A Ghost blog (not a blog about ghosts).

Installing mod_cloudflare on a Joyent SmartMachine

CloudFlare is a great service and I’ve been using for my horrell.ca site for some time. It speeds everything up, acts as a firewall protecting your site from bots and jerks, and also provides IPv6 support. One side affect of using CloudFlare is the Apache logs for your site will show IP addresses from the CloudFlare network for any site visitors rather than the true visitors IP address. You can fix that by installing the mod_cloudflare Apache module.

Here’s how to install it on a new Joyent SmartMachine

  1. First, download the mod_cloudflare.c source file from CloudFlare’s Github repos (the -L flag makes sure curl follows any redirects):

    curl -OL https://raw.github.com/cloudflare/CloudFlare-Tools/master/mod_cloudflare.c
  2. Install the gcc compiler:

    pkgin install gcc47
  3. Now compile and install the module:

    apxs -c -i mod_cloudflare.c

    If you have a 64 bit machine, you’ll need to use something like this instead:

    apxs -Wc,-m64 -Wl,-m64 -c -i mod_cloudflare.c
  4. Set the permissions:

    chmod 755 /opt/local/lib/httpd/mod_cloudflare.so
  5. Add this to /opt/local/etc/httpd/includes/dso.conf (this will load the module when Apache starts):

    LoadModule cloudflare_module lib/httpd/mod_cloudflare.so
  6. Now refresh Apache to load the module:

    svcadm refresh apache

And that’s it! If you check your Apache logs (/var/log/httpd/access.log or /home/NAMEOFSITE/logs/access.log) you should start seeing accurate IP addresses.

You can check if the installation went smoothly with:

svcs -vx apache

If Apache is in maintenance, chances are something went wrong with loading the module. The /var/svc/log/network-apache:default.log service log file will give an idea of what you need to fix.

Periodically, CloudFlare adds new IP addresses to their network, so you’ll need to reinstall the module. You don’t need to do anything special for that, just repeat the above steps using the updated mod_cloudflare.c. source file. I follow the git repos for changes (which doesn’t happen that often).