177 lines
4.4 KiB
Markdown
Raw Normal View History

Integrate complete Candidat platform with ASP.NET chatbot service - Added Next.js frontend for candidate interviews - Added Node.js backend with TypeScript and AI integration - Added ASP.NET Core chatbot service for specialized AI conversations - Added MySQL database with complete schema - Added Nginx reverse proxy configuration - Complete Docker Compose orchestration for all services - Environment configuration for production, development, and Cloudflare - Comprehensive documentation and setup instructions - Flattened nested folder structures for clean organization - Integrated chatbot service with fallback to direct AI calls
2025-09-20 10:45:21 +02:00
# Cloudflare Setup Guide for candivista.com
This guide will help you configure Cloudflare for your application to get proper SSL certificates and better performance.
## Cloudflare Configuration Steps
### 1. DNS Configuration
In your Cloudflare dashboard:
1. **Add A Records:**
```
Type: A
Name: @
Content: 168.231.108.135
Proxy status: Proxied (orange cloud)
Type: A
Name: www
Content: 168.231.108.135
Proxy status: Proxied (orange cloud)
```
### 2. SSL/TLS Configuration
1. Go to **SSL/TLS****Overview**
2. Set encryption mode to **"Full (strict)"**
3. Go to **SSL/TLS****Edge Certificates**
4. Enable **"Always Use HTTPS"**
5. Enable **"HTTP Strict Transport Security (HSTS)"**
### 3. Security Settings
1. Go to **Security****Settings**
2. Set security level to **"Medium"** or **"High"**
3. Enable **"Browser Integrity Check"**
4. Go to **Security****WAF**
5. Enable **"Web Application Firewall"**
### 4. Performance Settings
1. Go to **Speed****Optimization**
2. Enable **"Auto Minify"** for CSS, HTML, and JavaScript
3. Enable **"Brotli"** compression
4. Go to **Caching****Configuration**
5. Set caching level to **"Standard"**
## Nginx Configuration Updates
The nginx configuration has been updated to work optimally with Cloudflare:
### ✅ Changes Made:
1. **Real IP Detection** - Added Cloudflare IP ranges
2. **SSL Optimization** - Disabled OCSP stapling (handled by Cloudflare)
3. **Security Headers** - Added Cloudflare-specific headers
4. **Rate Limiting** - Works with Cloudflare's real IP detection
## Deployment with Cloudflare
### Option 1: Use Cloudflare Environment
```bash
# Deploy with Cloudflare-optimized settings
docker-compose --env-file env.cloudflare up -d
```
### Option 2: Use Self-Signed Certificates
```bash
# Generate self-signed certificates (Cloudflare will handle SSL)
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout nginx/ssl/key.pem \
-out nginx/ssl/cert.pem \
-subj "/C=US/ST=State/L=City/O=Organization/CN=candivista.com"
# Deploy
docker-compose --env-file env.cloudflare up -d
```
## Testing Your Setup
### 1. Check DNS Propagation
```bash
# Check if domain resolves through Cloudflare
nslookup candivista.com
dig candivista.com
```
### 2. Test SSL Certificate
```bash
# Test SSL (should show Cloudflare certificate)
curl -I https://candivista.com
# Check certificate details
openssl s_client -connect candivista.com:443 -servername candivista.com
```
### 3. Test Application
```bash
# Test HTTP (should redirect to HTTPS)
curl -I http://candivista.com
# Test HTTPS
curl -I https://candivista.com
# Test health endpoint
curl https://candivista.com/health
```
## Cloudflare Benefits
### ✅ SSL/TLS
- **Free SSL certificates** from Cloudflare
- **Automatic certificate renewal**
- **Modern TLS protocols** (TLS 1.3)
- **Perfect SSL score** on SSL Labs
### ✅ Performance
- **Global CDN** - Faster loading worldwide
- **Caching** - Reduced server load
- **Compression** - Smaller file sizes
- **HTTP/2 and HTTP/3** support
### ✅ Security
- **DDoS protection**
- **Web Application Firewall (WAF)**
- **Bot protection**
- **Rate limiting**
### ✅ Monitoring
- **Analytics** - Traffic insights
- **Security events** - Attack monitoring
- **Performance metrics** - Speed optimization
## Troubleshooting
### Common Issues
1. **"Not Secure" Warning:**
- Check Cloudflare SSL/TLS settings
- Ensure "Full (strict)" mode is enabled
- Wait for DNS propagation
2. **502 Bad Gateway:**
- Check if your server is running
- Verify Cloudflare can reach your server
- Check nginx logs
3. **Slow Loading:**
- Enable Cloudflare caching
- Check compression settings
- Optimize images and assets
### Useful Commands
```bash
# Check Cloudflare IP ranges
curl -s https://www.cloudflare.com/ips-v4
# Test from Cloudflare's perspective
curl -H "CF-Connecting-IP: 1.2.3.4" https://candivista.com
# Check SSL certificate
curl -I https://candivista.com
# Monitor nginx logs
docker logs candidat-nginx -f
```
## Next Steps
1. **Configure DNS** in Cloudflare dashboard
2. **Set SSL/TLS** to "Full (strict)"
3. **Deploy application** with Cloudflare settings
4. **Test everything** works correctly
5. **Enable additional features** (caching, security, etc.)
Your application will now have:
-**Free SSL certificates**
-**Global CDN performance**
-**Enhanced security**
-**Professional setup**
Reference in New Issue Copy Permalink