Cloudflare is most useful dns tool site in the world. cloudflare supports ddos protection and cdn service for free!
Let's learn about cloudflare!
First, make an account.
how I setting cloudflare sign up to setting at first ?
1.press the sign up button
2.write your information in cloudflare
3.write your domain(like nesez.net)
4.select your plan
5.press confirm plan button
6.setting dns record
like this, you can get two name server.
you should change name server to cloudflare's nameserver
6-1check nameserver (if you already check-in cloudflare)
6-1.2 press continue button
select your tls/ssl encryption
off:no ssl
flexible:encrypt cloudflare-user not server-cloudflare
full:end to end encryption (you can use non-CA certification)
full(strict):you must use trusted CA certificate or cloudflare's certification
the recommendation about setting is full (strict)
after setting is done, press the save button
the setting about always https. It is simmilar to hsts technology. I recommend turn on always use https
after setting is done, press the save button
this is the convenience service in cloudflare. This function gives you using lower traffic and good performance for user experimence
Let's check all of that.
the setting of brotli. It gives you fast experimence
press the save button
cloudflare gives your setting result in simple summary.
press the finish button
you have to set the nameserver to cloudflare's name server.
If you finished the setting of cloudflare, press the RE-CHECK now button.
The nameservercheck process will be finished in few minutes.
Let's go to cloudflare again.
cloudflare gives you funny functions.
Let's press the Dns button
this function is very simple but very strong.
Let's find out the reason
Press Add record button.
we can make record with many types of record.
A/AAAA/CNAME/txt/ etc...
Let's make a record with A record.
write @ to get root domain record.
Write the ip adress which you want to link with.
Few minutes later, you can see your domain and ip adress is connected.
Next, Let's setting the security settings.
Press the ssl/tls button.
Click Edge Certificates.
Click order advanced certificate.
0/per month:CA is cloudflare and use cloudflare's universal ssl.
10/per month: you can customize ssl CA and settings.
After setting, Let's back to Edge Certificates setting.
change hsts settings. press the change hsts settings button
Check I understand check box. And press next button.
I would check enable hsts.
I will set 12 months.
And apply subdomain settings(like *.nesez.net)
And set preload to get preload setting in browsers(ex.chrome)
And set No-sniff Header.
And press Save button.
And scroll down.
We can see Minimum tls setting. I recommend tls 1.2. Because tls 1.0 and tls. 1.1 don't be supported anymore.
Like this, tls 1.2 and tls 1.3 is recommended.
And scroll down.
I recommend automatic https rewrites. It is likely to hsts and always https.
Let's move to Origin server.
You can make private key with rsa
you can make origin certificates.
Press Create certificate.
Press next. and look your Origin Certificate and Private key. and press ok button.
And go to Scrape Shield.
Let's check hotlink protection. It will save your traffic.
Thanks for watching and give me reply anything to question or rewrite.
0 Comments