Preface:#
Recently, I have been using a home mini server to provide scientific internet access for my home devices. I usually prefer to use high-rate nodes, which can cause the traffic to run faster. So, I set up a Hong Kong BPG server to serve as a proxy node for large-scale downloads and provide acceleration for large traffic. However, the network connection is not very good, and the speed is very slow. Although using Cloudflare's node improved the speed a bit, the latency is still high.
So, I watched a video by Liang Lin on YouTube:
I scanned the IP for reverse proxying Cloudflare to accelerate the nodes and found an IP that significantly improved the speed and latency:
With a speed of over 400,000 Kbps, even when I connect directly or use Cloudflare, the speed is only a few thousand to tens of thousands. This speed improvement is remarkable. So, I thought if I can accelerate the nodes, can I also accelerate websites that use Cloudflare? Therefore, I explored and found a solution. If you are only interested in accelerating nodes, you can directly watch the video to learn the operational process. If you want to accelerate websites that use Cloudflare, you can also watch the video first to see how to scan Cloudflare's IP for reverse proxying before continuing to read the following content.
User Guide:#
The video above teaches how to speed up a VPS server that has set up nodes. No matter how poor the network connection of your machine is, you can still see a significant improvement. Similarly, we can directly accelerate websites that use Cloudflare with these reverse proxy IPs. I recommend that you watch the video first to learn how to obtain reverse proxy IPs.
Further reading: Using Cloudflare CNAME to connect to custom domain
Accelerating website access for domestic users through CloudFlare+SaaS origin IP selection
After reading the Cloudflare official documentation, I did not find any mention of charges for this project. It should be free. When you sign up, you need to authorize with a credit card or PayPal.
Obtaining Reverse Proxy IPs:#
First, we open: https://fofa.info. After opening, you can register an account first, and then you can export and download later.
Reference search syntax:
Domestic reverse proxy IP: server=="cloudflare" && port=="80" && header="Forbidden" && country=="CN"
Exclude CF: asn!="13335" && asn!="209242"
Alibaba Cloud: server=="cloudflare" && asn=="45102"
Oracle Korea: server=="cloudflare" && asn=="31898" && country=="KR"
BandwagonHost: server=="cloudflare" && asn=="25820"
Based on these syntaxes, you can search for reverse proxy IPs for Cloudflare by yourself. However, there is one question: can these node IPs be used to accelerate both nodes and websites? I have tested it, and it is possible. During my testing, I directly selected IPs that can be used to accelerate nodes based on the video tutorial above, and then I accelerated websites.
As for those IPs that cannot be used to accelerate nodes, whether they can be used to accelerate websites, you need to try it yourself. In theory, it should be possible. There is another question: in the video, there is acceleration for nodes on port 80 and port 443. Some IPs can accelerate both ports, while some IPs can only accelerate port 80 and not port 443. In my testing, those IPs that cannot accelerate port 443 for nodes can still be used to accelerate websites without any issues.
Website Acceleration:#
First, we add an A record resolution, and the resolved IP is our server's real IP (Enable proxy? I enabled it. If it is not enabled, I am not sure if it will have any impact):
Then, in the sidebar, go to SSL/TLS - Custom Hostname:
In the fallback origin, enter the domain name you just resolved. After saving, the fallback origin status should be valid before proceeding with the next steps:
Then, add another custom hostname (the domain name you want to accelerate):
There are two certificate verification methods: HTTP verification and TXT verification. You can choose either one. Then, you will get the content that needs to be resolved, as shown in the image below:
After resolving the domain name verification, you can resolve the A record of the domain name you want to accelerate to the reverse proxy IP of Cloudflare. You can use tools to filter out IPs with lower latency in China.
Frequently Asked Questions + Advanced Techniques:#
Suppose my fallback origin is set to dns.a8dog.com (resolved to the server IP), and my accelerated domain name is cloudflare.a8dog.com.
If my cloudflare.a8dog.com domain name, due to poor or failed reverse proxy node speed, I change the resolution record, then the SSL/TLS - Custom Hostname for cloudflare.a8dog.com will show an invalid status and needs to be resolved again based on the new resolution.
If we frequently update the resolution and need to re-verify the hostname status each time, it can be troublesome. We can directly set a new resolution, such as dns2.a8dog.com, and resolve this domain name to the reverse proxy IP of Cloudflare. Cloudflare supports multiple IPs for a second-level resolution. Then, we resolve our accelerated domain name cloudflare.a8dog.com to dns2.a8dog.com. By controlling the dns2 domain name each time we change the node IP, we can avoid frequent re-verification of the hostname status.
For example, if your domain name resolution is on a domestic server and you want to use Cloudflare to accelerate foreign access speed or for defense, you can also use the connection method described in the tutorial above. The disadvantage is that you must have a domain name on Cloudflare. If your DNS resolution has intelligent resolution, you can provide this method to distribute overseas resolution to reverse proxy IPs of Cloudflare.