Cloudflare Setup Guide for candivista.com
This guide will help you configure Cloudflare for your application to get proper SSL certificates and better performance.
Cloudflare Configuration Steps
1. DNS Configuration
In your Cloudflare dashboard:
- Add A Records:
Type: A Name: @ Content: 168.231.108.135 Proxy status: Proxied (orange cloud) Type: A Name: www Content: 168.231.108.135 Proxy status: Proxied (orange cloud)
2. SSL/TLS Configuration
- Go to SSL/TLS → Overview
- Set encryption mode to "Full (strict)"
- Go to SSL/TLS → Edge Certificates
- Enable "Always Use HTTPS"
- Enable "HTTP Strict Transport Security (HSTS)"
3. Security Settings
- Go to Security → Settings
- Set security level to "Medium" or "High"
- Enable "Browser Integrity Check"
- Go to Security → WAF
- Enable "Web Application Firewall"
4. Performance Settings
- Go to Speed → Optimization
- Enable "Auto Minify" for CSS, HTML, and JavaScript
- Enable "Brotli" compression
- Go to Caching → Configuration
- Set caching level to "Standard"
Nginx Configuration Updates
The nginx configuration has been updated to work optimally with Cloudflare:
✅ Changes Made:
- Real IP Detection - Added Cloudflare IP ranges
- SSL Optimization - Disabled OCSP stapling (handled by Cloudflare)
- Security Headers - Added Cloudflare-specific headers
- Rate Limiting - Works with Cloudflare's real IP detection
Deployment with Cloudflare
Option 1: Use Cloudflare Environment
# Deploy with Cloudflare-optimized settings
docker-compose --env-file env.cloudflare up -d
Option 2: Use Self-Signed Certificates
# Generate self-signed certificates (Cloudflare will handle SSL)
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout nginx/ssl/key.pem \
-out nginx/ssl/cert.pem \
-subj "/C=US/ST=State/L=City/O=Organization/CN=candivista.com"
# Deploy
docker-compose --env-file env.cloudflare up -d
Testing Your Setup
1. Check DNS Propagation
# Check if domain resolves through Cloudflare
nslookup candivista.com
dig candivista.com
2. Test SSL Certificate
# Test SSL (should show Cloudflare certificate)
curl -I https://candivista.com
# Check certificate details
openssl s_client -connect candivista.com:443 -servername candivista.com
3. Test Application
# Test HTTP (should redirect to HTTPS)
curl -I http://candivista.com
# Test HTTPS
curl -I https://candivista.com
# Test health endpoint
curl https://candivista.com/health
Cloudflare Benefits
✅ SSL/TLS
- Free SSL certificates from Cloudflare
- Automatic certificate renewal
- Modern TLS protocols (TLS 1.3)
- Perfect SSL score on SSL Labs
✅ Performance
- Global CDN - Faster loading worldwide
- Caching - Reduced server load
- Compression - Smaller file sizes
- HTTP/2 and HTTP/3 support
✅ Security
- DDoS protection
- Web Application Firewall (WAF)
- Bot protection
- Rate limiting
✅ Monitoring
- Analytics - Traffic insights
- Security events - Attack monitoring
- Performance metrics - Speed optimization
Troubleshooting
Common Issues
-
"Not Secure" Warning:
- Check Cloudflare SSL/TLS settings
- Ensure "Full (strict)" mode is enabled
- Wait for DNS propagation
-
502 Bad Gateway:
- Check if your server is running
- Verify Cloudflare can reach your server
- Check nginx logs
-
Slow Loading:
- Enable Cloudflare caching
- Check compression settings
- Optimize images and assets
Useful Commands
# Check Cloudflare IP ranges
curl -s https://www.cloudflare.com/ips-v4
# Test from Cloudflare's perspective
curl -H "CF-Connecting-IP: 1.2.3.4" https://candivista.com
# Check SSL certificate
curl -I https://candivista.com
# Monitor nginx logs
docker logs candidat-nginx -f
Next Steps
- Configure DNS in Cloudflare dashboard
- Set SSL/TLS to "Full (strict)"
- Deploy application with Cloudflare settings
- Test everything works correctly
- Enable additional features (caching, security, etc.)
Your application will now have:
- ✅ Free SSL certificates
- ✅ Global CDN performance
- ✅ Enhanced security
- ✅ Professional setup