Cloudflare Workers is a serverless computing platform that enables developers to deploy and execute JavaScript code at the edge of Cloudflare's global network. Cloudflare Workers allow developers to write serverless functions that run directly on Cloudflare's edge servers. Cloudflare Workers can build various applications, including serverless APIs, dynamic websites, and real-time applications. They are also highly scalable and can handle large volumes of traffic. Traceable integrates with Cloudflare workers to collect data for further analysis. The following is a high-level architecture diagram:
Traceable Cloudflare worker captures the data from Cloudflare and sends it to the Traceable Platform agent. Note that the request from the Cloudflare worker to the Traceable Platform agent does not block the user request.
Note
Traceable’s Cloudflare worker intergrations is applicable only when Cloudflare is used as a proxy. If Cloudflare is configured as DNS only option, then the network traffic bypasses Cloudflare network including workers and hence not captured by Traceable.
Before you begin
Make sure to take note of the following points before proceeding with the configuration:
Ensure that a website is available through Cloudflare. In Cloudflare, a website refers to a web application or a set of web pages hosted on a server and accessed by users over the internet.
Download Traceable's JavaScript code for Cloudflare from Traceable's download site. Navigate to agent → cloudflare → latest.
Ensure the Traceable platform agent (TPA) is installed, and you have its URL. For more installation information, see Platform agent.
Ensure the connectivity between the Cloudflare worker and the TPA server to export data to TPA.
Important
The Traceable Platform Agent must:
Be enabled for TLS with port 443 available.
Use a signed CA certificate. Self-signed certificates and non-standard TLS ports are not supported for CloudFlare Workers subrequests.
Configuration
Configuring a Cloudflare Worker for Traceable consists of two critical steps:
Creating a Worker — This step involves deploying a dedicated Cloudflare Worker that integrates Traceable's JavaScript code. The worker is an intermediary that captures and forwards API traffic for analysis, ensuring Traceable can effectively monitor and secure your application traffic.
Enabling Workers on a Website—Once the worker is created, it must be associated with your website through worker routes. This ensures the worker is active for the desired traffic patterns, enabling Traceable to collect and analyze API requests seamlessly.
Step 1 – Create a worker
Log in to your Cloudflare account.
Click on the Worker & Pages menu and click Get started to create a new worker.
Provide a unique worker name and click Deploy.
After a successful deployment, click on the Edit Code button.
Copy the JavaScript code that you downloaded as part of the Before you begin steps and replace the existing JavaScript. Ensure that you configure the Traceable Platform agent as shown below. You can optionally also configure the service name.
Click Deploy.
Step 2 – Enable the worker on a website
Complete the following steps to enable the worker on a website:
Click on the Website menu and select the Website for which you wish to enable the worker.
On the Website Overview page, click on the Worker Routes menu.
On the Worker Routes page, click on Add Route. Configure the Route, service, and environment and click on Save.
If you wish to capture traffic on every subdomain and all the paths of your Website, use *your-webiste.com/*
If you wish to capture traffic for a specific domain, use www.your-website.com/*
If you wish to capture traffic for a subset of paths, you can use your-website.com/some-path/*
Verification and troubleshooting
Send traffic through your domain. Log in to the Traceable Platform to view the traffic. Complete the following steps:
Navigate to Catalog → API Endpoints.
Click on the Cloudflare API. On the API details page, click on the Traces tab.
Click on a trace to expand the trace details.
Click on the Attributes tab to verify the configuration's success.
If the request and response are not captured, check the Content-Type header. Request and response bodies are captured only if a Content-Type header is present and includes either json
or xml
as a substring. You can configure additional types by modifying the capture_content_types
configuration options of the Worker script mentioned above.
INSTALL_OPTIONS = {
"tpa_address": "https://REPLACE_WITH_TPA_HOST",
"enable_debug": false,
"service_name": "website",
"capture_content_types": ["json", "xml", "grpc"]
};
Remove routes and service
If you wish to remove routes and services, complete the following steps:
Remove routes
Navigate to the Worker Routes page. Under HTTP Routes, click the Edit link for the route you wish to remove.
Select the service and environment and click on Remove.
Remove a service
Navigate to Cloudflare Dashboard and click on Workers.
On the Workers page, select the service that you wish to remove.
On the service page, click on the Manage Service button.
On the manage settings page, click Delete under the Delete Service section.