Tag Archives: Cloudflare

Bye-Bye Synology, Hello Mac Mini

I had been using my Synology NAS for a few months now. However, as I started to do more and more with it, its inherent lack of processing power started to irk me. The CPU was too slow, the RAM too limited. More than that, its ugliness on my living room shelf disgusted me. Eventually, I decided to replace it with a Mac Mini.

Synology DS224+ next to my Mac Mini
Synology DS224+ next to my Mac Mini

Since I was anyways using the NAS more as a computer than for storage (a measly few hundred GBs), the choice was not difficult. I got a good deal on a used Mac Mini M2 Pro and went about migrating my data and services from the Synology.

Remote Access

Since I planned to use the Mac Mini as a headless server, the first thing I needed to do during setup was enable remote access. I used my TV as the initial display. Luckily, macOS has built-in VNC & SSH servers and enabling them was as simple as checking a few boxes.

Remote Management and Remote Login, macOS
Remote Management and Remote Login, macOS
Remote Management, macOS
Remote Management, macOS

With an Apple only environment, you can have better security by

  1. Selecting the “Remote Management”, not the “Screen Sharing” option
  2. Not selecting the “VNC viewers may control screen with password”
  3. Using VNC over SSH when connecting with clients over the internet

The above will break compatibility with most commercial VNC applications. I like Screens 5 & Termius for VNC and SSH respectively. Both apps are paid, but quite powerful.

After verifying that remote access was working, I disconnected the TV, keyboard and mouse for good & haven’t needed them since.

Docker & Threadfin

The service I was most worried about was Threadfin, because it is not natively supported on the Mac and I need to run it within docker.

Thankfully, docker desktop works quite seamlessly on the Mac and the settings & environment variables look similar to container manager on Synology. My only problem was, I couldn’t get the container to auto-start after reboots, using environment variables in the GUI. Eventually, I could get it to work via the terminal

docker update --restart always <container_id>

Once it worked, I could clearly see the performance difference. While on Synology, the container took approx 2-3 mins from start to being usable, on the Mac, it takes less than 10 seconds.

PS: You can’t fetch new images from docker’s repository till you click on the verification link sent via email, if you have created a new account.

CloudflareTunnel

Cloudflare tunnel is installed via homebrew. It is as simple as copy/pasting a few commands via Terminal. Since the configuration of the tunnel is handled from the Cloudflare dashboard, there are no further steps required on the Mac itself.

Bonus feature, Cloudflare also allows you to setup VNC & SSH connections to your device, exposing a web interface to any browser you want to use it with. Over the same tunnel.

Plex & Homebridge

Plex is supported natively on the Mac and installing it is as easy as mounting the disk image. It detected Threadfin as a DVR fairly easily.

At first, Plex refused to detect media content from my external SSD, which was an APFS encrypted volume. However, after erasing it and setting it up as un-encrypted, it was detected fairly quickly. Funnily, once I encrypted it again, it continued to work, so I am not sure what the original problem was.

Homebridge is also natively supported on the mac and is installable via homebrew. Thankfully it comes with backup/restore functionality out-of-the-box, which worked seamlessly. Just had to keep in mind 2 things:

  1. The plugins are not backed up and restored, so these need to be installed on the new machine manually before restoring the backup
  2. I had to delete the bridge from my home app and add it again for my device status to work properly.

Backblaze Backup

Unlike my NAS, there’s no disk redundancy on the mac, so I chose to subscribe for Backblaze’s backup service. It is quite cheap, allows unlimited storage and if you need, they can even send you a USB drive to restore your content from.

Backblaze backup on macOS
Backblaze backup on macOS

It took around 2 days for the client to upload all my data in auto-throttled mode.

qBittorrent

For macOS, most people recommend Transmission to download torrents and the app itself is rock-solid, however, it is lacking support for RSS feeds. One can use add-ons like flexget to enable this, but I couldn’t get it to work.

Eventually, I settled for qBittorrent, which, although dated, has all the necessary features and works quite well. Its web UI is near-unusable on mobile phones, though and I couldn’t find a client on the App Store which works well, yet.

qBittorrent v5.0.5 on macOS
qBittorrent v5.0.5 on macOS

Resource & Environmental monitoring

I use TG Pro to monitor environmental parameters like temperature, fan speeds. It is a paid app, but is quite cheap and requires a one-time-payment only.

I use stats to monitor the CPU, GPU, Memory and bandwidth utilisation on the Mac. It is open-source and installable via homebrew.

Stats & TG Pro on Mac Menu bar
Stats & TG Pro on Mac Menu bar

Summary

Overall, what I miss most from my Synology is its easy-to-use web interface and cloud connectivity features, which worked seamlessly. Even after a lot of effort, I cannot achieve the same level of integration on the mac, as all the services are from separate providers & lack cohesion.

However, the sheer computing power and the lack of physical ugliness more than makes up for it.

Cloudflare

I had dabbled with CDN before (LiteSpeed, Jetpack), but a recent requirement around my NAS required me to move my DNS service to Cloudflare. So I thought, why not use their CDN, too and compare the before and after performances?

For web traffic, you can use Cloudflare in two modes

  1. DNS only
  2. DNS plus Proxy

As the names say, the first option uses Cloudflare servers as your authoritative name servers, but your traffic goes straight to your original server. There’s no caching and there’s no CDN.

Turning on the proxy is where the real benefits are supposed to be visible. I used their free plan for testing.

As you can see, I used various tools to test the difference in performance.

Network Latency

Being a network engineer, the first thing I tested was network latency difference between my web server and Cloudflare’s proxy.

I tested from Thailand, and as expected, Cloudflare’s proxy has significantly lower latency compared to my web server, which is based in the US. The benefits may be lower if tested from the US itself.

Pings to domain resolving to web serverPings to domain resolving to Cloudflare’s proxy
Web Server vs Cloudflare proxy Proxy Ping Results

Average 224ms latency vs 36ms.

This means that my users can experience better Round Trip Times to my website globally by connecting to their nearest CDN, instead of all focusing on one server in the US.

But ping is only part of the story. For real-life results, I used the below tools.

I ran all the tests raw with Cloudflare paused and WordPress plugin disabled. Then I re-ran the tests again, one day after enabling both.

Google PageSpeed Insights

Google PageSpeed Insights is an important tool, especially because Google uses this score as a metric to calculate its search engine Page Rankings. It is a bit simplistic, as in it doesn’t let you select a source server. But it does show results for both mobile and desktop.

Google PageSpeed Insights Mobile RawGoogle PageSpeed Insights Mobile Cloudflare
Google Pagespeed Insights Mobile, Raw vs Cloudflare
Google PageSpeed Insights Desktop RawGoogle PageSpeed Insights Desktop Cloudflare
Google Pagespeed Insights Desktop, Raw vs Cloudflare
Google PageSpeed Insights Desktop RawGoogle PageSpeed Insights Desktop Cloudflare

As you can see, there’s a minimal performance gain, which makes sense because Google’s servers are likely in the US, similar to mine.

DebugBear

DebugBear is similar to Google, but also shows a helpful graph of the different activities happening during your page load. Again, only US is available as a location for free.

DebugBear Mobile RawDebugBear Mobile Cloudflare
DebugBear Mobile, Raw vs Cloudflare
DebugBear Desktop RawDebugBear Desktop Cloudflare
DebugBear Desktop, Raw vs Cloudflare
DebugBear Mobile RawDebugBear Mobile Cloudflare
DebugBear Desktop RawDebugBear Desktop Cloudflare

As you can see, there’s an insignificant decrease in the load score for mobile, although desktop being perfect to begin with couldn’t be improved on.

Solarwinds Pingdom

Pingdom has an advantage over the last 2 tools in that it allows you to select a server location to test from. I chose Australia, being far from USA.

Pingdom rawPingdom Cloudflare
Solarwinds Pingdom, Raw vs Cloudflare
Pingdom rawPingdom Cloudflare

As you can see, there’s an insignificant amount of decrease in Pingdom’s score, but the load time and the number of requests are down significantly.

Wattspeed

Wattspeed’s lighthouse tool allows you to test for Desktop and Mobile separately, but doesn’t let you select a source server.

Wattspeed Lighthouse Mobile RawWattspeed Lighthouse Mobile Cloudflare
Wattspeed Lighthouse Mobile, Raw vs Cloudflare
Wattspeed lighthouse desktop RawWattspeed Lighthouse Desktop Cloudflare
Wattspeed Lighthouse Desktop, Raw vs Cloudflare

Significant increase in scores for both Desktop and Mobile.

Overall Verdict

Test ToolRaw ResultsCloudflare Results
Google PageSpeed (M)80/10084/100
Google PageSpeed (D)99/10099/100
DebugBear (M)71/10091/100
DebugBear (D)100/100100/100
Pingdom75/10074/100
Wattspeed (M)82/10099/100
Wattspeed (D)76/10084/100

The verdict is clear, in most cases, Cloudflare provides significant and measure-able improvements in page load times. Considering that the service is absolutely free, it is a no-brainer to use it.

However, performance benefits are not the only advantages

  1. Cloudflare will stop DDoS attacks on your website.
  2. Cloudflare allows you to set up firewall rules to block certain traffic to your website (eg on the basis of geolocation).
  3. Even if your website ever goes down, Cloudflare can continue exposing your website from its cache.