djoka/bentopdf
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity
Files
dc86c780d617da627e65e5a6b780ba45aca939b1
bentopdf/docs/self-hosting/cloudflare.md

120 lines
2.6 KiB
Markdown
Raw Normal View History

feat: Add VitePress docs, EPUB to PDF tool, Phosphor icons, and licensing updates - Set up VitePress documentation site (docs:dev, docs:build, docs:preview) - Added Getting Started, Tools Reference, Contributing, and Commercial License pages - Created self-hosting guides for Docker, Vercel, Netlify, Cloudflare, AWS, Hostinger, Nginx, Apache - Updated README with documentation link, sponsors section, and docs contribution guide - Added EPUB to PDF converter using LibreOffice WASM - Migrated to Phosphor Icons for consistent iconography - Added donation ribbon banner on landing page - Removed 'Like My Work?' section (replaced by ribbon) - Updated licensing.html with delivery model, AGPL notice, invoicing, and no-refund policy - Added Commercial License documentation page - Updated translations table (Chinese added, marked non-English as In Progress) - Added sponsors.yml workflow for auto-generating sponsor avatars
2025-12-27 19:30:31 +05:30
# Deploy to Cloudflare Pages
[Cloudflare Pages](https://pages.cloudflare.com) offers fast, global static site hosting with unlimited bandwidth.
## Quick Deploy
1. Go to [Cloudflare Pages](https://dash.cloudflare.com/?to=/:account/pages)
2. Click "Create a project"
3. Connect your GitHub repository
## Build Configuration
| Setting | Value |
|---------|-------|
| Framework preset | None |
| Build command | `npm run build` |
| Build output directory | `dist` |
| Root directory | `/` |
## Environment Variables
Add these in Settings → Environment variables:
| Variable | Value |
|----------|-------|
| `NODE_VERSION` | `18` |
| `SIMPLE_MODE` | `false` (optional) |
## Configuration File
Create `_headers` in your `public` folder:
```
# Cache WASM files aggressively
/*.wasm
Cache-Control: public, max-age=31536000, immutable
Content-Type: application/wasm
# Service worker
/sw.js
Cache-Control: no-cache
```
Create `_redirects` for SPA routing:
```
/* /index.html 200
```
## Custom Domain
1. Go to your Pages project
2. Click "Custom domains"
3. Add your domain
4. Cloudflare will auto-configure DNS if the domain is on Cloudflare
## Advantages
- **Free unlimited bandwidth**
- **Global CDN** with 300+ edge locations
- **Automatic HTTPS**
- **Preview deployments** for pull requests
- **Fast builds**
## Troubleshooting
### Large File Uploads
Cloudflare Pages supports files up to 25 MB. WASM modules should be fine, but if you hit limits, consider:
```bash
# Split large files during build
npm run build
```
### Worker Size Limits
If using Cloudflare Workers for advanced routing, note the 1 MB limit for free plans.
feat(cors-proxy): add anti-spoofing security measures Security improvements for the Cloudflare Worker CORS proxy: - Add rate limiting per IP (60 requests/minute) using Cloudflare KV - Add file size limit (10MB max) to prevent abuse - Add HMAC signature verification (optional, for deterrence) - Add timestamp validation to prevent replay attacks - Block private IP ranges (localhost, 10.x, 192.168.x, 172.16-31.x) Client-side changes: - Add signature generation in digital-sign-pdf.ts - Add security warning about client-side secrets Documentation: - Update README with production security features - Update docs/self-hosting/cloudflare.md with CORS proxy section - Document KV setup for rate limiting - Add clear warnings about client-side HMAC limitations Files changed: - cloudflare/cors-proxy-worker.js - cloudflare/wrangler.toml - src/js/logic/digital-sign-pdf.ts - README.md - docs/self-hosting/cloudflare.md
2026-01-05 13:43:39 +05:30
## CORS Proxy Worker (For Digital Signatures)
The Digital Signature tool requires a CORS proxy to fetch certificate chains. Deploy the included worker:
```bash
cd cloudflare
npx wrangler login
npx wrangler deploy
```
### Security Features
| Feature | Description |
|---------|-------------|
| **URL Restrictions** | Only certificate URLs allowed |
| **File Size Limit** | Max 10MB per request |
| **Rate Limiting** | 60 req/IP/min (requires KV) |
| **Private IP Blocking** | Blocks localhost, internal IPs |
### Enable Rate Limiting
```bash
# Create KV namespace
refactor: move all TypeScript interfaces to centralized src/js/types folder - Create type files with barrel export via @/types alias - Update logic files to use centralized type imports
2026-01-05 14:57:30 +05:30
npx wrangler kv namespace create "RATE_LIMIT_KV"
feat(cors-proxy): add anti-spoofing security measures Security improvements for the Cloudflare Worker CORS proxy: - Add rate limiting per IP (60 requests/minute) using Cloudflare KV - Add file size limit (10MB max) to prevent abuse - Add HMAC signature verification (optional, for deterrence) - Add timestamp validation to prevent replay attacks - Block private IP ranges (localhost, 10.x, 192.168.x, 172.16-31.x) Client-side changes: - Add signature generation in digital-sign-pdf.ts - Add security warning about client-side secrets Documentation: - Update README with production security features - Update docs/self-hosting/cloudflare.md with CORS proxy section - Document KV setup for rate limiting - Add clear warnings about client-side HMAC limitations Files changed: - cloudflare/cors-proxy-worker.js - cloudflare/wrangler.toml - src/js/logic/digital-sign-pdf.ts - README.md - docs/self-hosting/cloudflare.md
2026-01-05 13:43:39 +05:30
# Add to wrangler.toml with returned ID:
# [[kv_namespaces]]
# binding = "RATE_LIMIT_KV"
# id = "YOUR_ID"
npx wrangler deploy
```
### Build with Proxy URL
```bash
VITE_CORS_PROXY_URL=https://your-worker.workers.dev npm run build
```
> **Note:** See [README](https://github.com/alam00000/bentopdf#digital-signature-cors-proxy-required) for HMAC signature setup.
Reference in New Issue Copy Permalink