Lessons Learned from Migrating to Cloudflare

In anticipation of growing traffic, a few websites are migrated to Cloudflare for better user experience. Here are the lessons learned:

1. Auto DNS record import is not perfect

The automatic DNS record import feature comes in very handy, but it may be tricky if you have something more than simple DNS records.

Since the first few migrations are very sucessful, I go on to migrate a site with more DNS records. What surprises me is that some DNS records are missing. The fact is, Cloudflare only imports common hostnames e.g. www, ftp, etc, and does not import the uncommon ones. Therefore, always make sure that all DNS records are imported during migration. See this post.

2. Beware of non-standard port usage

I have a backend web service that uses port 8080. After migration to Cloudflare, it is not reachable any more and the error code in browser is SSL_ERROR_RX_RECORD_TOO_LONG. This error happens when a HTTP response is given when the browser expects a SSL handshake response.

The official documentation states that port 8080 is one of the HTTP ports supported. It means that even though my backend service (origin) supports HTTPS at port 8080 and Cloudflare communicates with it using HTTPS, Cloudflare returns a plain HTTP response to the browser and results in a SSL error because a SSL connection cannot be established between the browser and Cloudflare.

To workaround this, don’t use ports other than 80 and 443. But if you do need other ports, use the ports listed in the official documentation.

Conclusion

Cloudflare makes websites fast and secure (for free). Using Cloudflare is a great way to workaround some technical limitations of the origin servers and enable the use of faster protocols like HTTP2 and TLS1.3. And having a CDN means that different parts of the world can reach the websites quickly. Just be cautious of the above traps and enjoy the free benefits brought to you by Cloudflare.