Recently, a friend of mine suggested to check out CloudFlare, a service to protect and accelerate websites. The most awesome part is: there is a free plan, which is quite supercharged! Have a look at the features overview to see what’s already part of the free plan. Definitely enough for me to set it up. This blog post documents the three simple steps I took, so you can see how easy it actually is.
Step 1: Enter your domain.
After signing up for CloudFlare, the first simple step is to enter your custom domain name and let CloudFlare do a scan of all DNS records. The scan took around a minute to complete.
Step 2: Verify your DNS settings.
CloudFlare automatically loads your current DNS configuration into their editor. It is then very convenient to adjust the different records. As you can see, the records for the web server point to the right IP and are enabled for CloudFlare (indicated by the orange cloud icon next to the record). Also, all records for my email setup with FastMail were correctly detected by CloudFlare and prefilled.
Step 3: Update your nameserver.
The last step is to point the nameservers for your domain to CloudFlare. CloudFlare will tell you your current nameserver setup (for your reference) and the new configuration. Depending on where you host your domain, changing the nameserver setup will be different. After changing the nameserver, it may take up to two days for the change to fully propagate. There is no need to worry, because as CloudFlare takes over, the DNS settings you verified before are served. And as they are identical, your users won’t even notice.
CloudFlare and SSH
After setting up CloudFlare, I noticed that I couldn’t SSH to my server anymore. At first a little bit worried, I then thankfully found an article in the CloudFlare docs explaining the issue.
CloudFlare only proxies HTTP traffic. If you need to connect to your origin using another protocol (SSH, FTP, SMTP, etc.) you need to do so using a record that does not have CloudFlare enabled in the DNS settings (grey cloud) or by connecting directly to the origin server’s IP address.
As I do not want to remember the server’s IP address a simple workaround is to
ssh ssh.yourdomain.com, which works as expected.