Porter supports the use of Cloudflare DNS out-of-the-box in both proxy, and non-proxy mode. Before continuing any further, ensure that you have followed our guide for deploying applications on your custom domain When using non-Cloudflare services such as AWS WAFv2, AWS Cloudfront, or most other DDoS prevention services, it is recommended to use non-proxy mode with your Cloudflare DNS. This ensures that Cloudflare acts only as a Trusted Authority for DNS, and delegates all other security to other providers. Porter handles the creation and renewal of your TLS/HTTPS certificates, and therefore recommends using non-proxy mode. Most Cloudflare services will require Cloudflare DNS Proxy mode. If you require one of these services, follow the steps below for ensuring that your applications are compatible. Before continuing, you will need to copy the address of your Porter-managed loadbalancer. To find your loadbalancer address, visit one of your apps in its Overview tab and access one of its Web services Networking tab. You should see the address for your loadbalancer. This address may be a DNS address, on an IP address depending on your cloud provider. This is important later.

Creating a DNS record

If you have already created a wildcard DNS record (recommended), you may skip this section.
  • From the Cloudflare dashboard, select Websites, then your chosen domain name. Websites
  • In the sidebar, select DNS > Records DNS Records
  • Click Add Record Add DNS Record
If your loadbalancer address is a DNS name address, you will need to create a CNAME RecordSet Type to CNAME (CNAME Record)Set Name to the DNS name that your application should be available atSet Target to the Porter Loadbalancer DNS address from beforeCNAME Record

Non-Proxy DNS

Ensure that Proxy Status is disabled. This will show as DNS only. DNS Only Done! You should now be able to visit your custom domain, with Porter managing your HTTPS!

Proxy DNS

Ensure that Proxy Status is enabled. This will show as Proxied. Proxied DNS

Allowing Acme-Challenges

To ensure that Porter can still create certificates on your behalf, we must allow LetsEncrypt traffic to not be proxied by Cloudflare, as they must be made over http, or unverified https. From the sidebar, select Rules > Page Rules Page Rules Select Create rule Give the rule a name. This can be any name you choose. Assuming the domain in question is example.com, add a new Page rule for *example.com/.well-known/acme-challenge/*, with the following settings:
  1. SSL: Off
  2. Cache Level: Bypass
Done! You will now be able to avail of any Cloudflare services through Porter. If you are still seeing errors, remove the custom domain from your application in Porter, deploy, then add the domain back and your certificate should be validated after a few seconds.

Too Many Redirects

This step is not necessary for most customers. Only proceed if you are seeing a too many redirects error. If you visit your custom domain, you may now get a too many redirects error from Cloudflare. To fix this issue, we must create a Cloudflare Configuration Rule. From the sidebar, select Rules > Overview Rules Overview Click Create rule, then select Configuration Rules Configuration Rules Give the rule a name. This can be any name you choose. For this guide, we will assume that you want to enable proxied TLS on all subdomains for this website. As such, select All incoming requests All Incoming Requests Scroll down to SSL (Optional) Click Add and choose Full from the drop down. SSL Full After a few moments, your custom domain will be ready behind Cloudflare Proxy