Cloudflare is most useful dns tool site in the world. cloudflare supports ddos protection and cdn service for free!
Let's learn about cloudflare!
First, make an account.
how I setting cloudflare sign up to setting at first ?
1.press the sign up button
![](https://k.kakaocdn.net/dn/bt0EFK/btqFeO1hIXG/oIBQP4KKotwoWss3A7Lm20/img.png)
2.write your information in cloudflare
![](https://k.kakaocdn.net/dn/c1sQ5Y/btqFgyiSnVc/EDB8sbMlKaROI2OCkKiuw0/img.png)
3.write your domain(like nesez.net)
![](https://k.kakaocdn.net/dn/s1NHB/btqFe3qojUn/FrxzvU6kyqVTefIwKBdGsK/img.png)
4.select your plan
![](https://k.kakaocdn.net/dn/87cSH/btqFg3bDQ7V/I8Lz69dQr70ZZCYEnN2RY0/img.png)
5.press confirm plan button
![](https://k.kakaocdn.net/dn/M5533/btqFg4VVsGR/0BVK5q6OjB2u3wswNVwQq0/img.png)
6.setting dns record
![](https://k.kakaocdn.net/dn/bk0mVQ/btqFgHs8lHQ/zKPEd2crGUKLi1b4HMiNB1/img.png)
like this, you can get two name server.
you should change name server to cloudflare's nameserver
6-1check nameserver (if you already check-in cloudflare)
![](https://k.kakaocdn.net/dn/V3pMF/btqFg33M7Xn/5aWrq6AhIUDRMldBqKkBBk/img.png)
6-1.2 press continue button
![](https://k.kakaocdn.net/dn/b109gN/btqFgIevprs/hpYxwMASCE0IUhiQe2Ehc0/img.png)
select your tls/ssl encryption
off:no ssl
![](https://k.kakaocdn.net/dn/bV2eal/btqFfXpGlln/I4IBzznSqKfkYqQYRCjevK/img.png)
flexible:encrypt cloudflare-user not server-cloudflare
![](https://k.kakaocdn.net/dn/k8GkO/btqFecVQfNM/wlfZBNWsusOZLKPulgFoP1/img.png)
full:end to end encryption (you can use non-CA certification)
![](https://k.kakaocdn.net/dn/bDJh3o/btqFfuH2d09/9K3AyKQTwvV3Y2CAltRV91/img.png)
full(strict):you must use trusted CA certificate or cloudflare's certification
![](https://k.kakaocdn.net/dn/deDTSe/btqFfYhS7A0/lXUuZXZGmAtFO9YKKI97p0/img.png)
the recommendation about setting is full (strict)
after setting is done, press the save button
![](https://k.kakaocdn.net/dn/ceqrp4/btqFeDMy05i/uSeG1HgFVRHxIHIPou44TK/img.png)
the setting about always https. It is simmilar to hsts technology. I recommend turn on always use https
after setting is done, press the save button
![](https://k.kakaocdn.net/dn/WLwYi/btqFftWNG3A/uvHaqhHosZqvnukPggnLsk/img.png)
this is the convenience service in cloudflare. This function gives you using lower traffic and good performance for user experimence
![](https://k.kakaocdn.net/dn/pqYBv/btqFdKMaEWi/9FrsoknvH2SbMKBrQ1AKmK/img.png)
Let's check all of that.
![](https://k.kakaocdn.net/dn/drt52b/btqFg42Nzmg/FtGoTmw9u2MsvVXIIjg0Rk/img.png)
the setting of brotli. It gives you fast experimence
press the save button
![](https://k.kakaocdn.net/dn/cEjO6B/btqFfunP80F/zfNkSsibQjaVL1JbtBT2Ck/img.png)
cloudflare gives your setting result in simple summary.
press the finish button
![](https://k.kakaocdn.net/dn/bdF4uD/btqFecIreLv/pOK2JCkK944iFrHiDPEFx0/img.png)
you have to set the nameserver to cloudflare's name server.
If you finished the setting of cloudflare, press the RE-CHECK now button.
The nameservercheck process will be finished in few minutes.
Let's go to cloudflare again.
![](https://k.kakaocdn.net/dn/b9CSrh/btqFeDeG8fG/DNTIv2rim1sINRfCTOL7lk/img.png)
cloudflare gives you funny functions.
Let's press the Dns button
![](https://k.kakaocdn.net/dn/cdavCV/btqFdLxA7NB/PCY6JiIRxVjqUiu4oYrIaK/img.png)
this function is very simple but very strong.
Let's find out the reason
Press Add record button.
![](https://k.kakaocdn.net/dn/t2uFP/btqFfYIYwHD/gQS9J2RWqav3bk5cB09nkk/img.png)
we can make record with many types of record.
A/AAAA/CNAME/txt/ etc...
Let's make a record with A record.
![](https://k.kakaocdn.net/dn/daDtmC/btqFec9saeO/DLqQw3fKC9DS1WB1pkkXeK/img.png)
write @ to get root domain record.
![](https://k.kakaocdn.net/dn/bpOk9g/btqFg3QmBrY/79q4W7gd8SSKCnDdMrhka0/img.png)
Write the ip adress which you want to link with.
Few minutes later, you can see your domain and ip adress is connected.
Next, Let's setting the security settings.
![](https://k.kakaocdn.net/dn/cizo7H/btqFfticARc/wzw72j8xQzg4k79i5phY0k/img.png)
Press the ssl/tls button.
![](https://k.kakaocdn.net/dn/dsz3x4/btqFeOG5AZa/M2cgTHLrlTcYgiylv1UQlK/img.png)
Click Edge Certificates.
![](https://k.kakaocdn.net/dn/GcjUZ/btqFgJkirH7/skFIfDrXVkekR5am2nKiV0/img.png)
Click order advanced certificate.
![](https://k.kakaocdn.net/dn/3sHAy/btqFg4hrkOG/9uAdBNl7eiCgOkyFjI7tZ0/img.png)
0/per month:CA is cloudflare and use cloudflare's universal ssl.
10/per month: you can customize ssl CA and settings.
After setting, Let's back to Edge Certificates setting.
![](https://k.kakaocdn.net/dn/bzf0Oh/btqFecuTCd1/38Iaqs19ybVfMbXW6G4Dqk/img.png)
change hsts settings. press the change hsts settings button
![](https://k.kakaocdn.net/dn/bAlxWR/btqFeO8bPn5/KzXmsbzfz5mE16YzPLzLGk/img.png)
Check I understand check box. And press next button.
![](https://k.kakaocdn.net/dn/bf6JKx/btqFgHz1SMW/V5QXzp30ZkbvnCDZcn2GZ1/img.png)
I would check enable hsts.
![](https://k.kakaocdn.net/dn/cmNBNn/btqFgxYKKUN/2UNoW1ckXNTBfjdy9ZUAj0/img.png)
I will set 12 months.
![](https://k.kakaocdn.net/dn/b3NWTV/btqFe4pqqMM/fw6qKtxDzFSpRzZTsGXUb1/img.png)
And apply subdomain settings(like *.nesez.net)
![](https://k.kakaocdn.net/dn/CRxNl/btqFgIFH8p4/CiwYmC8zduaRmxXxKdnTXK/img.png)
And set preload to get preload setting in browsers(ex.chrome)
![](https://k.kakaocdn.net/dn/TgFjE/btqFgIyV7qQ/py59xGQpJgkgPpDaApkKVk/img.png)
And set No-sniff Header.
And press Save button.
And scroll down.
![](https://k.kakaocdn.net/dn/bSKGWw/btqFfug5h1E/gbvPgcyMWRTdVtt3fmMWw0/img.png)
We can see Minimum tls setting. I recommend tls 1.2. Because tls 1.0 and tls. 1.1 don't be supported anymore.
![](https://k.kakaocdn.net/dn/bLapzi/btqFdJ7zHN1/DDcqVMexGXh6QpwoOArWVk/img.png)
Like this, tls 1.2 and tls 1.3 is recommended.
And scroll down.
![](https://k.kakaocdn.net/dn/bMv56n/btqFgIlqsYb/R0q0kJvulbmlQT1QYGVl80/img.png)
I recommend automatic https rewrites. It is likely to hsts and always https.
Let's move to Origin server.
![](https://k.kakaocdn.net/dn/laHL4/btqFedAFmiY/ro3CPygIPkYMb3r4b4egg0/img.png)
You can make private key with rsa
![](https://k.kakaocdn.net/dn/bi8PCR/btqFgIsddhj/wpH4JYG9Bub7RCrpslIxd0/img.png)
you can make origin certificates.
Press Create certificate.
![](https://k.kakaocdn.net/dn/dEeoEm/btqFg4ht3fK/UncS4wps12us5dkHOjeL31/img.png)
Press next. and look your Origin Certificate and Private key. and press ok button.
![](https://k.kakaocdn.net/dn/cfTWm1/btqFe3KR1C1/Qo2MqW41hFPSg75tKGtBL1/img.png)
And go to Scrape Shield.
![](https://k.kakaocdn.net/dn/cHOHve/btqFft3zpWE/9XwZL0icVoo0tkQrz14qU1/img.png)
Let's check hotlink protection. It will save your traffic.
Thanks for watching and give me reply anything to question or rewrite.
0 Comments