[Support Guide] Why not proxy to Netlify?

Netlify runs a CDN backed by several separate network service providers, and our CDN automatically routes your web visitors’ traffic to a network-nearby server to give them the fastest possible response time…as long as you let their browsers talk directly to our CDN!

We know you want your your web traffic to be fast; your deploys and rollbacks to be atomic; and your Analytics data to be useful. Additionally, we also want your site to be the most secure it can be - hence our commitment to securing your site with an automatic SSL certificate.

If you proxy to Netlify, you’ll have problems with all of the above since those features of our service are only possible if you configure your DNS to point directly to Netlify, rather than through a proxy server or service. Why’s that?

Let’s dig in!

There are many capable network providers out in the world - from the Google and Amazon sized giants, through more CDN-specific offerings like Cloudflare and Akamai and fast.ly. We do not disagree - they’re great at what they do! Heck, our CDN is partially powered by Google and Amazon’s cloud offerings. But, when you use them in front of Netlify’s CDN, they break all of those great features I described above.

Here’s why putting a proxy in front of our network is a bad idea:

  1. Speed: putting an extra network hop like Cloudflare or fast.ly in front of us adds another point of failure in the request path, and “more network hops” has never been a thing that makes a site load faster.
  2. Atomic rollbacks and deploys: Most CDN providers cache some content, which can break our atomic rollbacks and deploys - making sure your site content is consistent across all browsers accessing the site at any specific moment in time.
  3. More accurate analytics: Our Analytics service counts IP addresses to approximate “Unique Visitors”. if you put Cloudflare in front, only Cloudflare’s IP’s talk to us, so you get situations like “104 unique visitors loaded how many hundred thousand pages?”
  4. Automatic SSL encryption: Our automatic SSL certificates are only possible if we, not another provider, serves your site. We need not host your DNS, we just have to be what your DNS points to, directly.
  5. Quicker, more straightforward help: And finally, we can’t usefully provide tech support when there’s a “black box” between the browser and our service. The owners of the black box may be able to, but we can’t help, no matter how much you pay us, with what we can’t see.

This article goes into some more depth about how to configure Cloudflare’s DNS to NOT proxy to us, and goes into more details about the specific pitfalls we’ve seen before using Cloudflare “in front of” Netlify. Can you do it? Sure! Thousands do! But…the members of that group who’ve written in for tech support, the overwhelming majority of our “problem solved!” successful answers have been achieved by this answer: “it will work if you turn off that proxying…”

If you cannot change your proxying-to-Netlify configuration for some reason, you might try changing it to point to yoursitename.netlify.app instead of yoursitename.netlify.com due to our migration described here . But we will not provide any further tech support on that configuration as it causes all the problems listed in this article and we do not intend for people to configure their sites this way.

2 Likes