Cloudflare Pages, Hugo, and You
This is the first post after migrating this blog to cloudflare-pages hosted (pushed from gitlab.com). Why?
This blog is assembled using Hugo, a static site generator. This makes the server-side basically irrelevent. There’s no PHP, dotnet, Perl or Coldfusion that needs to run. The site is effectively ‘compiled’ into it’s final form. So really, there’s no reason to pay $12/mo to host it on Linode. But I have been, for over a decade (granted, it was less money a decade ago).
The Linode VM, to be fair, also hosted other services: Mumble to voice chat with my friends (who have all moved to Discord), XMPP to text chat with… well, nobody. A few other things I’m sure I forgot about as they’ve slowly bitrot over years of updates/lack of use/lack of care.
So the decision was made: Get something else to host my website, and ditch the Linode.
The obvious answer is gitlab.com’s ‘Pages’. And I’ve had a test build of this site on gitlab pages for a long time. The source for this site is hosted in a Gitlab.com repo, and has been for years (Previously, I used a self-hosted gitlab instance which worked well – until a fairly minor issue I just didn’t care to spend time to fix killed it. It is effectively just a checkbox to have it build a hugo-based website, totally automatically. I like gitlab, in general.
However, there’s one significant feature that Cloudflare Pages has, that Gitlab Pages does not:
Gitlab has had IPv6 as an open issue for years. I’ve actually been hopeful they’d resolve it, but alas, they don’t seem to be interested. But cloudflare can do it. It wasn’t even something I had to figure out how to turn on – it works by default.
Cloudflare can link to your gitlab repo, and builds updates seemingly faster than I can alt-tab to my browser. There’s a ton of amazing features – if you pay the big bucks. But even the free-tier account gives a decent selection of features: My site is now hosted worldwide in their CDN, rather than a single-core VM in Toronto. So next time somebody in Japan wants to figure out how to get PS2 Trackpoint scrolling to work in Wayland, they’ll have a decent page-load experience.
So that solves hosting the page content, but there’s still the matter DNS… The problem is, I can’t change my A/AAAA records. Cloudflare’s global CDN means there’s a lot of fluctuating IP addresses that will serve my page. That’s fine, that’s what CNAMEs are for, right? Well, no. The URL I’ve always published is “chrisirwin.ca”, not “myblog.chrisirwin.ca”, etc. The boring bit is: You can’t do a top-level CNAME. Well, to be accurate, you can, but you can’t have any other subdomains. Since I use this domain for a bunch of other stuff still as well, CNAME on chrisirwin.ca is out of the question.
I could move it to “blog.chrisirwin.ca” (and at time of writing, that’s a valid instance of this site, and where I was testing). However, I’d still need something listening on chrisirwin.ca and issuing 302 directives. Which means “Cloudflare pages and…”
It turns out, cloudflare solved this, too… IF you use them as your DNS provider. They’ll let you define a top-level CNAME, but knowing that causes problems, they’ll actually pro-actively resolve it at the DNS server-side before answering DNS requests.
My configuration says “chrisirwin.ca –CNAME–> cloudflare pages”, but a DNS query actually returns “chrisirwin.ca -A/AAAA-> ipv4/ipv6 address for cloudflare pages”.
Then it was just migrating a DNSSEC-protected domain zone between providers. I spent a lot of time worried about this, reading docs and articles. It turns out, it works pretty much like the docs say: Disable DNSSEC, wait a day, update your nameserver records to point to cloudflare, then enable DNSSEC again (and copy cloudflare’s DNSSEC public key back to your registrar to add to your domain – in my case, Gandi).
So now, a little over 24 hours since I started, this domain seems to be completely migrated. Unless you can’t read this post, then I didn’t configure something correctly, and you should disregard this article you didn’t just read.