Cloudflare Caching

To minimize load on our servers, I would like to set Cloudflare to cache as much of the content as possible.
I'm assuming that any image files or anything with a css/js/json file extension is safe to cache.
Obviously we can't cache html content for logged-in users, since there is user-specific data included in the headers.
As far as I can tell, it should be safe to cache html content for guests as long as the TTL is short (guests cannot post on our site, if that's relevant). However, it's not clear how we can implement that. The express.sid cookie is set for guests, so we can't just cache when that cookie is absent. It should be possible to set a custom cookie on login and clear that cookie on logout, but I can't find anywhere to set that cookie. I'm using a fork of https://github.com/julianlam/nodebb-plugin-sso-oauth, and the only place I can find a res object is https://github.com/julianlam/nodebb-plugin-sso-oauth/blob/master/library.js#L124, but setting the cookie fails because res.cookie is undefined.

Is there any way I can set a custom cookie on login, or ensure that NodeBB does not set an express.sid cookie for guests?

@chartung can CloudFlare just cache by respecting the cache control headers? That'd be the easiest and I'd be surprised if it could not.

@chartung can CloudFlare just cache by respecting the cache control headers? That'd be the easiest and I'd be surprised if it could not.

To minimize load on our servers, I would like to set Cloudflare to cache as much of the content as possible.
I'm assuming that any image files or anything with a css/js/json file extension is safe to cache.
Obviously we can't cache html content for logged-in users, since there is user-specific data included in the headers.
As far as I can tell, it should be safe to cache html content for guests as long as the TTL is short (guests cannot post on our site, if that's relevant). However, it's not clear how we can implement that. The express.sid cookie is set for guests, so we can't just cache when that cookie is absent. It should be possible to set a custom cookie on login and clear that cookie on logout, but I can't find anywhere to set that cookie. I'm using a fork of https://github.com/julianlam/nodebb-plugin-sso-oauth, and the only place I can find a res object is https://github.com/julianlam/nodebb-plugin-sso-oauth/blob/master/library.js#L124, but setting the cookie fails because res.cookie is undefined.

Is there any way I can set a custom cookie on login, or ensure that NodeBB does not set an express.sid cookie for guests?

To minimize load on our servers, I would like to set Cloudflare to cache as much of the content as possible.
I'm assuming that any image files or anything with a css/js/json file extension is safe to cache.
Obviously we can't cache html content for logged-in users, since there is user-specific data included in the headers.
As far as I can tell, it should be safe to cache html content for guests as long as the TTL is short (guests cannot post on our site, if that's relevant). However, it's not clear how we can implement that. The express.sid cookie is set for guests, so we can't just cache when that cookie is absent. It should be possible to set a custom cookie on login and clear that cookie on logout, but I can't find anywhere to set that cookie. I'm using a fork of https://github.com/julianlam/nodebb-plugin-sso-oauth, and the only place I can find a res object is https://github.com/julianlam/nodebb-plugin-sso-oauth/blob/master/library.js#L124, but setting the cookie fails because res.cookie is undefined.

Is there any way I can set a custom cookie on login, or ensure that NodeBB does not set an express.sid cookie for guests?

If I turn off Cloudflare proxy, the problem stops. Also, my setup is like this:

internet -> Cloudflare -> HAProxy —vpc-> NodeBB servers

I'm wondering if I need to configure something between Cloudflare and the proxy?

To minimize load on our servers, I would like to set Cloudflare to cache as much of the content as possible.
I'm assuming that any image files or anything with a css/js/json file extension is safe to cache.
Obviously we can't cache html content for logged-in users, since there is user-specific data included in the headers.
As far as I can tell, it should be safe to cache html content for guests as long as the TTL is short (guests cannot post on our site, if that's relevant). However, it's not clear how we can implement that. The express.sid cookie is set for guests, so we can't just cache when that cookie is absent. It should be possible to set a custom cookie on login and clear that cookie on logout, but I can't find anywhere to set that cookie. I'm using a fork of https://github.com/julianlam/nodebb-plugin-sso-oauth, and the only place I can find a res object is https://github.com/julianlam/nodebb-plugin-sso-oauth/blob/master/library.js#L124, but setting the cookie fails because res.cookie is undefined.

Is there any way I can set a custom cookie on login, or ensure that NodeBB does not set an express.sid cookie for guests?

> @chartung said:
>
> Is there any way I can set a custom cookie on login, or ensure that NodeBB does not set an express.sid cookie for guests?

I'd like to get back to this question. Bots are hammering my site and CF Super Bot Fight mode isn't picking up new bots for me. I don't want to enable "Under Attack Mode" forever — it's not recommended.

One solution is to serve up cached items to the bots from CF but I don't want to be overly aggressive caching for users.