Using Discourse with Cloudflare
This guide explains how to configure and use Discourse with Cloudflare, including security best practices and troubleshooting tips.
Required user level: Administrator
Console access is required for self-hosted installations
Summary
Cloudflare can enhance your Discourse instance with improved performance through CDN, additional security layers like DDoS protection, and HTTPS support. This guide covers the setup process and best practices for optimal configuration.
Why use Cloudflare with Discourse
Using Cloudflare with your Discourse instance provides several key benefits:
- Performance: Cloudflareâs CDN can improve worldwide access to common assets, enhancing user experience globally (source)
- 
Security: Additional protection layers including:
- DDoS protection (source)
- HTTPS support (source) (alternative to Discourseâs Letâs Encrypt setup)
 
For self-hosted installations, while Cloudflare offers these benefits, it adds complexity to your setup.
Setting up Cloudflare
- Familiarize yourself with Cloudflare Fundamentals
- Follow the setup directions to configure Cloudflare for your domain and get the security, performance, and reliability benefits
Configuration best practices
DNS settings
- Ensure DNS records pointing to your Discourse instance are proxied
- Access DNS settings at dash.cloudflare.com/?to=/:account/:zone/dns
SSL/TLS configuration
- Set encryption mode to âFull (strict)â
- Access SSL/TLS settings at dash.cloudflare.com/?to=/:account/:zone/ssl-tls
Incorrect SSL/TLS configuration may cause redirect loops
Caching configuration
- Set caching level to âStandardâ
- Access caching settings at dash.cloudflare.com/?to=/:account/:zone/caching/configuration
Page rules
Create the following page rules at dash.cloudflare.com/?to=/:account/:zone/rules:
- Set Cache Level to âBypassâ for community.example.com/session/*
- Configure Rules Settings to normalize incoming URLs
Network settings
Configure the following at dash.cloudflare.com/?to=/:account/:zone/network:
Enable:
- IPv6 Compatibility
- IP Geolocation
- Network Error Logging
- Onion Routing
Disable:
- Pseudo IPv4
- Response Buffering
- True-Client-IP Header
- gRPC
Set Maximum Upload Size according to your site policy (100 MB recommended)
WAF (Web Application Firewall) settings
If your Cloudflare plan supports Managed Rules, create the following:
- Skip WAF on post creation/edits:
(http.request.uri.path eq "/posts(/[0-9]+)?" and http.request.method in {"POST" "PUT"})
- For Data Explorer plugin users, skip WAF on admin queries:
(http.request.uri.path contains "/admin/plugins/explorer/queries/" and http.request.method eq "PUT")
For both rules:
- Choose âSkip all remaining rulesâ
- Enable âLog matching requestsâ
Access WAF settings at dash.cloudflare.com/?to=/:account/:zone/firewall/managed-rules
Content optimization
Configure the following at dash.cloudflare.com/?to=/:account/:zone/speed/optimization:
- Enable Brotli
- Disable Rocket Loaderâ˘
- Disable Auto Minify
Discourse frequently receives site down reports due to Rocket Loader⢠being enabled
Additional configuration for self-hosted installations
To ensure correct IP address forwarding, add the following to the templates section in your containers/app.yml:
- "templates/cloudflare.template.yml"
Related: How do you setup Cloudflare?
Support resources
Troubleshooting
Content Security Policy (CSP) issues
If you encounter CSP errors:
- Verify that Rocket Loader is disabled
- Check that scripts are properly added to the content security policy script srcsite setting
OneBox functionality
If OneBox is being blocked:
- Check if Super Bot Fight Mode is enabled
- Adjust the âDefinitely automatedâ setting if itâs set to âManagedâ or âBlockâ
- Consider creating a custom WAF rule for the OneBox user agent
Last edited by @nat 2025-05-06T09:48:57Z
Check document
Perform check on document:






