KNOWNHOST WIKI

User Tools

Site Tools


developmental:cloudflare-for-resellers

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
developmental:cloudflare-for-resellers [2020/01/03 13:36]
Karson N.
developmental:cloudflare-for-resellers [2020/06/11 14:19] (current)
Karson N.
Line 16: Line 16:
 The Hosting Partner is the reseller/server admininstrator that wants to distribute Cloudflare's free plans to customers, either through the API or control panel plugins. The Enterprose partner will resell and manage Cloudflare's paid Enterprise plans. This article focuses primarily on those Hosting Partners that will be using the Cloudflare cPanel control panel plugin.  The Hosting Partner is the reseller/server admininstrator that wants to distribute Cloudflare's free plans to customers, either through the API or control panel plugins. The Enterprose partner will resell and manage Cloudflare's paid Enterprise plans. This article focuses primarily on those Hosting Partners that will be using the Cloudflare cPanel control panel plugin. 
  
 +\\
 ===== How To Become a Cloudflare Hosting Partner ===== ===== How To Become a Cloudflare Hosting Partner =====
  
 First, you must apply. You must fill out and submit the following application to Cloudflare in order to become a Hosting Partner: First, you must apply. You must fill out and submit the following application to Cloudflare in order to become a Hosting Partner:
  
-https://www.cloudflare.com/partners/become-a-partner/+((https://www.cloudflare.com/partners/become-a-partner/))[[https://www.cloudflare.com/partners/become-a-partner/|Cloudflare partnership portal]]
  
 You must provide your Company Name, Type of Business, Company URL, Contact First Name, Last Name, and Email Address. It can take  up to two business days before you receive a decision from Cloudflare regarding the application. Once you receive your approval, you can then implement the self-serve mechanism you choose to use, whether it be the API or a panel-specific plugin. Let's discuss the cPanel Cloudflare plugin.   You must provide your Company Name, Type of Business, Company URL, Contact First Name, Last Name, and Email Address. It can take  up to two business days before you receive a decision from Cloudflare regarding the application. Once you receive your approval, you can then implement the self-serve mechanism you choose to use, whether it be the API or a panel-specific plugin. Let's discuss the cPanel Cloudflare plugin.  
  
 +\\
 ===== Installing the Cloudflare Plugin for cPanel ===== ===== Installing the Cloudflare Plugin for cPanel =====
  
-First of all, you must log into Cloudflare and get your API Key. ((https://support.cloudflare.com/hc/en-us/articles/200167836-Managing-API-Tokens-and-Keys ))+First of all, you must log into Cloudflare and get your API Key. ((https://support.cloudflare.com/hc/en-us/articles/200167836-Managing-API-Tokens-and-Keys ))[[https://support.cloudflare.com/hc/en-us/articles/200167836-Managing-API-Tokens-and-Keys|Cloudflare Managing API Tokens and Keys]]
  
 Then, you must SSH into your server as the root user: Then, you must SSH into your server as the root user:
 +<code>
   ssh root@XXX.XX.XX.XX -p2200   ssh root@XXX.XX.XX.XX -p2200
 +</code>
  
 Next, since you may have a lot of Cloudflare IPs connecting to your server at any given time, you will want to whitelist those IPs in the firewall to prevent them from being blocked due to the firewall's connection limits: Next, since you may have a lot of Cloudflare IPs connecting to your server at any given time, you will want to whitelist those IPs in the firewall to prevent them from being blocked due to the firewall's connection limits:
 +<code>
   curl https://www.cloudflare.com/ips-v6 | while read E; do echo "$E # CloudFlare" >> /etc/csf/csf.allow; done && curl https://www.cloudflare.com/ips-v6 | while read E; do echo "$E # CloudFlare" >> /etc/csf/csf.ignore; done && curl https://www.cloudflare.com/ips-v4 | while read E; do echo "$E # CloudFlare" >> /etc/csf/csf.allow; done && curl https://www.cloudflare.com/ips-v4 | while read E; do echo "$E # CloudFlare" >> /etc/csf/csf.ignore; done && csf -ra   curl https://www.cloudflare.com/ips-v6 | while read E; do echo "$E # CloudFlare" >> /etc/csf/csf.allow; done && curl https://www.cloudflare.com/ips-v6 | while read E; do echo "$E # CloudFlare" >> /etc/csf/csf.ignore; done && curl https://www.cloudflare.com/ips-v4 | while read E; do echo "$E # CloudFlare" >> /etc/csf/csf.allow; done && curl https://www.cloudflare.com/ips-v4 | while read E; do echo "$E # CloudFlare" >> /etc/csf/csf.ignore; done && csf -ra
 +</code>
  
 The plugin installation will also install Mod_Cloudflare to ensure that Apache logs the actual visitor IPs rather than Cloudflare IPs in the domain access logs. This will help you to track abusive traffic and will also assist the accuracy or any statistical log analysis software you may use, such as Awstats. Next, you will actually be installing the plugin using the following command: The plugin installation will also install Mod_Cloudflare to ensure that Apache logs the actual visitor IPs rather than Cloudflare IPs in the domain access logs. This will help you to track abusive traffic and will also assist the accuracy or any statistical log analysis software you may use, such as Awstats. Next, you will actually be installing the plugin using the following command:
 +<code>
   bash <(curl -s https://raw.githubusercontent.com/cloudflare/CloudFlare-CPanel/master/cloudflare.install.sh) -k [YOUR_HOST_API_KEY] -n '[YOUR_COMPANY_NAME]'   bash <(curl -s https://raw.githubusercontent.com/cloudflare/CloudFlare-CPanel/master/cloudflare.install.sh) -k [YOUR_HOST_API_KEY] -n '[YOUR_COMPANY_NAME]'
 +</code>
  
 +Be sure to replace **[YOUR_HOST_API_KEY]** and **[YOUR_COMPANY_NAME]** with the appropriate values.
  
-Be sure to replace [YOUR_HOST_API_KEY] and [YOUR_COMPANY_NAME] with the appropriate values. +Once the installation is complete, your customers will have 2 different options to use Cloudflare. They can either do so via CNAME setup  on their subdomains, or they can enable Full DNS setup, which will make Cloudflare their Authoritative Nameservers. The default option is the CNAME setup. Both options will require that they are able to make advanced DNS changes via the panel. This means that you will need to ensure that either the Advanced Zone Editor or both Zone Editors in cPanel are enabled for your users via WHM's Feature Manager (Home »Packages »Feature Manager »Feature Lists) ((https://documentation.cpanel.net/display/74Docs/Feature%20Manager#FeatureManager-Predefinedfeaturelists))[[https://documentation.cpanel.net/display/74Docs/Feature%20Manager#FeatureManager-Predefinedfeaturelists|cPanel Predefined feature lists]] You will select the Feature List that your Cloudflare clients will be using from the "Manage feature list" and then click the "Edit" button. Alternatively, you could click "Add Feature List" under "Add a new feature list" to add a new feature list for your Cloudflare clients. Below you will see that there are two DNS Zone Edit options under the feature list  and only one of those is enabled by default. Both need to be enabled in order to allow the Cloudflare reseller plugin to function. 
- +
- +
-Once the installation is complete, your customers will have 2 different options to use Cloudflare. They can either do so via CNAME setup  on their subdomains, or they can enable Full DNS setup, which will make Cloudflare their Authoritative Nameservers. The default option is the CNAME setup. Both options will require that they are able to make advanced DNS changes via the panel. This means that you will need to ensure that either the Advanced Zone Editor or both Zone Editors in cPanel are enabled for your users via WHM's Feature Manager (Home »Packages »Feature Manager »Feature Lists) ((https://documentation.cpanel.net/display/74Docs/Feature%20Manager#FeatureManager-Predefinedfeaturelists)) You will select the Feature List that your Cloudflare clients will be using from the "Manage feature list" and then click the "Edit" button. Alternatively, you could click "Add Feature List" under "Add a new feature list" to add a new feature list for your Cloudflare clients. Below you will see that there are two DNS Zone Edit options under the feature list  and only one of those is enabled by default. Both need to be enabled in order to allow the Cloudflare reseller plugin to function. +
  
 {{:developmental:feature-list-must-enable-adv-dns-zone-editor.png?nolink&1200|}} {{:developmental:feature-list-must-enable-adv-dns-zone-editor.png?nolink&1200|}}
  
 Check the box next to the second option and then click "Save" Check the box next to the second option and then click "Save"
- 
  
 Full DNS is recommended because it will mean that Cloudflare optimizations and protections will be available at the root domain as well as any subdomains. CNAME setup cannot be disabled, however, you can control whether or not to allow the Full DNS option. Full DNS is recommended because it will mean that Cloudflare optimizations and protections will be available at the root domain as well as any subdomains. CNAME setup cannot be disabled, however, you can control whether or not to allow the Full DNS option.
- 
- 
  
 If you are using an older version of the Cloudflare plugin, you can edit the config.js in the following location: If you are using an older version of the Cloudflare plugin, you can edit the config.js in the following location:
 +<code>
   /usr/local/cpanel/base/frontend/paper_lantern/Cloudflare/config.js   /usr/local/cpanel/base/frontend/paper_lantern/Cloudflare/config.js
 +</code>
  
 You must set the following to 'true' to allow Full DNS setup: You must set the following to 'true' to allow Full DNS setup:
 +<code>
   "featureManagerIsFullZoneProvisioningEnabled": false   "featureManagerIsFullZoneProvisioningEnabled": false
-  +</code>
  
 For newer Cloudflare plugins, such as newly installed plugins, you will edit the following file: For newer Cloudflare plugins, such as newly installed plugins, you will edit the following file:
- +<code> 
-/usr/local/cpanel/base/frontend/paper_lantern/cloudflare/config.js+  /usr/local/cpanel/base/frontend/paper_lantern/cloudflare/config.js 
 +</code>
  
 If the file doesn't exist, but the config.json.sample file does, just copy the config.json.sample to config.json and edit accordingly.  If the file doesn't exist, but the config.json.sample file does, just copy the config.json.sample to config.json and edit accordingly. 
 +<code>
   cd /usr/local/cpanel/base/frontend/paper_lantern/cloudflare   cd /usr/local/cpanel/base/frontend/paper_lantern/cloudflare
   cp -a config.json.sample config.json   cp -a config.json.sample config.json
   nano config.json   nano config.json
 +</code>
  
 Here are the contents of the edited file (//true// was by default set to //false//): Here are the contents of the edited file (//true// was by default set to //false//):
- +<code> 
-  {+{
     "debug": false,     "debug": false,
     "featureManagerIsFullZoneProvisioningEnabled": true,     "featureManagerIsFullZoneProvisioningEnabled": true,
     "locale": "en"     "locale": "en"
-  }+} 
 +</code>
  
 This enables both the CNAME and Full DNS setups for your clients.  This enables both the CNAME and Full DNS setups for your clients. 
- 
  
 Another option that you may want to enable is the ability to expose SSL settings via the plugin interface by adding the string "SSLCard" to the  to the config.js "container.moresettings.security" setting: Another option that you may want to enable is the ability to expose SSL settings via the plugin interface by adding the string "SSLCard" to the  to the config.js "container.moresettings.security" setting:
  
 Before editing: Before editing:
- +<code> 
-"container.moresettings.security": +  "container.moresettings.security": 
-[“SecurityLevelCard”, “ChallengePassageCard”,  +  [“SecurityLevelCard”, “ChallengePassageCard”,  
-“BrowserIntegrityCheckCard”]+  “BrowserIntegrityCheckCard”] 
 +</code>
  
 After editing: After editing:
- +<code> 
-"container.moresettings.security": +  "container.moresettings.security": 
-[“SecurityLevelCard”, “ChallengePassageCard”,  +  [“SecurityLevelCard”, “ChallengePassageCard”,  
-“BrowserIntegrityCheckCard", "SSLCard"]+  “BrowserIntegrityCheckCard", "SSLCard"] 
 +</code>
  
 Now, your clients can easily optimize their sites with Cloudflare directly through their panel!  Now, your clients can easily optimize their sites with Cloudflare directly through their panel! 
  
-{{{{:developmental:ssl-cloudflare-reseller-plugin.png?nolink&1000|}} +{{:developmental:ssl-cloudflare-reseller-plugin.png?nolink&1000|}}
  
 +\\
 ===== Keeping the Plugin Updated ===== ===== Keeping the Plugin Updated =====
  
 To update the plugin, all you have to do this run the following command as the root user via SSH (remember that KnownHost uses a non-default port 2200 for SSH): To update the plugin, all you have to do this run the following command as the root user via SSH (remember that KnownHost uses a non-default port 2200 for SSH):
 +<code>
   /usr/local/cpanel/bin/cloudflare_update.sh   /usr/local/cpanel/bin/cloudflare_update.sh
 +</code>
  
 You may consider adding this to a cron and running it once a week or so to keep the plugin updated automatically.  You may consider adding this to a cron and running it once a week or so to keep the plugin updated automatically. 
  
-Cloudflare has issued a warning that this command may not work, though and provided a workaround if so. (( https://www.cloudflare.com/static/media/pdf/cloudflare-cpanel-installation-activation-guide.pdf )) If you notice that your Clouflare plugin is not being updated, you can use the following command instead to reinstall the plugin: +Cloudflare has issued a warning that this command may not work, though and provided a workaround if so. ((https://www.cloudflare.com/static/media/pdf/cloudflare-cpanel-installation-activation-guide.pdf))[[https://www.cloudflare.com/static/media/pdf/cloudflare-cpanel-installation-activation-guide.pdf|Cloudflare installation guide for cPanel plugins]] If you notice that your Clouflare plugin is not being updated, you can use the following command instead to reinstall the plugin: 
 +<code>
   bash <(curl -s https://raw.githubusercontent.com/cloudflare/CloudFlare-CPanel/master/cloudflare.install.sh) -k [YOUR_HOST_API_KEY] -n '[YOUR_COMPANY_NAME]'   bash <(curl -s https://raw.githubusercontent.com/cloudflare/CloudFlare-CPanel/master/cloudflare.install.sh) -k [YOUR_HOST_API_KEY] -n '[YOUR_COMPANY_NAME]'
 +</code>
  
 All customer data is stored in the following location and should be left untouched with a reinstall: All customer data is stored in the following location and should be left untouched with a reinstall:
 +<code>
   /home/[USERNAME]/.cpanel/datastore/cloudflare_data.yaml   /home/[USERNAME]/.cpanel/datastore/cloudflare_data.yaml
 +</code>
  
 To be safe, you can make copies of these files using the following command: To be safe, you can make copies of these files using the following command:
 +<code>
   cp -pa /home/*/.cpanel/datastore/cloudflare_data.yml /root/support/cloudflare-plugin-data/   cp -pa /home/*/.cpanel/datastore/cloudflare_data.yml /root/support/cloudflare-plugin-data/
 +</code>
  
 To check what version of the plugin you are using, you can use the following command: To check what version of the plugin you are using, you can use the following command:
 +<code>
   grep version /usr/local/cpanel/base/frontend/paper_lantern/cloudflare/config.js   grep version /usr/local/cpanel/base/frontend/paper_lantern/cloudflare/config.js
 +</code>
  
 +\\
 ===== cPanel Cloudflare Plugin and Clients ===== ===== cPanel Cloudflare Plugin and Clients =====
  
-When using the Cloudflare Reseller Plugin,  there will be no need to request that the clients install the Wordpress Cloudflare plugin. The Wordpress Cloudflare plugin is used for logging actual visitor IPs, but the Cloudflare Reseller Plugin will do this for you via the Apache module Mod_Cloudflare which is installed along with the Reseller Plugin. These are just a few more 'ease of use' benefits of the Cloudflare Reseller plugin. +When using the Cloudflare Reseller Plugin,  there will be no need to request that the clients install the Wordpress Cloudflare plugin. The Wordpress Cloudflare plugin is used for logging actual visitor IPs, but the Cloudflare Reseller Plugin will do this for you via the Apache module Mod_Cloudflare which is installed along with the Reseller Plugin. These are just a few more 'ease of use' benefits of the Cloudflare Reseller plugin.
developmental/cloudflare-for-resellers.1578080192.txt.gz · Last modified: 2020/01/03 13:36 by Karson N.