Skip to main content

Cloudflare Setup: A Beginner's Guide

Cloudflare is a service that sits "between" your server and your users. It protects your site from hackers, hides your real IP address, and significantly speeds up page loading.

Why do you need Cloudflare?​

  1. Free SSL: Your site will work over the secure protocol https://.
  2. DDoS Protection: Deflect bot attacks with one click.
  3. DNS Hosting: The fastest domain record management in the world.

Part 1: Creating an Account​

  1. Sign Up: Go to dash.cloudflare.com/sign-up.
  2. Email and Password: Enter your details and confirm your email (you'll receive an email with a link).
  3. Login: Access the control panel.

Part 2: Adding Your Domain​

  1. In the control panel, click Add a Site.
  2. Enter your domain name (e.g., example.com) without http://. Click Add site.
  3. Select a Plan: Scroll down and choose the Free plan ($0/month). Click Continue.

Part 3: Setting up DNS (The Most Important Step)​

Cloudflare will scan your current domain records.

  1. Check the list of records. You should typically have A records (pointing to your server's IP) and CNAME records (e.g., for www).
  2. Click Continue.
  3. Changing Nameservers (NS): Cloudflare will provide you with two addresses (e.g., amy.ns.cloudflare.com and bob.ns.cloudflare.com).
  4. At your registrar: You need to log into your account where you bought the domain (Reg.ru, Namecheap, GoDaddy, etc.) and replace the current NS servers with the ones Cloudflare gave you.
Attention

Updating NS servers on the internet can take anywhere from 1 to 24 hours. During this time, the site may be temporarily unavailable.

Part 4: Security and SSL Settings​

After your domain is verified (you'll receive an email "Status: Active"), do the following:

1. SSL/TLS Mode​

Go to SSL/TLS -> Overview:

  • Select Full or Full (Strict) mode. This ensures full traffic encryption.

2. Always Use HTTPS​

Go to SSL/TLS -> Edge Certificates:

  • Enable the Always Use HTTPS toggle. Now users will always be redirected to the secure version of the site.

3. "Under Attack Mode"​

If you see suspicious traffic to your site, enable the Under Attack Mode toggle on the domain's main page. Users will see a browser check for 5 seconds.

Summary: What does this give you?​

Now your real Hetzner server IP is hidden behind Cloudflare's "cloud."

  • If someone tries to attack your domain, Cloudflare will take the hit.
  • Your server will use fewer resources as Cloudflare takes on part of the load.
Let's go!

You can check if protection is working on who.is β€” in the Nameservers field, Cloudflare servers should be listed.