User Tools

Site Tools


The Cloudflare cPanel Plugin for Resellers/Hosting Providers

The cPanel Cloudflare plugin boasts many benefits that you pass on to your clients when you install it:

  • Your clients are able to enable Cloudflare on their domain in just a few clicks.
  • The clients websites that are put on Cloudflare's network are optimized via Cloudflare's global CDN.
  • Overall performance boost on all Cloudflare hosted domains with less requests and thus less bandwidth and decreased server loads, increased page speeds, and DDOS protection.
  • Cloudflare users are some of the first to benefit from the latest advancements in web technology, such as HTTP/2, Brotli, Universal Free SSL, DNSSEC, etc., and this trend is expected to continue.
  • Several security protections are enabled by default and attacks can be blocked at the network level.

The cPanel plugin is for Certified Cloudflare Hosting Partners. There are two options for the type of Cloudflare partner you can be, but you must be one of these in order to use the cPanel Cloudflare plugin for your reseller hosting. The two options are:

  • Hosting Partner
  • Enterprise Partner

The Hosting Partner is the reseller/server admininstrator that wants to distribute Cloudflare's free plans to customers, either through the API or control panel plugins. The Enterprose partner will resell and manage Cloudflare's paid Enterprise plans. This article focuses primarily on those Hosting Partners that will be using the Cloudflare cPanel control panel plugin.

How To Become a Cloudflare Hosting Partner

First, you must apply. You must fill out and submit the following application to Cloudflare in order to become a Hosting Partner:

1)Cloudflare partnership portal

You must provide your Company Name, Type of Business, Company URL, Contact First Name, Last Name, and Email Address. It can take up to two business days before you receive a decision from Cloudflare regarding the application. Once you receive your approval, you can then implement the self-serve mechanism you choose to use, whether it be the API or a panel-specific plugin. Let's discuss the cPanel Cloudflare plugin.

Installing the Cloudflare Plugin for cPanel

First of all, you must log into Cloudflare and get your API Key. 2)Cloudflare Managing API Tokens and Keys

Then, you must SSH into your server as the root user:

  ssh root@XXX.XX.XX.XX -p2200

Next, since you may have a lot of Cloudflare IPs connecting to your server at any given time, you will want to whitelist those IPs in the firewall to prevent them from being blocked due to the firewall's connection limits:

  curl | while read E; do echo "$E # CloudFlare" >> /etc/csf/csf.allow; done && curl | while read E; do echo "$E # CloudFlare" >> /etc/csf/csf.ignore; done && curl | while read E; do echo "$E # CloudFlare" >> /etc/csf/csf.allow; done && curl | while read E; do echo "$E # CloudFlare" >> /etc/csf/csf.ignore; done && csf -ra

The plugin installation will also install Mod_Cloudflare to ensure that Apache logs the actual visitor IPs rather than Cloudflare IPs in the domain access logs. This will help you to track abusive traffic and will also assist the accuracy or any statistical log analysis software you may use, such as Awstats. Next, you will actually be installing the plugin using the following command:

  bash <(curl -s -k [YOUR_HOST_API_KEY] -n '[YOUR_COMPANY_NAME]'

Be sure to replace [YOUR_HOST_API_KEY] and [YOUR_COMPANY_NAME] with the appropriate values.

Once the installation is complete, your customers will have 2 different options to use Cloudflare. They can either do so via CNAME setup on their subdomains, or they can enable Full DNS setup, which will make Cloudflare their Authoritative Nameservers. The default option is the CNAME setup. Both options will require that they are able to make advanced DNS changes via the panel. This means that you will need to ensure that either the Advanced Zone Editor or both Zone Editors in cPanel are enabled for your users via WHM's Feature Manager (Home »Packages »Feature Manager »Feature Lists) 3)cPanel Predefined feature lists You will select the Feature List that your Cloudflare clients will be using from the "Manage feature list" and then click the "Edit" button. Alternatively, you could click "Add Feature List" under "Add a new feature list" to add a new feature list for your Cloudflare clients. Below you will see that there are two DNS Zone Edit options under the feature list and only one of those is enabled by default. Both need to be enabled in order to allow the Cloudflare reseller plugin to function.

Check the box next to the second option and then click "Save".

Full DNS is recommended because it will mean that Cloudflare optimizations and protections will be available at the root domain as well as any subdomains. CNAME setup cannot be disabled, however, you can control whether or not to allow the Full DNS option.

If you are using an older version of the Cloudflare plugin, you can edit the config.js in the following location:


You must set the following to 'true' to allow Full DNS setup:

  "featureManagerIsFullZoneProvisioningEnabled": false

For newer Cloudflare plugins, such as newly installed plugins, you will edit the following file:


If the file doesn't exist, but the config.json.sample file does, just copy the config.json.sample to config.json and edit accordingly.

  cd /usr/local/cpanel/base/frontend/paper_lantern/cloudflare
  cp -a config.json.sample config.json
  nano config.json

Here are the contents of the edited file (true was by default set to false):

    "debug": false,
    "featureManagerIsFullZoneProvisioningEnabled": true,
    "locale": "en"

This enables both the CNAME and Full DNS setups for your clients.

Another option that you may want to enable is the ability to expose SSL settings via the plugin interface by adding the string "SSLCard" to the to the config.js "" setting:

Before editing:

  [“SecurityLevelCard”, “ChallengePassageCard”, 

After editing:

  [“SecurityLevelCard”, “ChallengePassageCard”, 
  “BrowserIntegrityCheckCard", "SSLCard"]

Now, your clients can easily optimize their sites with Cloudflare directly through their panel!

Keeping the Plugin Updated

To update the plugin, all you have to do this run the following command as the root user via SSH (remember that KnownHost uses a non-default port 2200 for SSH):


You may consider adding this to a cron and running it once a week or so to keep the plugin updated automatically.

Cloudflare has issued a warning that this command may not work, though and provided a workaround if so. 4)Cloudflare installation guide for cPanel plugins If you notice that your Clouflare plugin is not being updated, you can use the following command instead to reinstall the plugin:

  bash <(curl -s -k [YOUR_HOST_API_KEY] -n '[YOUR_COMPANY_NAME]'

All customer data is stored in the following location and should be left untouched with a reinstall:


To be safe, you can make copies of these files using the following command:

  cp -pa /home/*/.cpanel/datastore/cloudflare_data.yml /root/support/cloudflare-plugin-data/

To check what version of the plugin you are using, you can use the following command:

  grep version /usr/local/cpanel/base/frontend/paper_lantern/cloudflare/config.js

cPanel Cloudflare Plugin and Clients

When using the Cloudflare Reseller Plugin, there will be no need to request that the clients install the Wordpress Cloudflare plugin. The Wordpress Cloudflare plugin is used for logging actual visitor IPs, but the Cloudflare Reseller Plugin will do this for you via the Apache module Mod_Cloudflare which is installed along with the Reseller Plugin. These are just a few more 'ease of use' benefits of the Cloudflare Reseller plugin.

developmental/cloudflare-for-resellers.txt · Last modified: 2020/06/11 14:19 by Karson N.