Yesterday, Today on the Cloudflare Community

Welcome to Yesterday Today on the Cloudflare Community. I'm your host, Tim Clunan. If you'd like to know more about the Cloudflare Community, join us every Friday for a new edition of Yesterday Today. And today it's a very, very special Yesterday Today show. It's birthday week and we're happy you joined us for the celebration. Each week on Yesterday Today, we start by looking at the summary of popular topics and site traffic from last week with this community day and the community traffic report at 10 a.m. Pacific. That's followed by a review of top community issues from last week, the ever informative using the community tip, occasional interviews with community MVPs, Cloudflare employees and partners. And every week we feature in class with Cloudflare where we learn a few things from the community and put them into a Yesterday Today community tip. Before we get started today, let me invite you to join the show by submitting your questions to livestudio at Cloudflare.tv or hit the email to the show button on Cloudflare.tv. Turning to the traffic report. Overall community traffic was flat versus the prior week. Nonetheless, new posts were up significantly and new topics were up dramatically over the prior week. From this, we understand that the same number of people visited the community last week, but they spent more time and talked about a greater number of things. Driving the increased number of conversations were customers joining the community. Membership was up significantly week over week and remains up for the year. As a reminder, the Cloudflare community is a free service for all Cloudflare customers. Join the community to seek advice and insight about getting started with Cloudflare, using Cloudflare and solving issues if they arise. Join today to gain advice and insight for tomorrow. Moving on. On this community day last week, the top three searches on the community were regarding the NX domain error that we've seen come up frequently. Google Analytics, which like we've observed on our last show, doesn't really tell us exactly the nature of the searches, although we did do an in-depth analysis of that. And finally, the third most popular topic was the registrar lookup error 1110. The most popular category for discussion on the community last week was again the security category, with questions about WAF and DDoS attacks leading the discussion. That was followed by the second most active category of performance, with questions about routing leading that category. Finally, the general category with questions about page rules leading the discussion. Now normally at this point, we'd start talking about our main story today. But it's birthday week and that's always a bit different and it's quite special around here. So when we were doing the analysis for this week's show, we looked at what visitors were searching for on the community. And we noticed a couple of searches that on first glance seemed out of place or somewhat confusing. And we wanted to figure out exactly why we were seeing these search terms appear to see if we could help with some of the more obscure issues that people are asking about on the community. Specifically, the 73rd most popular search term caught our eye. But we ignored the oddity for a bit until we noticed the 83rd most popular term. At that point, we thought perhaps the confusingly odd search terms may be fodder for a new recurring segment on yesterday today. We were right that it may be a segment, but we were probably wrong about everything else. Clubs are customers from around the world. Please welcome for one show only confusing community search. In confusing community search last week, the most confusing searches on the community were for at number 87. We just call it the search term beginning with shh. At number 83, there were eight searches for Xena. And finally at number 73, the term that first drew our attention to confusing community search terms Capybara. We were delighted to find that the Capybara is actually a giant rodent native to South America. We were surprised to learn that at 100 pounds in weight and a meter in length, this gentle herbivore is the largest rodent in the world. That's relative to the common guinea pig. That's great, but it's kind of confusing. Why are visitors to the Cloudflare community looking for Capybaras? And perhaps the searches for shh and Xena came back with no results. So Capybara was the next most obvious search. We're not certain exactly why people were looking for Capybaras, but we were curious to learn more. We dug deeper and found that into this week's confusing searches, and we found that the Capybara is actually a software application written in Ruby that mimics the actions of users when they interact with websites. It's similar to the testing tool Selenium that you might be familiar with. So that's starting to make more sense. We still don't understand exactly why folks are looking for testing tool information on the community, but we know that the community is made up of a lot of very, very accommodating people. And from time to time, we see folks wander in with off-topic questions. When this comes up, the questions that require a lot of work are usually referred to the sites that are better equipped to handle their answers. But every now and then, the easy questions get addressed. I was thinking perhaps Capybara was in that category. It still does seem odd that we would see searches about a testing framework on the community, so we kept digging. On GitHub, I actually found a jQuery plugin demo that uses Capybara and cdnjs.Cloudflare.com. cdnjs is a content delivery network for open source libraries that Cloudflare works with very, very closely. This does shed light on why Capybaras were seen in the community last week. But more importantly, it also gives us an opportunity to speak about the Cloudflare community search. If you have questions about using Cloudflare, community search ought to be your first stop in looking for answers. Let's pause for a moment to talk about the word search. That seems odd, but it is the correct answer to 8% of the questions that were raised on the community last week. I suspect search is the correct answer for 25% of the questions that we see this week. For that reason, it's worth giving ourselves one last community birthday present during birthday week. When you search in the Cloudflare community, in addition to the keywords that you're looking for, add tags or topics to help you get started. You can use a topic like hashtag tutorial to understand how to use a feature and set it up, or you can use a hashtag community tip to help you troubleshoot problems that you see with using Cloudflare. To use these search functions, look for the tool tip in the community search box, and then add hashtag community tip or hashtag tutorial to your very, very first search. You may not need to do a second one. To give you an example, we actually went through and we started to look at some of the more popular errors, specifically the 524 error that we've seen quite frequently, and searched for 524 community tip, and the only four results that were returned were all tips that were going to lead me directly to helping me to solve that 524 error that I was seeing. This is a really, really powerful tool. We'd encourage you to take advantage of using the hashtags and the topics to refine your search further on the community. If you've watched Cloudflare TV this week, you've seen many of the most celebrated names in tech and beyond. They're not available to be on yesterday, today, maybe tomorrow, but the discussions that they've been having on Cloudflare TV are being rebroadcast so that they're easily accessible. Catch them if you can. It's actually just been a fantastic week of programming. Instead today, on Yesterday Today, we're going to talk about our birthday week presents. Because it's birthday week, this morning on Yesterday Today in the Cloudflare community, we're going to actually look at the best guesses for the 10th birthday gifts from the Cloudflare community. As a personal note, I love birthday week. I love guessing at presents, and I also share an important day with the Cloudflare birthday, so it's twice as important to me. As a quick reminder, at birthday week at Cloudflare, rather than receiving gifts, we give them away. In my home, we actually call this your unbirthday. It's like your birthday, and it happens just once a year. Birthday week is kind of the same idea as an unbirthday, but at Cloudflare, it's birthday week every day, all week long. So this week, starting on Monday, we announced durable objects and cron triggers for workers, two enhancements that redefine how people think about serverless. On Tuesday and Wednesday, it was about observability. That's of an Internet property or of the Internet itself. So on Tuesday, we announced a partnership with the Google Chrome team to bring Web Vital measurements to one of last year's gifts, Browser Insights. Web Vitals helps developers and site owners measure and understand load time, responsiveness, and visual stability. And with Cloudflare Browser Insights, Web Vitals are easier to measure than ever. It's free to anyone to collect data from the whole web. And later in the day, we went on and we unwrapped another new present, which was a brand new privacy -first analytics service. It's open to everyone, even if you're not already a Cloudflare customer. And if you are a customer, we've enhanced our analytics to make them even more powerful than they were before. On Wednesday, we introduced Cloudflare Radar. Internet traffic and attacks both ebb and flow and change over time. Cloudflare tracks this activity, the good activity and the bad activity. It shows up in our trends and details that we monitor to help us improve our services and protect our customers. Until today, this insight was available only to us at Cloudflare, but now we're launching the new service, Cloudflare Radar. That gives us visibility into these heretofore unshared patterns on the Internet. And the gifts kept giving. Yesterday, we announced API Shield. That makes it very simple to secure APIs through the use of a strong client certificate. And it's a schema -based validation. The API Shield's available free on all plans. Yesterday, I also announced that network time security is officially part of the collection of protocols that make the Internet work. And we've changed our time services to use the officially assigned port of 4460 for NTS key exchange. In June of last year, you may recall, we made the rationale behind our announcement. Over the past few months, we had announced Cloudflare time services in June of last year. And over the past few months, we've seen many users of the time services, but very few using the network time security. This leaves computers vulnerable to attacks that intimidate the server that they're using to obtain the network time protocol. So yesterday, we helped to reduce that risk. And we opened up more birthday presents this morning with the announcement of WordPress optimizations. WordPress is the most widely used content management system on the Internet. It runs somewhere between 30 and 38% of the sites. And we've provided a plugin for WordPress since 2016. The announcements today improve upon that and take it to the next level. Those were our 10th birthday week presents. But what did our community think that they were going to be unwrapping this week? We had a lot of guesses. And we're going to have to add some of those guesses to our 2021 birthday week wish list. Our community shipped their birthday gifts, and they thought they contained, in the performance category, Argo Tunnel and Cloudflare features, phasing out Railgun in favor of Argo Tunnel, and Polish ABIF support. In Registrar, there was wishes for more top-level domains being supported and Registrar-editable name servers. And for Warp, a lot of folks wanted to see Warp Desktop. And for our network, more people wanted to see more POPs. And in the workers category, we had a lot of good suggestions. More supported languages for Cloudflare Workers, reduced pricing for Cloudflare Workers, static hosting via workers, and more workers unbound. Perhaps the tissue wrapping was maybe a little too transparent or the tape didn't hold on the last gift, but we did have some very, very great guesses. In the plugin category, we had a guess for the Cloudflare WordPress plugin updates and support for native Cloudflare worker caching. That wraps up birthday week this year. We're very, very happy that you were able to join us for the week. And again, I'd encourage you, if you have the opportunity, catch some of the episodes and rebroadcasts that have been broadcast this week celebrating birthday week. The shows go into great detail talking about the future of the Internet, the future of Cloudflare. I'd also encourage you to explore this year's birthday week presents. The gifts that Cloudflare has given complement the gifts that we've already started to produce in prior years and they set the stage for the next 10 years of Cloudflare growth. I'd like to thank you for joining us on yesterday today and I'd like to thank you for your questions. I'm your host, Tim Clunan. I'll see you next time for a new edition of Yesterday Today. Until then, we'll see you in the Cloudflare community. Yesterday Today Yesterday Today Cloudflare Access can help prevent attacks that exploit vulnerabilities in the Remote Desktop Protocol, or RDP, by securing RDP ports and connections. This video will walk you through how to secure your RDP using Cloudflare Access. Securing RDP with Cloudflare Access is a four-step process. Step 1. Enable Access and create a policy. Step 2. Install Argo Tunnel and the Cloudflare D client. Step 3. Establish RDP connections with Argo Tunnel. And finally, Step 4. Configure RDP using Cloudflare Access. Before getting started, you need a Cloudflare account with at least one active domain. You can sign up for a free account by visiting Cloudflare .com. For this demo, my client machine is a Mac, and the active domain is orangeclouded.com. The target device is a Windows machine. I've enabled Access prior to filming this demo, so I'll show you how to create a policy. Creating an Access policy is important because without a policy in place, Access can't control who can reach your target machine during and after configuration. Using any active Cloudflare domain, navigate to the Access tab in the dashboard. To begin, create a policy for the hostname that prevents any traffic to that hostname from reaching your server. I'll reconfigure this policy to allow traffic once the setup is complete. In the policy creator, select Deny as the decision and under Include, select Everyone. This rule will prevent any requests to that hostname from bypassing Access. Now that I've set up the policy, I need to install Argo Tunnel on my target machine. Argo Tunnel ensures requests route through Cloudflare before reaching the web server so you can authenticate traffic with Access. Argo Tunnel uses Argo Smart Routing technology to route traffic over the fastest path within the Cloudflare network between the user and the data centers closest to your origin. To begin using Argo Smart Routing, navigate to the Traffic tab of the Cloudflare dashboard, click the Enable button, and follow the steps in the UI to set up usage-based billing. Now that you've enabled Argo Smart Routing, the next step is downloading CloudflareD to the target and client machine. CloudflareD is the software that runs Argo Tunnel. It's available for AMD64, x86, and ARMv6 machines in binary, deb, and RPM types. The code for the CloudflareD client is also available on GitHub. Download the CloudflareD version appropriate for your operating system, which in this case is Windows, and extract the zip file to access the executable file. I'm using the 64-bit version for this video. Run the CloudflareD executable to ensure it works properly on the target machine. To spin up a tunnel, you'll first need to log in with your CloudflareD account. Run CloudflareD login to open the login page in your web browser. If the browser fails to open, right-click the login URL and navigate to it in the browser. Log in using your Cloudflare username and password. After logging in, you'll see a list of domains associated with your account. Argo Tunnel connects your machine to the Cloudflare network by associating it with a hostname in your Cloudflare account. I'm going to locate the domain that I wish to use to represent my server and select its name in the table. Once you select the domain, CloudflareD will automatically install a certificate to authenticate your machine to the Cloudflare network for your specific hostname. Once CloudflareD installs the certificate, you'll see a success message in your browser and you can start using CloudflareD in Argo Tunnel. Now that I have the certificate, I need to go back and edit the access policy that I created before. Let's go back to the access app to change it. As you can see here, the original policy denied everyone. With this configuration, our Argo Tunnel wouldn't work. I'll change the policy to allow certain connections. You have the option to include via email or predefined groups. I'll choose to allow emails ending in orangecloud.com and click save to update the policy. Now, I'm ready to establish my RDP connections using Argo Tunnel. Argo Tunnel permits traffic over HTTP and HTTPS. CloudflareAccess opens a secure connection to proxy RDP traffic through the Cloudflare network. Make sure that RDP connections are enabled on the target machine. In Windows 10 or later, you'll see a RDP connection pro. You can do so by visiting settings, RDP connections, and then toggling them on. On the target machine, run the following command to assign the host name. Access will default to port 3389 for RDP connections. Now that we've created the tunnel, let's establish an RDP connection. For this, you need to install the CloudflareD software on your client machine as well. Do so using the same process we followed earlier. Make sure you download the correct version of CloudflareD for your operating system. You can initiate an RDP connection to a machine behind access with the following command. The command will initiate an RDP connection through a proxy to reach the corresponding CloudflareD daemon running on the server. You can specify any port on the local host in the command above. It does not need to match the port in use on the target machine. CloudflareD will proceed to launch a browser window that contains the same access login page you find when attempting to reach a web application. Select your identity provider and proceed to log in. If the browser window is not launched, you can also use the unique URL output in your command line. When you've successfully authenticated, the browser will return your token to CloudflareD in a cryptographic transfer and store it. The token is valid for the session duration configured by your access administrator. CloudflareD will store the token and use it to authenticate your requests. You can now configure your RDP client to point to localhost 2244 and begin your RDP session. This concludes the video walkthrough on securing RDP with Cloudflare Access. If you have any questions or want to use Access to secure other applications or resources, visit teams.Cloudflare.com backslash access. ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ...