Porter supports the use of Cloudflare DNS out-of-the-box in both proxy, and non-proxy mode.

Before continuing any further, ensure that you have followed our guide for deploying applications on your custom domain

When using non-Cloudflare services such as AWS WAFv2, AWS Cloudfront, or most other DDoS prevention services, it is recommended to use non-proxy mode with your Cloudflare DNS. This ensures that Cloudflare acts only as a Trusted Authority for DNS, and delegates all other security to other providers. Porter handles the creation and renewal of your TLS/HTTPS certificates, and therefore recommends using non-proxy mode.

Most Cloudflare services will require Cloudflare DNS Proxy mode. If you require one of these services, follow the steps below for ensuring that your applications are compatible.

Before continuing, you will need to copy the address of your Porter-managed loadbalancer. To find your loadbalancer address, visit the Porter dashboard Infrastructure > Additional Settings. This address may be a DNS address, on an IP address depending on your cloud provider. This is important later.

Creating a DNS record

If you have already created a wildcard DNS record (recommended), you may skip this section.

  • From the Cloudflare dashboard, select Websites, then your chosen domain name.

  • In the sidebar, select DNS > Records

  • Click Add Record

If your loadbalancer address is a DNS name address, you will need to create a CNAME Record

Set Type to CNAME (CNAME Record)

Set Name to the DNS name that your application should be available at

Set Target to the Porter Loadbalancer DNS address from before

Non-Proxy DNS

Ensure that Proxy Status is disabled. This will show as DNS only.

Done! You should now be able to visit your custom domain, with Porter managing your HTTPS!

Proxy DNS

Ensure that Proxy Status is enabled. This will show as Proxied.

Allowing Acme-Challenges

To ensure that Porter can still create certificates on your behalf, we must allow LetsEncrypt traffic to not be proxied by Cloudflare, as they must be made over http, or unverified https.

From the sidebar, select Rules > Configuration Rules

Select Create rule

Give the rule a name. This can be any name you choose.

Assuming the domain in question is example.com, add a new Page rule for *example.com/.well-known/acme-challenge/*, with the following settings:

  1. Disable Security
  2. SSL: Off
  3. Cache Level: Bypass
  4. Disable Performance

Done! You will now be able to avail of any Cloudflare services through Porter. If you are still seeing errors, remove the custom domain from your application in Porter, deploy, then add the domain back and your certificate should be validated after a few seconds.

Too Many Redirects

If you visit your custom domain, you may now get a too many redirects error from Cloudflare. To fix this issue, we must create a Cloudflare Configuration Rule.

From the sidebar, select Rules > Configuration Rules

Select Create rule

Give the rule a name. This can be any name you choose.

For this guide, we will assume that you want to enable proxied TLS on all subdomains for this website. As such, select All incoming requests

Scroll down to SSL (Optional)

Click Add and choose Full from the drop down.

After a few moments, your custom domain will be ready behind Cloudflare Proxy

Configuring AWS ALBSOC2 & HIPAA