• 76 views

Cloudflare Setup Guide for Beginners

ChatGPTWhatsAppPerplexityLinkedIn

Cloudflare is a leading cloud services platform that provides domain name service, content delivery, cybersecurity and many other features.

Using Cloudflare with your website provides many benefits including speed, security and reliability. The best thing is many of their features are completely free!

In this post, I will explain the benefits of using Cloudflare’s services to accelerate your website. I will also show you how to:

  1. Use Cloudflare’s nameservers for DNS and setup CDN
  2. Install a Cloudflare origin certificate on your web host
  3. Configure SSL/TLS settings for increased security

The setup is easy and takes about 30 minutes.

A futuristic server farm featuring two rows of Cloudflare servers. There are bolts of data going to and from the servers from below in all directions in 3D.
Cloudflare setup guide for beginners.

Our complete, illustrated step-by-step guide for Cloudflare setup takes out all the technical guesswork.

Let’s get started!

Table of Contents
  1. Cloudflare DNS Benefits
  2. Cloudflare CDN Overview
  3. Setup Guide
    1. Create and Setup Your Cloudflare Account
    2. Import Your DNS Records
    3. Update Your Nameservers
    4. Generate and Install Origin Certificate
    5. Increase Your Server SSL Security
    6. Testing Your Connection

Cloudflare DNS Benefits

Cloudflare’s domain name system (DNS) is one of the fastest and most reliable in the world. It is almost twice as Amazon’s Route 53 DNS and nearly three times faster than GoDaddy DNS!

By simply switching your website’s default DNS servers to Cloudflare’s, your domain will resolve faster and this will decrease your time-to-first-byte (TTFB). This will start the website loading process quicker.

Using Cloudflare’s DNS will cut down your website’s TTFB and load your website quicker for your users.

By default, domain registrars and hosting companies provide their own basic DNS servers to their customers but you can also choose to use your own custom DNS servers.

Although some hosting providers have a Cloudflare integration button in cPanel, it usually only has a few Cloudflare features. To take full a advantage of the entire Cloudflare platform, I highly recommend creating your own account with Cloudflare directly, which is what I will do with you in this guide.

Cloudflare CDN Overview

Cloudflare’s CDN is also among the fastest and largest in the world, nearing the top of the charts at CDNPerf. The main benefit of using Cloudflare over other CDN providers is the many other additional features that are included.

By proxying your traffic through Cloudflare, you will take load off of your own server and instead, static files will be served from Cloudflare’s vast global network of servers with over 330 PoPs.

This has three main benefits for your website:

  1. Faster file load times for your visitors due to a shorter geographical distance between your visitors and a Cloudflare PoP
  2. Decreased requests to your origin server
  3. Decreased bandwidth usage from your origin server

Many of Cloudflare’s other advanced features (both free and paid) such as Agro Smart Routing, APO and Zero Trust require proxying your traffic through them to reap the benefits, so I include setting up their CDN together with this guide.

Let’s get into it!

Setup Guide

Create and Setup Your Cloudflare Account

Let’s start by creating our own Cloudflare account directly through them.

Go to the Cloudflare website and then down below to the “Start for free” button.

Screenshot of Cloudflare homepage with "Start for free" button featuring an orange earth with bolts of data emitting from and going to different cities.
The Cloudflare homepage.

Enter your email, create a strong password, verify that’s you are a human and then sign up. You will receive a verification email from Cloudflare. Once you get it, open the link and you will be asked to sign in with your new credentials.

Screenshot of account signup page requesting an email, password, verification that you are human and optionally your consent to receive email updates.
Creating a Cloudflare account.

Next, you will asked for the domain that you would like to connect. Enter your domain name and continue.

Cloudflare will also ask you what your policy should be for AI bots that may scrape your content.

By default, the best option is to Block on all pages as shown below and enable the checkmark to Manage AI bot traffic with robots.txt.

Screenshot of Cloudflare requesting your existing domain information with an option to register a new one. Also, several options for how to block AI training bots and an option for whether AI bot traffic should be managed with robots.txt.
Connecting your domain to Cloudflare and selecting how to deal with AI bots.

Next, Cloudflare will present several options on how to import your DNS records. The easiest way is to select Quick scan for DNS records as Cloudflare will try to automatically import them for you.

Screenshot of three options for how you would like to add DNS records: quick scan, manually or upload a DNS zone file.
Quick scan for DNS records is the easiest way to switch your DNS over to Cloudflare.

You will be asked what type of account you would like to create. Select the Free option down below and then Continue.

Screenshot of selecting a Cloudflare plan with options for a free plan and several paid plans.
Selecting your Cloudflare plan. For our purposes, we will go with the Free plan.

Import Your DNS Records

Next, Cloudflare will show you the all your current auto-detected DNS records to import over. This works most of the time as shown below.

Review all your imported records and then Continue.

Screenshot of the scanned DNS records with an option to add more records, import DNS records and change proxy status and other details for each record.
Importing your DNS records over to Cloudflare.

Note the orange check mark next to each record for the Proxy status. When orange, this basically means that your traffic is being proxied (“going through”) Cloudflare’s network, which is what we want. Some of them might be grey which indicates that Cloudflare is only being used as a DNS provider (no proxy), which usually are left as is. Also note the yellow Pending Nameserver Update indicator.

If you recently made changes to your DNS records, Cloudflare might not auto-detect your records as the changes haven’t yet propagated. Just wait for some time and try again.

In some cases, Cloudflare won’t auto-detect your DNS records or may only partially detect them. In that case, you’ll be presented with a manual entry screen as shown below. Click on the Quick Scan button to see if Cloudflare can detect them automatically.

Screenshot of manual entry for DNS records through importing with an option to Quick Scan as recommended by Cloudflare.
Manually importing your DNS records in the event Cloudflare doesn’t quick scan your records.

Update Your Nameservers

With your DNS records successfully imported, Cloudflare will assign you two new nameservers. You will need to go to your domain registrar or your web host (wherever you registered your domain) and replace your current nameservers with these.

Screenshot of the two Cloudflare assigned nameservers for your domain.
Your Cloudflare assigned nameservers which will replace the default nameservers at your domain registrar.

Using Namecheap as an example, find your domain in the Domain List tab and select Custom DNS for your Nameservers. Copy and paste both Cloudflare nameservers and be sure to save. Then Continue below in Cloudflare.

Now, all you have t o do is wait for your DNS changes to propagate. This usually takes about 15 minutes, but can sometimes take longer. You’ll get an email update from Cloudflare once this is complete, so just sit back, relax and wait!

Screenshot of changing your existing nameservers to Cloudflare's nameservers using Namecheap as an example.
Changing your nameservers to Cloudflare’s nameservers at Namecheap, as an example.

With your nameservers are successfully updated, you’ll be presented with a success screen and the Pending indicator will change to Active. We’ll now install a Cloudflare Origin Certificate.

Screenshot showing existing nameservers successfully switched over to Cloudflare nameservers.
Cloudflare nameservers active and Cloudflare protecting your website.

Generate and Install Origin Certificate

Now that we’re using Cloudflare’s nameservers, we need to make an origin certificate at our website host. We do this to guarantee the connection between Cloudflare and our origin server is always encrypted and secured with a SSL certificate.

Most cPanel-based hosts come with AutoSSL which generates a free Let’s Encrypt certificate. However, the problem is that when our traffic is proxied through Cloudflare, AutoSSL won’t be able to regenerate the certificate after it expires in 90 days. This means you will have to turn off Cloudflare’s proxy status temporarily (grey arrows), let the certificate regenerate in cPanel via AutoSSL, and then re-enable the proxy status (orange arrows) every 90 days.

To get around this problem, we create a Cloudflare Origin Certificate which lasts up to 15 years and install it on our server. This only needs to be done once and we’re good for the next 15 years.

Cloudflare’s Origin Certificates are only valid to connect Cloudflare with your host. They can’t be used anywhere else.

Select Origin Server tab under SSL/TLS in the Cloudflare panel, then Create Certificate.

Screenshot showing Cloudflare origin certificate creation process.
Creating your Cloudflare origin certificate.

In a separate window, in your website host, you will need to install the certificate.

The instructions that follow will assume you are using cPanel based hosting. in cPanel, go to SSL/TLS settings.

Screenshot showing SSL/TLS setting for your website in cPanel as an example.
Accessing SSL settings in cPanel, as an example.

Cloudflare will present several options for your new certificate.

You can leave the Private Key Type to the default RSA (2048). The certificate will cover your main domain and all subdomains on the same shared document root.

If you have any subdomains with their own document root such as staging or dev, you will also need to add those subdomains in the Hostnames field individually.

For the validity, the 15 years default option is fine. You can then go ahead and Create the certificate.

Screenshot of Cloudflare showing options on how you would like to generate a Certificate Signing Request (CSR), a list of hostnames the origin certificate should protect and how long you would like the certificate to be valid.
Configuring your origin certificate. Note include all subdomains in the hostnames section.

Back in your web host, continue on to Manage SSL sites.

Screenshot in cPanel showing where to update your website SSL settings.
Updating SSL settings for your website in cPanel.

In this screen Cloudflare will generate your origin certificate and private keys. You will be copying the Origin Certificate and Private Key into cPanel.

Screenshot showing the origin certificate and private key generated by Cloudflare.
Your origin certificate and private key generated by Cloudflare. Make sure you’ve copied and pasted to cPanel before you click “OK”.

In cPanel, select your main domain from the drop down and paste the certificate and private key respectively from Cloudflare. For the Certificate Authority Bundle field, make sure it is blank.

Click on OK in Cloudflare first and then Install Certificate in cPanel in that order.

If you get a red box with an error in cPanel, just try again after a few minutes as Cloudflare wasn’t done generating the certificate.

Screenshot showing where to paste your Cloudflare generated origin certificate and private key in cPanel.
Installing your Cloudflare origin certificate in cPanel. You can leave the Certificate Authority Bundle section blank.

Once this is complete, Cloudflare will show that you successfully installed the origin certificate.

Screenshot showing the origin certificate successfully installed in Cloudflare with covered domains, expiry date and options to download or revoke the certificate.
Successfully installed Cloudflare origin certificate.

Back in cPanel, you will also get a screen showing that you successfully installed the origin certificate.

If you have other subdomains with their own document root, you will have to repeat the certificate generating and installation process above for each of them.

Screenshot in cPanel showing the Cloudflare origin certificate successfully installed.
Successfully installed Cloudflare origin certificate success screen in cPanel.

Increase Your Server SSL Security

With the Cloudflare Origin Certificate installed, we’re now ready to increase the security level for our server.

In the Cloudflare panel, click on the Overview tab below SSL/TLS. By default, Cloudflare will be set to Flexible encryption. Continue by going to Configure.

Screenshot in Cloudflare showing SSL/TLS overview section where the encryption mode for your domain can be changed to make it more secure.
Changing your SSL security level in Cloudflare.

At the bottom, select Custom SSL Settings.

Screenshot in Cloudflare showing options for the encryption mode: either automatically updated by Cloudflare or a custom configuration.
Selecting Custom SSL/TLS option.

In the set of options, select Full (Strict) mode and then Save.

Screenshot in Cloudflare showing five options for the encryption mode: strict, full (strict), full, flexible and off.
Selecting Full (Strict) mode for SSL.

That’s it, you’re done!

Note that Cloudflare will show Full (strict) in the encryption mode with locks between the browser, Cloudflare and your origin server.

The origin server also has a badge to indicate that it has a valid certificate installed and the whole connection is end-to-end secured.

Screenshot showing end-to-end encryption from the browser to Cloudflare to the origin certificate.
SSL settings successfully updated. Note the badge on the origin server in Full (strict) mode. It will be absent in Full mode.

Testing Your Connection

Once you’ve successfully installed the Cloudflare origin certificate, you might get connection error to your website in your browser as follows:

Screenshot of the browser which may show your website with the newly installed origin certificate as not secure.
Connection not secure error after installing Cloudflare origin certificate.

This simply requires you to clear your browser’s cache and the connection will now be secure.

Screenshot of the browser which now shows that your website connection is secure.
Secure connection verified.

Congratulations! You’ve successfully setup Cloudflare to work with your website. Enjoy your newfound speed and security 🙂

ChatGPTWhatsAppPerplexityLinkedIn
Related Tags
2 comments
Leave a Reply

Your email address will not be published. Required fields are marked *

Never Be Slow Again! 🚀

Join our awesome newsletter for early access to all our newest posts.

You May Also Like