Porter supports the use of Cloudflare DNS out-of-the-box in both proxy, and non-proxy mode.

Before continuing any further, ensure that you have followed our guide for deploying applications on your custom domain

When using non-Cloudflare services such as AWS WAFv2, AWS Cloudfront, or most other DDoS prevention services, it is recommended to use non-proxy mode with your Cloudflare DNS. This ensures that Cloudflare acts only as a Trusted Authority for DNS, and delegates all other security to other providers. Porter handles the creation and renewal of your TLS/HTTPS certificates, and therefore recommends using non-proxy mode.

Most Cloudflare services will require Cloudflare DNS Proxy mode. If you require one of these services, follow the steps below for ensuring that your applications are compatible.

Before continuing, you will need to copy the address of your Porter-managed loadbalancer. To find your loadbalancer address, visit the Porter dashboard Infrastructure > Additional Settings. This address may be a DNS address, on an IP address depending on your cloud provider. This is important later.

Creating a DNS record

If you have already created a wildcard DNS record (recommended), you may skip this section.

  • From the Cloudflare dashboard, select Websites, then your chosen domain name. Websites

  • In the sidebar, select DNS > Records DNS Records

  • Click Add Record Add DNS Record

If your loadbalancer address is a DNS name address, you will need to create a CNAME Record

Set Type to CNAME (CNAME Record)

Set Name to the DNS name that your application should be available at

Set Target to the Porter Loadbalancer DNS address from before

CNAME Record

Non-Proxy DNS

Ensure that Proxy Status is disabled. This will show as DNS only.

DNS Only

Done! You should now be able to visit your custom domain, with Porter managing your HTTPS!

Proxy DNS

Ensure that Proxy Status is enabled. This will show as Proxied.

Proxied DNS

If you visit your custom domain, you will now get a too many redirects error from Cloudflare. To fix this issue, we must create a Cloudflare Configuration Rule.

From the sidebar, select Rules > Configuration Rules Configuration Rules

Select Create rule

Give the rule a name. This can be any name you choose.

For this guide, we will assume that you want to enable proxied TLS on all subdomains for this website. As such, select All incoming requests

All Incoming Requests

Scroll down to SSL (Optional)

Click Add and choose Full from the drop down.

SSL Full

After a few moments, your custom domain will be ready behind Cloudflare Proxy

Configuring AWS ALBSOC2 & HIPAA