Using Cloudflare, should the Name Server use Cloudflare settings, or stick with the host servers settings?


(Andy at Focallocal) #1

Hi, i have our site spread out across three servers, with Discourse on its own server. Right now the name server on the server hosting Discourse is set to use the default values (ns1.digitalocean.com, ns2, etc).

As the entire site is connected and piped through cloudflare, should i update the nameservers on the server Discourse is running on using the cloudflare values instead? or leave it as it is now?

Thank you.


Other domain names are pointed to my IP address?
(Geran Smith) #2

In order for Cloudflare to be used at all, the nameserver for your domain name needs to be through Cloudflare.


(James Hahn II) #3

My domain is registered at Namecheap. Namecheap points at Cloudflare nameservers. Cloudflare points at Digital Ocean droplet and Mailgun. Looks like this… be sure to turn off the orange cloud.


(Stephen) #4

You can safely use the Cloudflare proxy after installation completes. Let’s Encrypt doesn’t like it initially, but it uses a different method to renew than enrol.

There is a Cloudflare template which needs adding to the app.yml to get the correct source IPs.


(James Hahn II) #5

Great. I didn’t know. Where can I find the template … or is that added automatically once you turn it back on?


(Stephen) #6

It’s in /var/discourse/templates if memory serves.


(James Hahn II) #7

Indeed it was. Copy/pasted into app.yml, ran ./launcher rebuild app and got this error…

FAILED
--------------------
Pups::ExecError: /tmp/add-cloudflare-ips failed with return #<Process::Status: pid 5910 exit 2>
Location of failure: /pups/lib/pups/exec_command.rb:112:in `spawn'
exec failed with the params "/tmp/add-cloudflare-ips"
2b27a4ac57cf9e8f76602ca570ebffce817a001e36a0c898195199d32c63a1d6
** FAILED TO BOOTSTRAP ** please scroll up and look for earlier error messages

Guessing I needed to do more than copy/paste the template?


(Jeff Atwood) #8

I still would not recommend sending all traffic through cloudflare, unless you have a compelling reason to do so (as in you frequently get ddosed).


(James Hahn II) #9

Noted. Turned off again. Thank you.


(Andy at Focallocal) #10

That’s very interesting @codinghorror, I’ve never heard that before. why would you recommend turning them all off?

We have 6 subdomains across three servers, in a fairly complicated build, they all have the little cloud switched on. We’ve also had issues with not being able to auto-renew our Lets-Encrypt, is that likely to be the issue we’ve had?


(Matt Palmer) #11

Do a search for Cloudflare here on meta; there are periodic reports of one or the other of Cloudflare’s optimisations breaking Discourse (and probably other JavaScript-heavy applications).


(Stephen) #12

It’s easy to use a rule to disable any disruptive features.


(Matt Palmer) #13

Assuming you can identify which feature it is that is causing the problem this time, sure. It’s certainly a lot easier just to not use Cloudflare proxying.