How to Use Cloudflare with Hypernode
To get started with Cloudflare on your Hypernode create an account at Cloudflare and change the nameservers of your domain to the Cloudflare nameservers.
Hypernodes are fully configured and support Cloudflare out of the box.
Why Use Cloudflare
Cloudflare uses multiple datacenters across the world to ensure their point of presence is always close to your visitors. This way page load times and bandwidth usage can be reduced significantly up to twice as fast regardless of their location thanks to caching and smart network routing based on your location.
You always connect to the server closest to your location, reducing network latency as much as possible.
Cloudflare blocks threats, limits abusive bots and crawlers from wasting your bandwidth and server resources and offers an extensive caching suite comparable with Varnish, but without all the complexity in configuration. Using Cloudflare can reduce the amount of requests done on your Hypernode considerably. This is especially useful for high-traffic websites.
Please note: Cloudflare is not 100% waterproof. Unfortunately, using Cloudflare might still leave you vulnerable to a certain extend. An example of such vulnerabilities can be found here.
Configuring Cloudflare
To setup Cloudflare for your shop, use the following steps:
Create an account at Cloudflare
Login to your Cloudflare admin panel
Turn on caching and other performance optimization.
Copy all DNS Records from your current domain provider to the Cloudflare DNS admin
Change the nameservers of your domain(s)
Turn off all performance and caching functionality for your Magento admin panel: Caching (Use cache level: Bypass) Performance Rocket Loader JS optimization Mirage mobile image optimization
Test, test some more and after that, test it all again.
Using SSL With Cloudflare
Cloudflare offers SSL offloading. You can upload your SSL certificates to Cloudflare to make use of SSL. If you choose to do this, always manually order your SSL certificates so you can use the same certificate on both the Cloudflare servers and the Hypernode.
If you use manual SSL certificates, make sure you monitor when your certificate is about to expire.
You can also use a Cloudflare Origin CA certificate to encrypt traffic between Cloudflare and your Hypernode using a certificate signed by Cloudflare. This way you can use Cloudflare SSL/TLS mode Full (Strict) without having to worry about your certificate expiring.
Redirection From HTTP to HTTPS
Redirecting from HTTP to HTTPS can cause a Too many redirects error. This error comes from a cached redirect that is served on both HTTP and HTTPS connection, causing the site to redirect from HTTP to HTTPS.
To redirect all requests to HTTPS when using Cloudflare SSL, you should instead use the Always Use HTTPS setting.
Blocking IP’s When Using Cloudflare
We created some configuration for Nginx that shows the remote IP of the visitor in the access.log instead of the remote IP of the Cloudflare servers.
This way you can block remote visitors without blocking all traffic coming from the same Cloudflare server. This does not work when using Railgun.
For example have a look at our documentation about blocking or whitelisting IP’s in Nginx.
Another option is to configure a blocklist in the Cloudflare Admin.
520 Errors From Cloudflare
It can happen that Cloudflare returns a 520 error stating “Web server is returning an unknown error”.
This can be caused by your request headers being too big. You can fix this issue by adding the following config.
# $ cat /data/web/nginx/http.buffers
large_client_header_buffers 4 16k;
http2_max_field_size 16k;