This topic provides a comprehensive guide to using Discourse with Cloudflare. It includes a step-by-step guide, and best practices to ensure maximum compatibility.
Why use Discourse with Cloudflare
Using Discourse with Cloudflare can provide several benefits:
- Performance: Cloudflare’s CDN can speed up worldwide access to common assets on your Discourse forum, improving the user experience for your community members no matter where they are located (source).
- Security: Cloudflare provides additional layers of security for your Discourse forum, like DDoS protection (source) and HTTPS support (source) if not using Discourse’s Lets Encrypt setup.
For self-hosters, it’s important to note that while Cloudflare can provide these benefits, it also adds complexity to your Discourse setup. This document aims to help you navigate this complexity and make the most of using Discourse with Cloudflare.
Setting Up Discourse with Cloudflare
-
Cloudflare Fundamentals to begin setting up Discourse with Cloudflare. Once you have your Discourse instance running, make certain you’re familiar with Cloudflare Fundamentals. Cloudflare Fundamentals is a one-stop location for pointers to Cloudflare resources.
-
Set Up: To get the security, performance, and reliability benefits of Cloudflare, you need to set up Cloudflare on your domain. Directions.
Best Practices
The links provided assume that you are logged in and only have one account.
-
DNS Ensure the DNS records pointing to your Discourse instance are proxied. Go here to manage your DNS records.
-
SSL/TLS encryption mode should be set to Full (strict). Go here to manage your SSL/TLS settings.
If not set up properly, this may lead to redirect loops. -
Caching Level should be set to Standard. Go here to set caching level.
-
Create a Page Rule for
community.example.com/session/*to set Cache Level to Bypass. Go here to create a Page Rule. -
Rules Settings should be configured to Normalize incoming URLs. Go here to configure Rule settings.
-
Network Settings depending upon Cloudflare plan type, should be configured as follows. If they are not already enabled, enable
IPv6 Compatibility,WebSockets,IP Geolocation,Network Error Logging, andOnion Routing. If they are not already disabled, disablePseudo IPv4,Response Buffering,True-Client-IP Header, andgRPC. SetMaximum Upload Sizeper your site policy, 100 MB is sufficient. Go here to configure Network settings. -
WAF Settings depend upon Cloudflare plan type and security needs. If your Cloudflare account supports Managed Rules, configure a Managed Rule to
Skip WAF on post creation / edits. Do this by adding a Managed Rule matching on URI Path and Request method. The Rule should appear as follows:(http.request.uri.path matches "/posts(/[0-9]+)?" and http.request.method in {"POST" "PUT"}). Choose the option toSkip all remaining rulesand enableLog matching requests. If you are using the Data Explorer plugin, configure a Managed Rule toSkip WAF on admin queries. Do this by adding a Managed Rule matching on URI Path and Request method. The Rule should appear as follows:(http.request.uri.path contains "/admin/plugins/explorer/queries/" and http.request.method eq "PUT"). Choose the option toSkip all remaining rulesand enableLog matching requests. Go here to create Managed Rules. -
Content Optimization should have Brotli turned on, and Rocket Loader™ off. Go here to set Content Optimization.
Discourse gets plenty site down reports due to Rocket Loader™ being on.
Additional configuration for self-hosters
To ensure the correct IP address gets sent to Discourse, you will want to add the following line to the end of your containers/app.yml.
cloudflare.template.yml
(Related: How do you setup Cloudflare? - #6 by codinghorror)
Support
For direct support from Cloudflare, please visit the original post @ the Cloudflare Community.
Alternatively, you may search for specific issues on Meta: Search results for ‘cloudflare’ - Discourse Meta
Special Thanks
@tcloonan for authoring this topic 
