Or you could simply try another service or DIY it with a cheap VPS, instead of trying to make CloudFlare work.
It’s not like CloudFlare used in this way is anything that you can’t do with nginx on a VPS at a well connected hosting provider.
Who would you suggest in MIA and LAX?
vultr?
Maybe webnx in la.
They’ve been there for quite a lot.
As for Mia IIRC @HIVELOCITY has their dc full.
Maybe Tampa?
Quadranet?
2 Likes
Thanks for the suggestions folks!
1 Like
Our MIA data center is not full. We actively deploy servers in MIA daily.
2 Likes
Wrong assumption then 
If you are only interested in improving routing, I’ve achieved this by using a simple SSH tunnel on a vps that has ideal routing and add that url to plex.
I’m using Hetzner for my Plex server. I have users in Europe and a few in Canada. I’ve used NS1 free DNS geo routing before so the users from Canada can connect through the proxy in OVH BHS and the users from Europe can connect directly to the origin server. That was back in December.
Now I’ve moved to another server on Hetzner and everything’s working fine without the OVH proxy in BHS and everyone directly connects to Hetzner and streams without any problems (thanks to Google’s BBR), but in case I have to set up a proxy for my Canadian users what would be the best way to do it? Is geo routing the only way? Issuing Let’s Encrypt certificates and moving them to the proxy server is PITA when you’re a noob, even more now that I serve hybrid ECDSA and RSA certificates.
I’ve used Cloudflare for a while and did like 500 GB of traffic in 30 days and I didn’t receive an abuse email or anything, but one of my users in Vancouver has troubles with his ISP and Cloudflare so I disabled it. Now he’s streaming fine again even though the ping is ~160ms. I’m fine with using Cloudflare, I’ll even pay for Argo, but I’d like to have more control over my web servers. That’s why I’m asking if DNS geo routing is the only way to do this? Is there a better way?
2 Likes
Won’t the SSH connection add unnecessary overhead due to the extra encryption?
Yes it will. You get much better performance using a reverse proxy and doing all of this backend bit over HTTP.
2 Likes
You mean you disable secure connections or only connect to your domain via http? This is not practical and depending on how your data connection is like if you are public wifi and not using vpn; secure connection may be faster.
Certain Plex clients don’t support SSL, so forcing secure connections is a bad idea. I don’t think he’s suggesting disabling secure connections though.
Since you bring this up; maybe this is why cloudflare detects OP traffic as abuse. I’m looking at the reverse proxy logs and the only http traffic is from an old tv when the default setting is preferred for secure connections.
No. Cloudflare is already terminating the SSL connection for you. You can also terminate yourself (on the OVH VPS) and then go forward to Plex on Hetzner over HTTP and the client will be none-the-wiser.
than I have to admit I’m not understanding the situation as it would imply you are setting your clients to allow insecure connections when alot of them are set to never.
The client still connects over HTTPS to Cloudflare or wherener you terminate SSL on. The forward request from that point can be HTTP and the client will not know. The plex server doesn’t care whether the request comes over HTTP or HTTPS.
As far as I know, HTTP/2 is only enabled when using TLS, so you’ll likely want to use HTTPS to the origin server to take advantage of the newer features (multiplexing, etc). The HTTP/2 spec was updated to allow usage without TLS, however no browsers implemented that. The overhead of TLS is lower than SSH tunneling, and HTTPS is usually faster than HTTP now due to HTTP/2.
1 Like
HTTP/2 only works from Cloudflare to the client. This means that HTTP/2 to the client is used regardless of HTTPS support at the origin, and enabling HTTPS at the origin doesn’t enable HTTP/2 to cloudflare.