Brad Baker

What is managed hosting?

Managed hosting is a common marketing term many web hosts are now using. It means different things to different people, but let’s explain what it means to you as our customer.

  • People. The person who you interact with will personally have the access and authority to resolve or action your request. None of our support is outsourced.
  • Product. We’re not just providing you a hosting service, we are providing you a fully managed product. You tell us what you need, we make it happen. For example you may ask: “Please duplicate this existing website of mine to a new location” or “I need a new WordPress site setup on this domain”. We do the rest.
    We don’t just give you what you asked for, we go further and setup our tools to give you what you need (as well as what you asked for) not only caring for your current needs, but also anticipating what you will need in the future.
  • Systems. We have systems in place to proactively monitor, audit and resolve any security and website issues. This is in your best interests as it means less problems (or none at all) with your websites. We know of any issues and resolve them before you even notice.
  • Speed. We want you to have the fastest loading website you can. We work with you to optimise and setup our custom caching and speed solutions. Some of these may include CDN, NGINX, FastCGI, Redis Database query caching.
  • Security. The internet is a dangerous place, so we have setups that automatically block bad traffic and malicious login attempts and well known hacks.
    We monitor live certain key files on your website to ensure that none of them have been modified without your knowledge. We update your website and any plugins (WordPress/Joomla) for you. This isn’t a paid add-on, we offer it free for all customers.
  • Backups. You’ve heard of them, have you had to use them? Was it easy? We provide free off server backups to you, so you have access to them at the same time we do. We provide you a tool in your website that allows you to restore from these backups at any time.
  • DNS and Domains. We provide a fully managed DNS service to you. You don’t have to understand DNS to work with us, we will look after it all for you. SPF, DKIM, DDNSEC, CNAME, AAAA, SSL etc, we know all this so you don’t have to.
  • Flexibility. There is no one size fits all solution, so we will tailor the hosting solution to meet you and your customers needs. As your site grows, we grow with you.

Read further details on our Cloud Server offerings here. Contact us for a custom quote.

Further Cloudflare Security – Authenticated Origin Pulls

Further Cloudflare Security – Authenticated Origin Pulls

Previously we posted about the importance of ensuring that all traffic to your website is actually going via Cloudflare (if you use Cloudflare in this way).

Quick recap, why is this so important?

Unless you ensure this is the case a malicious actor could possibly reach your content/website via your server IP address. Ensuring that only traffic via Cloudflare is accepted secures your web site or app and means that other tools (like Cloudflare Access, Workers etc can work correctly) can also be used to enhance your security.

So, Authenticated Origin Pulls

In plain English, your web server presents a cryptographic signature and says that only if the visitor presents the other part of the certificate should they be allowed to load the web page. Your web server actually enforces this. This way, if traffic does not come from Cloudflare, it will be rejected.

Limitation: You will only be able to configure this if you have full access to your web server ie root access, VPS, dedicated server etc. A basic level of knowledge of server administration is required.

Setup

There are 3 steps involved. I’ll provide an example below for NGINX. Apache is just as easy.

  1. In your Cloudflare dashboard enable Authenticated Origin Pulls, a quick link to this page in your account is here. Please note, enabling this now is a good idea, it will allow Cloudflare the few minutes it needs to start sending the one part of the cryptographic signature from all parts of their network. Until you start to enforce it (step 3) there will be no change or downtime on your web site.
  2. Download the certificate Cloudflare provides for this purpose. You can find it here. Save this to your server, a good location is:

    /etc/ssl/certs/cloudflare.crt

    (other locations are probably quite acceptable)
  3. Now update your Nginx configuration to use Authenticated Origin Pulls. Open the configuration file for your domain, or include the following: 
ssl_client_certificate /etc/ssl/certs/cloudflare.crt;
ssl_verify_client on;

At this point, the moment you restart NGINX, your web server will ensure that only traffic via Cloudflare will be permitted.

Test

Test things by visiting your website directly via the IP address. You should see something like:

400 Bad Request

No required SSL certificate was sent

openresty

That’s it! A huge step in securing your server has now been completed. Any issues/questions please let us know in the comments below. Keep safe!

Yes, our URL (website link) has changed

Some of you may have noticed that our website URL has changed from xyzulu.hosting to xyzuluhosting.com

For some time we have been watching the price of our domain name xyzulu.hosting climb well past $500 AUD per year, and we just can’t justify spending that much on a domain name when a .com costs just $23 per year. So, we’ve moved over to xyzuluhosting.com as of today. We will be redirecting traffic and emails sent directly to our support email address for at least 12 months more. In any case, if you notice the change, you can be assured nothing else is changing with our services.

Scroll to Top