Been using Cloudflare in proxy mode in front of my discourse forum since summer of 2025 without any issues; there just aren’t a huge number of discourse-specific things that you need to do these days to get it to work properly.
One of the most critical items is making sure to include the cloudflare template in your app.yml file. Without this, you’ll only see Cloudflare server IP addresses in your discourse dashboard, rather than the actual visitor IP addresses.
The “Bypass cache for /session/*” rule appears to still be necessary (do it as a cache rule in the new interface), and the “Skip WAF on post creation/edits” rule is definitely still necessary (I have this as a managed rule).
As I’m primarily using Discourse as a comment system for a Wordpress site, I’ve got Wordpress adding a 60-second TTL onto the /wp-json/wp-discourse/v1/discourse-comments?post_id=xxxxajax responses that the web server emits when visitors request a specific WP post’s comment thread; this helps with managing burst-y visitor patterns. I’ve added a CF cache rule that respects the TTL on URIs that include /wp-json/wp-discourse/.(I can’t set a short enough TTL on those URLs via Cloudflare without an Enterprise account, so I set the TTL at the application layer via a mu-plugin and then tell CF to respect that TTL via a CF cache rule.)
Other than that, and the basic settings mentioned in the opening post of the thread, there’s just not that much to do—Cloudflare works pretty darn well with Discourse.