Challenges behind the scenes of the large Swiss e-Commerce shop apfelkiste.ch and the role of CloudFlare - Sven Härtwig, CTO narf-studios GmbH
Full video recording of the Talk: https://youtu.be/PlQhYAzYx3M
Similaire à Challenges behind the scenes of the large Swiss e-Commerce shop apfelkiste.ch and the role of CloudFlare - Sven Härtwig, CTO narf-studios GmbH
Similaire à Challenges behind the scenes of the large Swiss e-Commerce shop apfelkiste.ch and the role of CloudFlare - Sven Härtwig, CTO narf-studios GmbH (20)
2. About me
Sven Härtwig
CEO – narf-studios GmbH
About narf-studios
Digital agency with a strong technical focus.
Based in Hamburg.
Specialized in E-Commerce projects with Magento.
www.narf-studios.de
3. About apfelkiste.ch
One of the TOP 30 Online shops in Switzerland.
Currently more than 25'000 unique products on stock.
Up to over 9 million pageviews a month.
Always fast growing in new products and traffic.
On Cloudflare for 5 years now.
4. Problems
• get out of the line of fire of potential attacks (DDoS / other attacks)
• Speed. We need more speed!
• Optimize processes
• Reduce workload of the webservers
5. In this example all the traffic coming to the subdomain shop is being routed through the cloudflare proxy.
The IP of our origin server is now hidden from the internet by cloudflare. Do this with a new IP address!
An attacker does not know the IP address of the actual origin server and puts all his effort to ...
the protection of Cloudflare.
In the line of fire!
DNS Obfuscation
6. Cloudflare protects the infrastructure from a DDoS attack with a global capacity of 59 Tbps (7,375 TB/s).
Should be enough.
Cloudflare can manage most of the incoming common threats. (DDoS, known exploits, Rate limiting)
Nothing is secure by 100%! Things like XSS are still vulnerable!
You have to secure your application (anyway)
... by firewall rules
... by always remembering the existence of murphy's law when developing your application
... by avoiding doing stupid things
In the line of fire!
Protection (DDoS / WAF)
7. In the line of fire!
Firewall
Cloudflare offers rulesets (managed rules) for different web applications which can
be turned on with one click and keeps you safe for a lot of known attacks related to your software
8. Speed!
At first there is the slowness
Old setup – before we knew nine ;)
• (poor configured) Varnish as caching layer
• no CDN at all. Followed by a CDN provider which latency was worse than without a CDN.
• no optimized processes.
10. Why speed matters!
• Users hate a slow website. If it is too slow ... they are gone.
This means: YOU are losing money!
• Search Engines are creating a score of your website.
The speed is an important criterion for your ranking.
This means: less traffic / higher costs to get traffic and this means: YOU are losing money!
• Each improvement in speed performance matters and enables your users to access your website more
quickly or even at all (think of mobile users sitting in a train).
This means: YOU are earning more money!
Speed!
11. With Cloudflare in front
Speed!
Together with nine we put cloudflare in front of our setup.
Result:
• a fully working full page cache (FPC) with a CDN for all assets which can be handled really easy
• no VCL configuration needed. Only pagerules are needed which can be set up on the CF
dashboard very easy.
13. Speed!
How cloudflare helped us so far
• Very low latency for dns lookups and response times for content (if located in the edge cache)
• The edge cache of Cloudflare.
14. Speed!
Some speed optimization tools CF offers
• Auto minify
HTML / CSS / JS can be minified by CF.
• Polish
Reduces the image size by removing metadata and applies compression (lossless, lossy, webp) if
configured to.
• Brotli (compression)
• HTTP2 Priorization / TCP Turbo / Rocket Loader / Railgun / prefetch
• Mirage (beta)
• AMP Real URL
15. Speed!
Pagerules + the edge cache
• Every asset / route (GET Requests) can be stored in the edge cache configured by a pagerule.
• It is easy to purge the caches either on the dashboard or by using the API.
Possible ways:
URL = https://www.narf.it/product.html || https://www.narf.it (for purging only the homepage)
Hostname = www.narf.it
tag = products
prefix = css (purge all cache objects contained by the folder or url segment "css". narf.it/css/*
recursively)
Or just purge all!
16. Speed!
A simple pagerule
This simple rule would cache all .html docs for all subdomains of narf.it for 7 days in the CF edge cache.
17. Speed!
What you can do with pagerules
CF offers you a lot of possibilities you can combine.
Most used use cases for pagerules are:
• cache rules
• do not cache rules which override previously defined caching rules
• more specific caching rules for assets
(for example: higher edge / browser cache ttl for image files which never
change => also improves the performance)
• 30x forwardings based on routes
18. Speed!
Problems with purging the caches.
Purging cache objects by URL is okay... but not if you have to purge thousands of unique URLs.
Each purge API request is limited to 30 entries.
This may lead to a very time consuming process which can take ages.
Purging all CF cache nodes may take up to 30 seconds.
19. Speed!
A better purging process
Purging by URL
ladekabel/kabel.html
apple/kabel.html
zubehor/kabel.html
Purging by tag
ladekabel/kabel.html
apple/kabel.html
zubehor/kabel.html
Hey CF. Please purge:
url: ladekabel/kabel.html,
url: apple/kabel.html,
url: zubehor/kabel.html
Hey CF. Please purge:
tag: kabel
add cache tag to all
URLs: kabel
}
done by the application
with a response header
20. Workers
What is it good for?
Cloudflare Workers provide a serverless execution environment based on javascript.
Some things a worker can do:
• change requests and responses
• fetch / send data from / to other origins or our webserver in the background
• store and use limited data as environment variable
• replace html without purging caches