How do you setup Cloudflare?


#1

Hi,

I was told a while back that I had to add a line to enable CloudFlare compatibility? Can someone please explain to me the exact steps to do so?

I would like to enable and use CloudFlare for my website.

All help is much appreciated!


#3

Hey,

I can’t access that account anymore which is why I am making a fresh topic.

I am unaware on how to edit the config to include those lines? All help is appreciated.


CDN: Fastly or Cloudflare for Discourse sites
(Régis Hanol) #4

Mind explaining why? Have you tried to reset the password?


Install Discourse on Amazon WS with Cloudflare
#5

I used Putty to add the line at the end of templates - but when I attempted to rebuild the app, it said that the CloudFlare YML file was missing.


(Jeff Atwood) #6

Yes, just:

  • add cloudflare.template.yml to the end of the templates section in app.yml.
  • do not enable Rocket Loader or any other features that will interfere with JavaScript

Here’s how to edit in a nutshell:

cd /var/discourse
nano containers/app.yml
#  Make sure to use spaces, not the tab key.
#  Ctrl-O to "write [O]ut"
#  Ctrl-X to "e[X]it"

./launcher rebuild app

credit to @riking


(Sam Saffron) #7

Wait a moment, this works and has worked for a very long time

You must follow the guide, in particular long polling base url MUST be set correctly to the origin otherwise the message bus will not work right. You must also mixin the cloudflare template so it does not look like everyone is coming from the same IP which is a disaster.

I think it’s fine to setup this way if you wish, but in general I prefer just to use cloudflare as a CDN endpoint and point the site at Discourse to avoid moving parts and a more complex setup for little gain.


Cloudflare Cloudbleed?
Issues when resuming a Discourse session on MS Edge mobile
#8

Solved most of problem. But still have problem with some new users has Digital Ocean’s VPS ip’s.

problem

Another example:

pb2

My Discourse on the Frankfurt, Digital Ocean.


(Kane York) #9

That’s the “Data Saver” proxy available on Android Chrome. It would be possible to add its IP range as a trusted X-Forwarded-For source. piwik/VisitExcluded.php at master · piwik/piwik · GitHub


(Brock) #10

We are using Cloudflare and I’m a bit confused on what should be our long polling base url.
Is it site.com or discourse.site.com? By default it already has / as the value.


(Kane York) #11

I’m fairly certain you have to include the scheme if you need it to point to a different domain.


(Brock) #12

I’m just trying to understand exactly what long polling base url is for Discourses purposes and if we need to declare it from the default “/” that is there. After reading @sam’s instructions, I’m still unclear what, if any, URL I should input for that config.


(David Taylor) #13

In sam’s instructions:

The message bus long polling URL should be set to the non-CDN domain name that you set up


(Brock) #14

Maybe I’m dense and the language is stumping me…

Our site is https://ftw.in
Our Discourse is https://discussions.ftw.in
Both are behind Cloudflare.

So our long polling url is https://discussions.ftw.in/?


(Kane York) #15

No, your long polling URL would be

https://discussions-origin.ftw.in/

or, seeing as you have had DDOS problems: https://discussions-proxy.ftw.in

Where discussions-proxy is a non-Cloudflare server proxying the origin, but only for message-bus requests.


(Brock) #16

Ok, this explanation definitely helps me understand more clearly, but this is also where I get lost. Is this documented where and how to create this server for message-bus requests?

Also - we want all servers to be behind Cloudflare for the protection and CDN it provides. We would not want to have it outside of Cloudflare.


(Kane York) #17

How: Just stand up a nginx with a single proxy_pass rule at OVH (“the premier bargain basement cloud provider”) or something.

You CANNOT put long polling behind CloudFlare. They terminate long-running requests as, incidentally, a anti-DoS measure.

Because DDoS protection is a priority for you, set up this server at a DIFFERENT provider so attacks on it do not actually take down the main site; you just get degraded live update functionality.


(Brock) #18

Got it. Thanks for the help!


(James Mc Mahon) #19

Not to be totally dense here. but I’m not sure if I am configured for cloudflare correctly or not. I setup our discourse install about a year ago, behind cloudllare and I don’t believe I setup anything for long polling… Notifications appear to be working OK.

Is there something else I should look for.?


(Sam Saffron) #20

In the past it has been flaky, somehow over the years cloudflare has figured out how to proxy long HTTP calls, I would not say it is an optimal config to pass the message bus through cloudflare, but it it is working for you and you are not noticing any issues, so be it.