Skip to main content

CloudFlare Configurations

(OLD) Cloudflare users

If you are using Cloudflare, you should not enable reverse proxy (orange cloud) on your DNS entries, or else it will prevent the SSL certificate creation/renewal process from Elestio with Letsencrypt.

If you still want to use Cloudflare with orange cloud, you should do this to disable elestio SSL for your custom domain:

1) Connect to the VM with SSH and type this:
nano /opt/elestio/nginx/.env

there remove your domain from the first line and save with CTRL+X

then type this command:
cd /opt/elestio/nginx;
docker-compose down;
docker-compose up -d;

after that nginx won't try again to obtain an SSL certificate for your domain and your site will use only the SSL from Cloudflare.

Cloudflare DNS:

If you wish to use Cloudflare for DNS ONLY, you can configure it just like any other DNS provider, and simply follow the steps for adding a custom domain as usual.

WARNING: Your domain DNS entry must have a GRAY cloud, not an ORANGE (proxied) cloud next to the entry.

image.pngUsing Cloudflare's proxy for your domain without additional configuration will cause all incoming connections to fail!

image.png This is the correct image shown for DNS-only entries.

Cloudflare Proxy

Even though Elest.io automatically provides SSL and has a firewall, there can be advantages to using Cloudflare for Proxying traffic, notably DDoS attacks and automatic filtering of scripted attacks.

Note: Cloudflare only proxies traffic on certain ports. If you want to use this hostname for SSH, FTP, or other services whose ports are not listed in the above link, you must configure Cloudflare to provide DNS only or use Cloudflare's Spectrum offer.

Because Elest.io already creates an SSL certificate for your website trusted by a root CA, the recommended configuration is to set Cloudflare to use Strict SSL verification when connecting to your server.

Before continuing, ensure you have already configured the domains as per the instructions on the previous page.

Option 1: To set up strict SSL verification for your whole domain:
  1. Navigate to the SSL/TLS section of your domain's dashboard.
  2. Select the "Full (strict)" option.
  3. Your changes will be saved automatically. You're done!


Screen Shot 2023-07-17 at 17.57.34.png

Option 2: To set up strict SSL verification for a specific subdomain:

  1. In your domain's dashboard, navigate to Rules > Configuration Rules

Screen Shot 2023-07-17 at 18.03.57.png

As shown in the diagram, this will create a secure connection between the client and Cloudflare's servers, and Cloudflare will connect securely to your Elest.io service.

 

 

 

If you are using Cloudflare, you should not enable reverse proxy (orange cloud) on your DNS entries, or else it will prevent the SSL certificate creation/renewal process from Elestio with Letsencrypt.

If you still want to use Cloudflare with orange cloud, you should do this to disable elestio SSL for your custom domain:

1) Connect to the VM with SSH and type this:
nano /opt/elestio/nginx/.env

there remove your domain from the first line and save with CTRL+X

then type this command:
cd /opt/elestio/nginx;
docker-compose down;
docker-compose up -d;

after that nginx won't try again to obtain an SSL certificate for your domain and your site will use only the SSL from Cloudflare.