KNOWNHOST WIKI

User Tools

Site Tools


developmental:the-ultimate-cloudflare-guide

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
developmental:the-ultimate-cloudflare-guide [2020/01/13 08:17]
Karson N.
developmental:the-ultimate-cloudflare-guide [2020/05/27 08:42] (current)
Karson N.
Line 34: Line 34:
  You even have access to most of these features via a RESTful API! If you aren’t convinced yet, well check out some of the features discussed below that you have the option to enable under the free plan with no extra costs. These are features that you’ll want to consider enabling to get the most out of Cloudflare’s free plan. You can read more about each of these features inside the Cloudflare dashboard or via their documentation. But first, let’s discuss how to get Cloudflare enabled for your domain and then we can go through these settings together.   You even have access to most of these features via a RESTful API! If you aren’t convinced yet, well check out some of the features discussed below that you have the option to enable under the free plan with no extra costs. These are features that you’ll want to consider enabling to get the most out of Cloudflare’s free plan. You can read more about each of these features inside the Cloudflare dashboard or via their documentation. But first, let’s discuss how to get Cloudflare enabled for your domain and then we can go through these settings together. 
  
 +\\
 ===== Enabling Cloudflare ===== ===== Enabling Cloudflare =====
  
 1) Create a free account at Cloudflare.com by clicking ‘Sign Up.’ You can use the following URL to go directly to the signup: 1) Create a free account at Cloudflare.com by clicking ‘Sign Up.’ You can use the following URL to go directly to the signup:
  
-https://www.cloudflare.com/a/sign-up+((https://www.cloudflare.com/a/sign-up)) 
 +[[https://www.cloudflare.com/a/sign-up|Sign Up for Cloudflare here]]
  
 {{:developmental:cloudflare1.png?nolink&800|}} {{:developmental:cloudflare1.png?nolink&800|}}
Line 78: Line 80:
   * a CNAME for the 'mail' subdomain   * a CNAME for the 'mail' subdomain
  
-4) Get your Cloudflare nameservers and set these as the custom nameservers at your registrar. Cloudflare has an amazing resource for this. ((https://support.cloudflare.com/hc/en-us/articles/205195708))+4) Get your Cloudflare nameservers and set these as the custom nameservers at your registrar. Cloudflare has an amazing resource for this. ((https://support.cloudflare.com/hc/en-us/articles/205195708))[[https://support.cloudflare.com/hc/en-us/articles/205195708|Changing your domain nameservers to Cloudflare]]
  
 {{:developmental:cloudflare8_.png?nolink&800|}} {{:developmental:cloudflare8_.png?nolink&800|}}
Line 88: Line 90:
 6) The last step to set up Cloudflare for your domain is to proceed to optimize your new Cloudflare service using suggestions and information below as desired. 6) The last step to set up Cloudflare for your domain is to proceed to optimize your new Cloudflare service using suggestions and information below as desired.
  
 +\\
 ===== Our Recommendations ===== ===== Our Recommendations =====
  
Line 123: Line 126:
 A firewall will typically have a connection limit that limits simultaneous connections from a single IP. If all traffic for a busy site, or several sites, is coming from a small set of IPs, then it is easy to see how these IPs can exceed this limit and become blocked if these IP’s are not whitelisted, Cloudflare may become blocked in your server’s firewall and this could cause downtime for your sites! Thus, it is important to be sure to whitelist Cloudflare IP’s, which can be accomplished using the following lists of IPs: A firewall will typically have a connection limit that limits simultaneous connections from a single IP. If all traffic for a busy site, or several sites, is coming from a small set of IPs, then it is easy to see how these IPs can exceed this limit and become blocked if these IP’s are not whitelisted, Cloudflare may become blocked in your server’s firewall and this could cause downtime for your sites! Thus, it is important to be sure to whitelist Cloudflare IP’s, which can be accomplished using the following lists of IPs:
  
-https://www.cloudflare.com/ips-v4+((https://www.cloudflare.com/ips-v4)) 
 +[[https://www.cloudflare.com/ips-v4|Cloudflare IPv4]]
  
-https://www.cloudflare.com/ips-v6+((https://www.cloudflare.com/ips-v6)) 
 +[[https://www.cloudflare.com/ips-v6|Cloudflare IPv6]]
  
 This type of blocking will look like this, but the IPs will all belong to Cloudflare, which will be U.S. IPs rather than Indian IPs,  and the log entry may even display the rDNS of the IP blocked, which will sometimes explicitly state that it belongs to Cloudflare: This type of blocking will look like this, but the IPs will all belong to Cloudflare, which will be U.S. IPs rather than Indian IPs,  and the log entry may even display the rDNS of the IP blocked, which will sometimes explicitly state that it belongs to Cloudflare:
Line 162: Line 167:
 Unfortunately, there is no solution for this at this time.  There is a lot of speculation about how this could be resolved, however, none have been agreed upon as viable solutions without their own problems. There have been many posts discussing this, though, and a few are linked below for you to reference that explore the possibilities via cPHulk. ((https://features.cpanel.net/topic/have-option-for-cphulkd-to-action-on-x-forwarded-for)) ((https://www.aetherweb.co.uk/solved-cpanels-cphulk-cloudflare-and-x-forwarded-for/)) ((https://forums.cpanel.net/threads/redirect-all-port-2083-requests-to-the-servers-hostname.606527/)) Unfortunately, there is no solution for this at this time.  There is a lot of speculation about how this could be resolved, however, none have been agreed upon as viable solutions without their own problems. There have been many posts discussing this, though, and a few are linked below for you to reference that explore the possibilities via cPHulk. ((https://features.cpanel.net/topic/have-option-for-cphulkd-to-action-on-x-forwarded-for)) ((https://www.aetherweb.co.uk/solved-cpanels-cphulk-cloudflare-and-x-forwarded-for/)) ((https://forums.cpanel.net/threads/redirect-all-port-2083-requests-to-the-servers-hostname.606527/))
  
-Page rules and/or Rate Limiting could possibly be used to help circumvent this issue (the first 10,000 requests and blocked requests are free, and the cost is $0.05 per 10,000 legitimate (non-blocked) requests thereafter.), but hopefully, Cloudflare and cPanel can come together to find a definite solution for this.((https://support.cloudflare.com/hc/en-us/articles/115001635128)) ((https://blog.cloudflare.com/introducing-pagerules-fine-grained-feature-co/))+Page rules and/or Rate Limiting could possibly be used to help circumvent this issue (the first 10,000 requests and blocked requests are free, and the cost is $0.05 per 10,000 legitimate (non-blocked) requests thereafter.), but hopefully, Cloudflare and cPanel can come together to find a definite solution for this. 
 +((https://support.cloudflare.com/hc/en-us/articles/115001635128)) 
 +[[https://support.cloudflare.com/hc/en-us/articles/115001635128|Configuring Cloudflare Rate Limiting]] 
 +((https://blog.cloudflare.com/introducing-pagerules-fine-grained-feature-co/)) 
 +[[https://blog.cloudflare.com/introducing-pagerules-fine-grained-feature-co/|Introducing Page Rules: Fine Grained Control over CloudFlare's Features]]
  
   * //Allow the IPs of the services you use to access your website//   * //Allow the IPs of the services you use to access your website//
Line 211: Line 220:
 Cloudflare has some excellent tutorials for Page Rules here Cloudflare has some excellent tutorials for Page Rules here
  
-https://www.cloudflare.com/features-page-rules/+((https://www.cloudflare.com/features-page-rules/)) 
 +[[https://www.cloudflare.com/features-page-rules/|How to Optimize Your Domain With Page Rules]]
  
 You get 3three page rules with the free account and these can be found in the Cloudflare dashboard under the Page Rules tab: You get 3three page rules with the free account and these can be found in the Cloudflare dashboard under the Page Rules tab:
Line 221: Line 231:
 {{:developmental:create_page_rule_.png?nolink&800|}} {{:developmental:create_page_rule_.png?nolink&800|}}
  
 +\\
 ===== Taking Full Advantage of Cloudflare's Free Plan ===== ===== Taking Full Advantage of Cloudflare's Free Plan =====
  
 Now, to get the most out of the Cloudflare free account, check these options out: Now, to get the most out of the Cloudflare free account, check these options out:
  
 +\\
 **Under the Speed Tab:** **Under the Speed Tab:**
   *  //Enable Auto Minify//   *  //Enable Auto Minify//
Line 237: Line 249:
   *  //Enable Asynchronous Javascript Loading Rocket Loader  (BETA)//   *  //Enable Asynchronous Javascript Loading Rocket Loader  (BETA)//
  
-This is also BETA at the time of writing this article, and pricing for this feature is subject to change. Get more information about how this feature improves the load times of your external resources here. ((https://blog.cloudflare.com/how-cloudflare-rocket-loader-redefines-the-modern-cdn/))+This is also BETA at the time of writing this article, and pricing for this feature is subject to change. Get more information about how this feature improves the load times of your external resources here. ((https://blog.cloudflare.com/how-cloudflare-rocket-loader-redefines-the-modern-cdn/))[[https://blog.cloudflare.com/how-cloudflare-rocket-loader-redefines-the-modern-cdn/|How CloudFlare Rocket Loader Redefines the Modern CDN]]
  
 The article states that //Rocket Loader does a bunch of things:// The article states that //Rocket Loader does a bunch of things://
Line 246: Line 258:
       -  //Uses LocalStorage on most browsers and nearly all smartphones to more intelligently store scripts so they aren't refetched unless necessary.//       -  //Uses LocalStorage on most browsers and nearly all smartphones to more intelligently store scripts so they aren't refetched unless necessary.//
          
-https://blog.cloudflare.com/how-cloudflare-rocket-loader-redefines-the-modern-cdn/+((https://blog.cloudflare.com/how-cloudflare-rocket-loader-redefines-the-modern-cdn/))[[https://blog.cloudflare.com/how-cloudflare-rocket-loader-redefines-the-modern-cdn/|How CloudFlare Rocket Loader Redefines the Modern CDN]]
  
 +\\
 **Under the Caching Tab:** **Under the Caching Tab:**
   *  //Adjust Browser Cache Expiration accordingly for your needs (set to 4 hours by default)//   *  //Adjust Browser Cache Expiration accordingly for your needs (set to 4 hours by default)//
  
 +\\
 **Under the Apps Tab:** **Under the Apps Tab:**
   *  //Sign up for Cloudflare Apps notifications! Receive email notifications when new apps or features are available!//   *  //Sign up for Cloudflare Apps notifications! Receive email notifications when new apps or features are available!//
  
 +\\
 **Under the Scape Shield Tab:** **Under the Scape Shield Tab:**
   *  //Enable Hotlink Protection to protect your images!//   *  //Enable Hotlink Protection to protect your images!//
Line 259: Line 274:
  Luckily, you don’t really need to worry about your bandwidth here thanks to Cloudflare having no limit on bandwidth (as long as you comply with their terms of service), however, if you don’t want your images used on other sites, you’ll want to enable this option. ((https://support.cloudflare.com/hc/en-us/articles/200170026-What-does-enabling-CloudFlare-Hotlink-Protection-do-))  Luckily, you don’t really need to worry about your bandwidth here thanks to Cloudflare having no limit on bandwidth (as long as you comply with their terms of service), however, if you don’t want your images used on other sites, you’ll want to enable this option. ((https://support.cloudflare.com/hc/en-us/articles/200170026-What-does-enabling-CloudFlare-Hotlink-Protection-do-))
  
 +\\
 **Under the Crypto Tab:** **Under the Crypto Tab:**
   *  //Make sure to use full crypto.//   *  //Make sure to use full crypto.//
Line 276: Line 292:
 The following options are //not// suitable for all, however, check these settings if you want increased security: The following options are //not// suitable for all, however, check these settings if you want increased security:
  
 +\\
 **Under the Crypto Tab:** **Under the Crypto Tab:**
   *  //HSTS// *    *  //HSTS// * 
Line 290: Line 307:
 Please note that once Authenticated Origin Pulls are enforced by your origin server, any HTTPS requests outside of Cloudflare to your origin will fail including those to gray clouded records on Cloudflare. Please note that once Authenticated Origin Pulls are enforced by your origin server, any HTTPS requests outside of Cloudflare to your origin will fail including those to gray clouded records on Cloudflare.
  
-Another would be that of troubleshooting. One could not simply disable Cloudflare on the domain and then proceed to troubleshoot the site. Troubleshooting would have to be done through Cloudflare, so you would have to disable caching, empty the existing cache, etc to troubleshoot changes or errors with a site. ((https://blog.cloudflare.com/protecting-the-origin-with-tls-authenticated-origin-pulls/)) ((https://support.cloudflare.com/hc/en-us/articles/225006628-Setting-up-Apache-to-use-TLS-Authenticated-Origin-Pulls))+Another would be that of troubleshooting. One could not simply disable Cloudflare on the domain and then proceed to troubleshoot the site. Troubleshooting would have to be done through Cloudflare, so you would have to disable caching, empty the existing cache, etc to troubleshoot changes or errors with a site. ((https://blog.cloudflare.com/protecting-the-origin-with-tls-authenticated-origin-pulls/)) ((https://support.cloudflare.com/hc/en-us/articles/204899617))
  
   *  //Require Modern TLS//   *  //Require Modern TLS//
Line 296: Line 313:
 This is rather self-explanatory. Older versions of SSL and TLS are vulnerable to certain attacks, such as "BEAST" and "POODLE", so this is certainly an option you'll want to consider.  This is rather self-explanatory. Older versions of SSL and TLS are vulnerable to certain attacks, such as "BEAST" and "POODLE", so this is certainly an option you'll want to consider. 
  
 +\\
 **Under the DNS Tab:** **Under the DNS Tab:**
   *  //Enable DNSSEC//   *  //Enable DNSSEC//
Line 303: Line 321:
 {{:developmental:dnssecimage.png?nolink&800|}} {{:developmental:dnssecimage.png?nolink&800|}}
  
 +\\
 ===== Other Awesome Features From Cloudflare ===== ===== Other Awesome Features From Cloudflare =====
  
 Cloudflare even offers a cPanel plugin, which would both be awesome for resellers to offer their clients. Here is a link containing more information (namely installation and configuration instructions): Cloudflare even offers a cPanel plugin, which would both be awesome for resellers to offer their clients. Here is a link containing more information (namely installation and configuration instructions):
  
-https://support.cloudflare.com/hc/en-us/sections/200820418-cPanel-Integration+((https://www.cloudflare.com/static/media/pdf/cloudflare-cpanel-installation-activation-guide.pdf)) 
 +[[https://www.cloudflare.com/static/media/pdf/cloudflare-cpanel-installation-activation-guide.pdf|cPanel Installation Guide]]
  
 We’ll explore Cloudflare for Resellers in an upcoming article.  We’ll explore Cloudflare for Resellers in an upcoming article. 
  
-There are also amazing CMS-specific plugins for Cloudflare, too, which let you manage Cloudflare for that domain via your CMS dashboard (How cool is that!).((https://blog.cloudflare.com/introducing-the-cloudflare-joomla-extension/))+There are also amazing CMS-specific plugins for Cloudflare, too, which let you manage Cloudflare for that domain via your CMS dashboard (How cool is that!). 
 + 
 +((https://blog.cloudflare.com/introducing-the-cloudflare-joomla-extension/)) 
 +[[https://blog.cloudflare.com/introducing-the-cloudflare-joomla-extension/|Introducing the CloudFlare Joomla Extension]] 
 ((https://www.cloudflare.com/integrations/magento/)) ((https://www.cloudflare.com/integrations/magento/))
 +[[https://www.cloudflare.com/integrations/magento/|Cloudflare Magento Extension for Performance and Security]]
 +
 ((https://wordpress.org/plugins/cloudflare/)) ((https://wordpress.org/plugins/cloudflare/))
 +[[https://wordpress.org/plugins/cloudflare/|Cloudflare plugins]]
  
 More information on the CMS integrations and many more can be found here: More information on the CMS integrations and many more can be found here:
  
-https://www.cloudflare.com/integrations/+((https://www.cloudflare.com/integrations/)) 
 +[[https://www.cloudflare.com/integrations/|Cloudflare Integration Resources]]
  
 Cloudflare now even offers resolvers as of April 1st (they chose to introduce it on April Fool's Day because of the '4' and the '1' in the date to represent the 4 '1's of the resolver)!  Cloudflare now even offers resolvers as of April 1st (they chose to introduce it on April Fool's Day because of the '4' and the '1' in the date to represent the 4 '1's of the resolver)! 
  
-These are proclaimed to be the fastest resolvers of all (image taken from https://1.1.1.1/ ):+These are proclaimed to be the fastest resolvers of all (image taken from [[https://1.1.1.1/|https://1.1.1.1/]] ):
  
 {{:developmental:fastest_resolvers_cf.png?nolink&900|}} {{:developmental:fastest_resolvers_cf.png?nolink&900|}}
Line 327: Line 355:
 You can change your resolvers in WHM using the following instructions: You can change your resolvers in WHM using the following instructions:
  
-https://documentation.cpanel.net/display/68Docs/Resolver+Configuration+((https://documentation.cpanel.net/display/68Docs/Resolver+Configuration)) 
 +[[https://documentation.cpanel.net/display/68Docs/Resolver+Configuration|cPanel Resolver Configuration]]
  
 You will see the following: You will see the following:
Line 354: Line 383:
 {{:developmental:cloudflare_resolvers_set.png?nolink&1200|}} {{:developmental:cloudflare_resolvers_set.png?nolink&1200|}}
  
-Ctrl X  +  y  +  Enter to save the changes when editing with Nano. You should now see a 28% increase in the speed of your resolvers (according to https://1.1.1.1/)!+Ctrl X  +  y  +  Enter to save the changes when editing with Nano. You should now see a 28% increase in the speed of your resolvers (according to [[https://1.1.1.1/|https://1.1.1.1/]])!
  
 Note that you can even configure an IPv6 Resolver if you have IPv6 enabled on your server.  Note that you can even configure an IPv6 Resolver if you have IPv6 enabled on your server. 
developmental/the-ultimate-cloudflare-guide.1578925026.txt.gz · Last modified: 2020/01/13 08:17 by Karson N.