CloudFlare’s Free Service

cloudflare-free Header Image
Left Arrow
Jeff Bower | 2024-10-10

I’ll start with my infrastructure Swiss Army Knife - CloudFlare. With my Akamai heritage this may be a bit surprising to some, but CloudFlare’s free tier is pretty nice, nice enough we forgot to switch to paid when we went live just for the extra support (oops!).

Domain Registrar

For a reasonable price you can purchase and maintain your domain name, comparable to any other registrar. If you need a specific, non-standard, TLD you may need to shop around, but remember that non-standard TLDs can break certain tooling if you’re using it for email - plus they can be pretty expensive.

DNS

They have a nice DNS service including API access so I can write my own Dynamic DNS and CertBot renewal scripts. They have the standard bells and whistles, of course full IPv6 AAAA record support, support for multiple A/AAAA records, etc. You don’t get robust DNS-layer load balancing, but it’s a free service and proper feedback-based load balancing is a complex feature.

Email Management

This one is a C+ quality and still needs some work, but I can use CloudFlare to send and receive emails from my personal domain and forward them elsewhere like a personal @gmail.com address (stay tuned for my longer term solution). It also supports DMARC management in beta, which is better than nothing but not overly feature-rich. The problem is that email routing is a bit complex, not to configure but email is just a terrible protocol (come back Google Wave!). CloudFlare’s servers are flagged as open relays by some spam blacklist companies, they seem to offer email filtering as part of the “service” and silently drop emails from certain senders, and one company I worked with I could not send emails to because they also used CloudFlare to front a free Gmail address. Still, not enough pain with this feature to cause me to migrate en masse.

Content Delivery

Of course, CloudFlare is a CDN. They’ll cache much of my content and improve both performance and reduce load on my origin sitting off a consumer-grade ISP. There’s tooling to purge the cache (I fixed this via some simple PHP, in “dev mode” I’ll load many of these files inline rather than do constant purges) as well as some basic reporting available.

Security

Obviously, CloudFlare has more bandwidth than I do so basic DDoS attacks wouldn’t be a blip to them but could crush my infrastructure. But a pleasant surprise was mTLS support. Some of my services I wanted to be more secure, so I can install a client-side cert into my browser and CloudFlare will do the heavy lifting around making sure that cert is present before I can access the service even when I don’t have access to the codebase to add more robust login support..

Summary

I’m using a fraction of what CloudFlare offers for free, but much of that is intentional. All of these components are well-understood and I can replace CloudFlare easily from each function (granted, DNS would be painful!). While I have suffered through a few outages, CloudFlare’s Root Cause Analysis reports are always a good read and take an honest look at how they broke something and how they’ll fix it going forward. For anyone wanting to learn more about basic Internet infrastructure or CDNs, CloudFlare’s free tier is pretty top notch.