been playing around with technology for quite a while now. Along the way I’ve built a lot of cool stuff and had a blast learning all about it.

Problem is, my infrastructure ended up looking like a bloody Rube Goldberg machine of ‘things which seemed cool to learn about at the time’

In my personal life, I have

• Linux servers in AWS and at home
• Domains registered in AWS
• DNS in ns-one,
• Routing via Nginx or Traefik
• SSL via letsencrypt
• WAF in AWS or the apache OWASP Modsecurity plugin for Traefik
• Back end in docker

This has been an awesome learning experience, but along the way I lost sight of the important fact that complexity is risk, from a management and security point of view. Also that specialists can do some jobs better than I can.

In my professional life, I use cloudflare for this reason. It is built by specialists and offers everything in front of your web presence including DNS, WAF, Proxy, SSL and much more. Even better, a lot of this is available in the free tier.

Today I realised that I’m professionally quite smart, and privately a massochistic idiot, so in a ‘new year, new me’ moment I decided to move all my web fronting to Cloudflare.

I have a number of sites on the internet, including this one. I picked Fukka because I can play with it without annoying my family when it breaks but, in truth, the entire migration took about 10 minutes. I literally did it while on hold for a conference call this morning. SSL, Proxy, Caching, WAF and IP flood protection all done in a few clicks and a root DNS change.

So, next steps are to move all my domains to Cloudflare as registrar, then proxy all my home-based services and domains through them. Doing this my final stack will be

• Linux in AWS and at home
• Cloudflare for DNS, domains, SSL, caching and WAF
• Routing via Traefik or Nginx (which I may move to traefik)
• Docker

I will then try and avoid the urge to pay for all the other cool things CF can do!

If, like me, you are doing everything through a self-assembled Rube Goldberg machine just because it evolved that way, maybe take a look at your options!