New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
100 mbit speed limit issue fixed
OS : CentOS 7.7.1908 (64 Bit)
Virt/Kernel : KVM / 3.10.0-1062.1.1.el7.x86_64
CPU Model : QEMU Virtual CPU version 2.5+
CPU Cores : 1 @ 3792.874 MHz x86_64 512 KB Cache
CPU Flags : AES-NI Disabled & VM-x/AMD-V Enabled
Load Average : 0.00, 0.03, 0.07
Total Space : 29G (1.4G ~6% used)
Total RAM : 990 MB (69 MB + 77 MB Buff in use)
Total SWAP : 1023 MB (0 MB in use)
Uptime : 0 days 2:42
ASN & ISP : AS62068, SpectraIP B.V.
Organization : SpectraIP B.V.
Location : Amsterdam, Netherlands / NL
Region : North Holland
## Geekbench v4 CPU Benchmark:
Single Core : 4488 (EXCELLENT)
Multi Core : 4323
## IO Test
CPU Speed:
bzip2 : 147 MB/s
sha256 : 334 MB/s
md5sum : 656 MB/s
RAM Speed:
Avg. write : 5256.5 MB/s
Avg. read : 10444.8 MB/s
Disk Speed:
1st run : 2.0 GB/s
2nd run : 2.0 GB/s
3rd run : 2.0 GB/s
Average : 2048.0 MB/s
## Global Speedtest
Location Upload Download Ping
Speedtest.net 13.70 Mbit/s 257.77 Mbit/s 3.749 ms
UK, London (toob Ltd) 143.12 Mbit/s 450.17 Mbit/s 6.892 ms
France, Lyon (SFR) 11.96 Mbit/s 122.95 Mbit/s 16.466 ms
Germany, Berlin (DNS:NET) 126.71 Mbit/s 20.21 Mbit/s 15.756 ms
stem Information
OS Name : CentOS Linux release 7.7.1908 (Core) N (64 bit)
Kernel : KVM / 3.10.0-1062.1.1.el7.x86_64
Hostname : ryzen.vps.comm
CPU Model : QEMU Virtual CPU version 2.5+
CPU Cores : 1 core @ 3792.874 MHz
CPU Cache : 512 KB
Total RAM : 990 MiB (Free 811 MiB)
Total SWAP : 1023 MiB (Free 1023MiB)
Total Space : 29GB (5% used)
Running for : 2hrs 58min 59sec
## CDN Speedtest
CacheFly : 54.87 MiB/s | 438.97 Mbps | ping 1.065ms
Gdrive : 10.97 KiB/s | 0.09 Mbps | ping 1.153ms
## North America Speedtest
Softlayer, Washington, USA : 5.62 MiB/s | 44.97 Mbps | ping 80.130ms
SoftLayer, San Jose, USA : 3.17 MiB/s | 25.32 Mbps | ping 141.330ms
SoftLayer, Dallas, USA : 0 B/s | N/A | ping error!
Vultr, New Jersey, USA : 0 B/s | N/A | ping 80.276ms
Vultr, Seattle, USA : 10.97 MiB/s | 87.79 Mbps | ping 147.175ms
Vultr, Dallas, USA : 11.60 MiB/s | 92.83 Mbps | ping 113.271ms
Vultr, Los Angeles, USA : 11.02 MiB/s | 88.17 Mbps | ping 146.692ms
Ramnode, New York, USA : 5.63 MiB/s | 45.01 Mbps | ping 74.187ms
Ramnode, Atlanta, USA : 4.21 MiB/s | 33.68 Mbps | ping 102.037ms
OVH, Beauharnois, Canada : 3.45 MiB/s | 27.62 Mbps | ping 90.140ms
## Europe Speedtest
Vultr, London, UK : 54.05 MiB/s | 432.38 Mbps | ping 7.815ms
LeaseWeb, Frankfurt, Germany : 45.14 MiB/s | 361.09 Mbps | ping 7.686ms
Hetzner, Germany : 37.61 MiB/s | 300.86 Mbps | ping 10.008ms
Ramnode, Alblasserdam, NL : 52.95 MiB/s | 423.62 Mbps | ping 3.668ms
Vultr, Amsterdam, NL : 55.43 MiB/s | 443.46 Mbps | ping 1.886ms
EDIS, Stockholm, Sweden : 3.68 KiB/s | 0.03 Mbps | ping 22.424ms
OVH, Roubaix, France : 39.33 MiB/s | 314.60 Mbps | ping 10.282ms
Online, France : 36.94 MiB/s | 295.55 Mbps | ping 13.368ms
Prometeus, Milan, Italy : 7.29 KiB/s | 0.06 Mbps | ping 18.682ms
as @RickBakkr said, it's encrypted from you to CF and (potentially, you have no way to know) from CF to the backend server. But it has to be unencrypted on CF end. If they wanted, CF could harvest users data. Maybe they do, maybe they don't. But using them when you are an EU provider makes your customer's private information transit through a US company. Sounds a big weird to me: I'd rather connect directly to the provider I decide to trust with my personal information. I understand that CF is useful, easy, cheap, but is that a reason to use them for the most sensitive area of a website? I don't think so.
`--------------------------------------------------------------
CPU model : QEMU Virtual CPU version 2.5+
Number of cores : 1
CPU frequency : 3792.874 MHz
Total size of Disk : 29.0 GB (1.4 GB Used)
Total amount of Mem : 990 MB (71 MB Used)
Total amount of Swap : 1023 MB (0 MB Used)
System uptime : 0 days, 3 hour 1 min
Load average : 0.33, 0.11, 0.11
OS : CentOS 7.7.1908
Arch : x86_64 (64 Bit)
Kernel : 3.10.0-1062.1.1.el7.x86_64
I/O speed(1st run) : 1.9 GB/s
I/O speed(2nd run) : 2.1 GB/s
I/O speed(3rd run) : 2.0 GB/s
Average I/O speed : 2048.0 MB/s
Node Name IPv4 address Download Speed
CacheFly 205.234.175.175 56.4MB/s
Linode, Tokyo2, JP 139.162.65.37 3.83MB/s
Linode, Singapore, SG 139.162.23.4 439KB/s
Linode, London, UK 176.58.107.39 47.4MB/s
Linode, Frankfurt, DE 139.162.130.8 40.2MB/s
Linode, Fremont, CA 50.116.14.9 4.25MB/s
Softlayer, Dallas, TX 173.192.68.18 5.87MB/s
Softlayer, Seattle, WA 67.228.112.250 5.26MB/s
Softlayer, Frankfurt, DE 159.122.69.4 2.96MB/s
Softlayer, Singapore, SG 119.81.28.170 4.18MB/s
Softlayer, HongKong, CN 119.81.130.170 375KB/s
----------------------------------------------------------------------`
``
asic System Information:
Processor : QEMU Virtual CPU version 2.5+
CPU cores : 1 @ 3792.874 MHz
AES-NI : ❌ Disabled
VM-x/AMD-V : ✔ Enabled
RAM : 990M
Swap : 1.0G
Disk : 29G
fio Disk Speed Tests (Mixed R/W 50/50):
iperf3 Network Speed Tests (IPv4):
Provider | Location (Link) | Send Speed | Recv Speed
| | |
Bouygues Telecom | Paris, FR (10G) | 488 Mbits/sec | 6.86 Mbits/sec
Online.net | Paris, FR (10G) | 494 Mbits/sec | 441 Mbits/sec
WorldStream | The Netherlands (10G) | 497 Mbits/sec | 471 Mbits/sec
wilhelm.tel | Hamburg, DE (10G) | 493 Mbits/sec | 462 Mbits/sec
Biznet | Bogor, Indonesia (1G) | 215 Mbits/sec | 111 Mbits/sec
Hostkey | Moscow, RU (1G) | 465 Mbits/sec | 390 Mbits/sec
Velocity Online | Tallahassee, FL, US (10G) | 297 Mbits/sec | 181 Mbits/sec
Airstream Communications | Eau Claire, WI, US (10G) | 181 Mbits/sec | 73.6 Mbits/sec
Hurricane Electric | Fremont, CA, US (10G) | 240 Mbits/sec | 159 Mbits/sec
Geekbench 5 Benchmark Test:
Test | Value
|
Single Core | 967
Multi Core | 962
I think the most informative tests are:
curl -LsO bench.monster/speedtest.sh; bash speedtest.sh -eu
curl -sL yabs.sh | bash
(curl -s wget.racing/nench.sh | bash; curl -s wget.racing/nench.sh | bash) 2>&1 | tee nench.log
But you guys started from the 3rd...
What control panel is used?
Virtualizor (with full KVM virtualization).
Still the speed doesn't seem promising.
Iperf3 testing on a VPS gives us ± 500 mbps bandwidth.
As long as the provider is using an SSL certificate on the backend webserver, the only thing cloudflare can harvest is your IP, the ports your connecting to, the size of the encrypted packets, etc. Because the entire session is encrypted.
And if a provider isn't using SSL on their backend, them using cloudflare is the least of your worries to begin with.
I really hope you aren't serious with this website. Let's look through some of the bullet points listed:
"Falsely advertising their VPN application," it's the same as any other VPN service, of course it passes the data to another provider.
"Cloudflare weakens the security and privacy of encrypted connections" This is addressing the "flexible" SSLs where the backend webserver isn't using HTTPS.
"Cloudflare isn't safe because they run DNS resolvers, nameservers, and domain registration services." This has to be a joke.
And literally at the bottom of the page, it says
Well, it's factual that cloudflare runs resolvers, nameservers, registrar, NTP servers and VPN servers. At least he got that part right I guess..
Of course we use a SSL certificate on the backend webserver. We use SSL on both the backend webserver and via CloudFlare.
Hell no... that would only be possible if Cloudflare proxied raw TCP, which they don't, or they are really gracious with their IPs. They TERMINATE the connection between end user and them and between them and your backend server. The contents of pages are visible to them. So yes: the connections are encrypted: but only between end user and Cloudflare, and between Cloudflare and the backend server. The man in the middle can see everything - including your sensitive data.
Figure this: if it is all encrypted as per your statement: how do they know what backend to forward to? Usually this is determined by a Host header, but like you said: encrypted. They cannot know any hostname without terminating SSL on their box hence losing the 'security' you meant to gain by applying SSL.
It contains a lot of factual information, just meant as a parody on them trying to scare unknowing internet users about RPKI in the midst of a pandemic. Real smart move, Cloudflare... Rush is very good!!
--
That said: we are arguing about something very futile and says more about you than it does about me. Please don't reply sir. Don't spread more wrong information.
Lucas: very sorry for all of us breaking your thread. You are a great guy, I have known you for quite some time, nothing personal. Just hate to see people advocating a false feeling of safety. Whatever you do with it, is wholly up to you.
https://lmgtfy.com/?q=what+is+server+name+indication
https://www.cloudflare.com/learning/ssl/what-is-sni/
Is this really how you act when you link a site that literally says it may contain factual information and someone points it out?
Their flexible SSL plan is the only thing that operates like you're stating. The Full and Strict SSL modes are end to end encryption.
https://support.cloudflare.com/hc/en-us/articles/200170416-End-to-end-HTTPS-with-Cloudflare-Part-3-SSL-options#h_845b3d60-9a03-4db0-8de6-20edc5b11057
If they cannot read the content of your pages.. how do you think things like Rocket Loader, Access, or Apps work?
Rick is right.. please try to understand something before asserting that you are right about it.
Edit: Regarding the site saying it "may" be factual - that doesn't mean the content is not factual. In fact, you can find a lot of resources on the web that back up what the site says.
After all, Wikipedia has a disclaimer saying that it may not be factual, yet many of us understand it as a fairly reliable source of information, yes?
Rocket loader caches Javascript, that has nothing to do with debating their end to end encryption on Full SSL modes. They don't need to decrypt the session to cache scripts.
Wikipedia is community driven sourcing that anyone can edit. The website Rick linked is some guy's personal hatred of Cloudflare. The site he linked is 95% criticizing how large Cloudflare has become and the spread of their services, and 5% talking about the Flexible SSL plan which imho, should never be used for a production site.
@spectraip /64 will be auto-given or by ticket?
Rocket loader does not cache JavaScript, that has nothing to do with caching. They do need to decrypt the session to inject the Rocket Loader Javascript.
Besides, the fact that they serve pages with their own certificate is proof that they can see the decrypted version of a page..
Think about your logic. What you are saying is that, when you visit a HTTPS page in your browser, you cannot view the page's content.
None of what you're saying has anything to do with the end-to-end encryption. We weren't arguing about drawing cached page elements (Images/Javascript/Fonts), we were arguing about spying on USER INPUT over an encrypted session.
Not even sure what you're talking about with an SNI certificate, SNI allows you to use multiple SSL certificates on a single IP address. There's no "SNI certificate" being shipped by Cloudflare, SNI is an extension of TLS.
Either way, we've derailed this thread quite a bit, and we're not even arguing the original point of contention anymore.
So you think it's possible for CF to inject javascript into a page, but they cannot see input on that page?
I suggest you read up on SSL/TLS.
CloudF%&#! has your official cert, the one the users see and consider yours. Whether the traffic between CF and your server is encrypted is an entirely different question and largely unrelated.
httpS traffic is NOT public key/asymmetric encrypted but symmetric, e.g. AES. The key that's used to AES en/decrypt traffic however IS created/exchanged during the initial phase (KEX) using public key crypto.
So, a better visualization would be to say that CF actually runs your website - from the users perspective - but uses your original web server somewhat like a SAN, like a remote device holding data.
You, the user, run the side show. CF IS your web server as far as a user can tell. The TLS handshake and KEX (the critical and sensible part) are done by CF - and CF fully controls the session and can run a MITM any time it likes (or is told to ...). There may be legal barriers but technically and factually the service CF provides basically IS A MITM, albeit one that's authorized by the user.
Side note: it's largely legalese details what exactly CF is allowed or not allowed to do with its power but unless you spent 6 figures on a legal team negotiating a bespoke contract with CF you should assume that you basically gave them carte blanche ("sold your soul to the devil").
This holds also true for CF competitors - but them usually being dimensionally smaller your chances probably are much better. So, if you feel you need a CDN I strongly suggest to go with a provider who "has a face" and to whom you can relate, e.g. BunnyCDN, and preferably a european one.
@all Oh and please realize already that if you get something for free then usually YOU and/or your data is the price you really pay.
Anyone seriously "thinking" that a large corp. like CF gives away anything of value for free should urgently contact me for my current special on Eiffel Towers. In fact, if you buy both original Eiffel towers I'll throw in - for free! - the original ancient obelisk. Note that supply is limited.
@Swiftnode What they mean here is not that it's encrypted from the end user to your server. But from the end user to CF and from CF to your server. CF has full control on the data that transit through their servers, as they are the TLS termination for the end user. They technically can do whatever they want with it before they send it to your backend: it's not "end to end encryption", understood as from the end user to your webserver. Maybe they are trustworthy and won't do anything bad with your data. Maybe not. If you host some crap website it's likely fine, for a customer portal an in house solution - at least real full control on the encryption layer - would sound better to me.
wut, even if you get a 'virtual thread', it still has access to the whole cpu, and afaik you can't assign realthread+fakethread of a core lol, that's managed by the kernel and it already knows what's up
Guys, there's more posts about CloudFlare here than the offer...you can also open a separate thread to discuss that. ~O)
Kudos to @spectraip, I am using one of the machines and they are great! Great support as well
Good support and great machines. thanks to @spectraip
@spectraip.
Is the process automated?
Because mine is still pending after payment.
Already create ticket but still no answer.
New orders have been accepted manually, all VPS orders made today are delivered. If you did not receive the details, please send me a PM.
@spectraip
Thank you. Already received the details.
@spectraip can AES-NI be enabled upon request?
Sure, please submit a ticket for this.