Cloudflare: A Complete Guide, Features & Walkthrough (2021)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Great walk through/explanation of all of the cloudflare tabs/settings. Easy to understand and follow along!

👍︎︎ 2 👤︎︎ u/TheRealDickensCider 📅︎︎ Sep 25 2021 🗫︎ replies

Captions

hi guys and welcome back to another hebrew corp video as usual absolute pleasure to have you with us today thank you for joining in today's video we're going to be going through every cloudflare setting and explaining what it does and how it works we're going to show you optimal setting builds and different use cases for your setup that might be relevant and different ideas you might have as to how you want to implement your infrastructure while using cloudflare so if you're experienced with cloudflare and you want to learn a little bit more or you're a beginner and want to get started always had an idea of using cloudflare or you have absolutely no idea what it is this is a video for you so without further ado let's get stuck into it so guys welcome back to another video this week absolute pleasure to have you thank you very much for joining us um thank you as well to those who have liked and subscribed to our videos really appreciate it i appreciate every single one of our subscribers or over 5000 now which is fantastic and i hope we keep that momentum going by bringing more and more content out to yourself and to others like you who might be interested so if you really do enjoy our videos please don't forget to do all the usual stuff we really appreciate it also thank you to those who support us financially on our website by signing up with a membership on ibracorp.io so guys today's video is going to cover the settings in cloudflare and we're going to show you a couple of things that we've learned along the way things that you learned from experience using cloudflare for such a long time and of course things that we learned from other community members who use it as well what we won't be showing you is how to set up cloudflare or connect it to your website that's because we've already done that in our previous cloudflare video which you can find on our channel i'll also put the link down in the description below for you as well so this is more if you've already set it up you've got it working and you just want to start going through all the settings and trying to understand what they are a little bit more in-depth if you will something we didn't cover in too much detail when we first created the video so with that assumption out of the way let's get started so here we are on one of our domains that we've purchased and as you can see we've already set everything up we haven't really we don't get much traffic on this website so i wouldn't pay attention to the analytics too much but this is the main page that you land on once you pick your domain after you've connected it with cloudflare i've also got dark mode on for you guys so you might notice some things might look a bit off like these graphs that's because of the dark mode we're using dark reader extension otherwise it's usually a very white page so straight off the bat here's a couple of things you're going to notice real quick one is unique visitors total requests the percent cached the data served and the data cached as well most of them will translate very close to each other but this basically gives you analytics directly from your dns so you don't even have to set up google analytics if you don't want to you can still get some decent analytics here directly from cloudflare then on the right-hand side we've got some options so if you wanted to purge your case really quick you could do that your dns settings which we'll go to anyway so under attack mode basically if you know that your site or your server is being hammered by connections and it's possible that it's a ddos attack you can actually flick this switch and we'll put it into under attack mode so anyone trying to reach the site will be put through a capture system from cloudflare and that slows down the amount of requests hitting the origin server which is at your house or wherever it is that your server is running after which we can then remove the under attack mode and we can say our security level is back to normal we can put it back to whatever it is we want development mode so if you flick this toggle as it says here it will turn off caching for your site so if you're testing something out on the site sometimes the cache can get in your way and not show you the changes that you've made so typically it's a good idea to enter development mode do the testing do the changes check that all works once you're happy with it flick development mode off and return it back to normal underneath the domain registration if you didn't know you can actually transfer domains to cloudflare so if you were to click that it will say that it's not on cloudflare and it'll give you the option if available to bring it over to cloudflare instead of your domain provider now they don't cover every top level domain so some don't work but you'll be able to figure that out as you go and i've found that they're actually a lot cheaper you've then got your active subscriptions so as i said i'm all i've always been on the free plan but they have offers for paid plans as well and you get some really cool features but they give you enough that you don't need to it's not a pay to win sort of scenario the free plan covers almost everybody i think and then if you want specific features that you know maybe you're a bit more advanced then you want to make use of them then you could pay for them then you have some very important information which is your api what you're looking at here is the zone id so this is this is a id that identifies this particular domain then we have our account id which identifies obviously your account the last thing on the page is advanced action so if you wanted to pause cloudflare on the site or remove it all together so then we can move on to the analytics tab as you'd expect the analytics tab provides you vital information for your domain and its dns capabilities so it'll show you typical web traffic locations where it's coming from as well as some stats down here like how many ssr requests attacks blocked and things like that you've also got information on bandwidth usage and unique visitors you've also got the option to flick between the period of time that you want to cover as well same goes for security it'll give you all sorts of information related to security how many ssl certificates are being issued how many connections are being made without ssl also very important you've got your bandwidth and performance so this will measure how quickly the site is loading and how much cloudflare is saving you responses by dns now if you get a lot of hits obviously this is going to change and then you have your workers if you use those that's further advanced and typically is a paid option anyway so we're not going to cover too much about workers today the next tab and arguably one of the most important is dns the dns tab is basically the directory and it tells cloudflare where to point domains and subdomains to locations in the world typically your home server now if you've followed our channel for a while right from the start you will know that when we first started and we set up cloudflare it's with the traditional idea of a a record followed by cnames what does that mean well your server or your public ip address where your server lives is typically the a record so we say this domain is found at this address then when we want to create sub-domains we create this sub-domain so in this case it would be plex.unraid.io and we're pointing it at our domain so we're saying the target is this so effectively you're having a chain this here is pointing to here and this here is pointing to here however like i said you can have different servers for different sub domains so we could say plex the unread io actually points to this a different ip address and we can put that in change it to an a record but if you followed our channel or we followed our getting started with unraid playlists or our unrate and order playlist you'll know that we've actually then since developed and implemented the cloudflare tunnel the cloudflare tunnel means that instead of having an a record that points to an ip address we have a cname for that that points to a tunnel address then everything else still points to this main domain just like it is here so what does that mean well our ip address is never revealed no one knows what it is not even cloudflare can see what it is on this end only the tunnel knows and is communicating via the tunnel so if you haven't done that i highly recommend that you implement the cloudflare tunnel it's a really good product for security and safety as well as the fact that it's really easy to set up so we've covered that in one of our videos you guys can check that out now apart from your typical a and c name records you've also got mx records and mx records are for mail servers so as you can see we've got zoho accounts and during the setup process they ask you to add some mx records and some txts and txts can be anything but a lot of the time it's if a service that you're trying to sign up for wants you to verify that you are the owner of the website so they might say take this txt and paste it in your dns provider which is us here then there's our cloudflare name servers so these two name servers are what you'll put in your domain provider if you're not with cloudflare so if you for example bought a domain on godaddy but you want to use cloudflare then you change the name servers on godaddy to the ones provided to you by cloudflare now don't copy these ones because they change depending on your setup process in cloudflare so i recommend that you just follow that as you're setting up cloudflare yourself dns sec a very very important feature and one that i highly recommend and is one that we showed you how to set up in the original cloudflare video so dns sec will prevent people spoofing dns between your dns provider and your domain provider and essentially locks the two down they can only talk to each other by providing a cipher on each side it's a very important feature i highly recommend you switch that on say name flattening that is not something you'll need to change yourself but as you can see it will follow a cname to where it points and return ip address instead of the cname if you're using the cloudflare tunnel setup then it will automatically flatten the cname for you and it'll tell you that so that's your dns tab very important tab obviously you just set it up the way you like there's not much to it but one of the things that i recommend is if you drop down when you're setting up a sub domain if you're setting up a particular application that needs to read your origin ip address let's say let's encrypt for example it's very important that you create a subdomain or the domain and you turn off the proxy so this for example and we click save so if somebody was to look up this address jellyfind.unread.io they would be able to see my source ip address our origin ip address okay because it's bypassing cloudflare completely however if i flick it back on and it says proxied that means it's going through cloudflare and then cloudflare is talking to us so in essence they're not actually getting your origin ip address so if you're trying to set up something like let's encrypt it needs to know your origin ip address so if you had this flicked on it's going to have a lot of trouble reaching you and probably won't validate we'll discuss certificates in a moment anyway because there's a better option in my opinion than using let's encrypt anyway so that's dns records guys that's done you also have the option to import records if you have them from somewhere else that you've exported to make it a bit easier for yourself so you can just go ahead and select the file and import it here the other thing you can do is actually export the ones that you have here so if you have maybe three four domains and they have similar sub domains that you want to set up why not just export it out of one you can basically go to here click export it will create a file as you can see it's got all of our records in there so then we can go ahead in a different domain in cloudflare and import it again really useful feature one i highly suggest now the next tab ssl arguably again one of the most important here in cloudflare so ssl tls encryption is what protects you and protects your website and its customers from outside snooping now you probably would have noticed if you hit a website and you get a warning from your browser saying you know the site's not considered safe we don't recommend you go ahead or in some cases they just block you completely from accessing it's typically to do with the ssl certificate either it's not valid or it's just not the right one for the site and what cloudflare offers here is two types of certificates you have an edge certificate and then you have a origin certificate because what happens is even if you have a completely unsecured page that page is actually connecting cloudflare it never really connects out while you're using cloudflare that is so while it's proxied people trying to access your site actually go to the edge so there's a certificate there and then there's one on your actual server so let's go through it so right now there's four settings here off is completely off so obviously you won't have any protection from the edge as you can see the origin server here's the link here's cloudflare here's another link and here's the end user flexible means it will provide you with a certificate on the edge but it doesn't care about a certificate in between cloudflare and your server full says that it will protect the whole way across but it will allow you to have a self-signed certificate which in the world of infosec a self-signed certificate doesn't necessarily mean it's always safe but it's safer than having nothing so at least you know on each side they're talking to each other with the right authentication then the final one you have is full strict that basically means cloudflare will encrypt end to end but it must have a trusted fair origin certificate or a ca certificate as it says here more on that soon then down here we've got a ssl recommender that just gives you a couple of tips if you're not sure if you're completely new it's probably going to be helpful for you you can turn that on but that's the whole point of this video anyway down here you get one of these analytic bars as well and as you can see people are trying to hit the page unauthenticated or without a certificate whereas we have 1.3 or as we have one hit here or tls 1.3 we go to edge certificates now so as i said now we're talking about the edge so this is the edge okay this is the origin so under the edge certificate this is automatically managed by cloudflare for you you don't have to do anything here however you can upload a custom one if you want to pay for it it doesn't come with the free plan unfortunately something you have to pay for but typically as it says it's for a business really that's really important to have a name and branding in there otherwise it'll be perfectly fine so you don't really have to do anything here you can just leave that completely as it is it's created by itself from cloudflare as soon as you start it up so we don't have we don't even have to configure it now in case you guys didn't know as well if you just expand this every everything that has a little help option will have a drop down that you can open up and have read off so always use https now this one can trip up a lot of people and the reason is if they have a page and the reverse proxy is not working correctly and they're trying to reverse proxy it out and this option is on it will not allow them to reach the http page okay because this rule pretty much says if it's not https it's not going to happen and you want that really you want it to be secure you don't want to be having a website up without https but just want to keep in mind if you're troubleshooting a problem make sure you come back here and check it now hsts another important one here is the http strict transport security policy as you can see we've got it turned on and i recommend you guys turn it on as well if you watched our nginx proxy manager video we discussed the feature on there which will make sure that htsts is enabled on a proxy and that applies if this is turned on if it's not turned on then you wouldn't use it there but this basically here if we click on it it will protect all your sub domains and basically say that those sub domains can only communicate with this particular configuration anything outside of that will be considered false you've got the minimum tls version these days typically you want to set that to 1.2 opportunistic encryption so it will allow browsers to benefit from the improved performance of http 2 by letting them know that your site is available over an encrypted connection do you want to enable tls 1.3 i recommend you do automatic https rewrites so this is similar to the setting that we've got up here but here we're saying that any content on the actual page which may not be part of your website per se but it's listed on your website it will try to rewrite that content to https so again if you have issues with things displaying incorrectly then maybe they're coming from a source that isn't secured then you might have issues because of this feature but i recommend that you leave it on now we don't need to care about transparency monitoring too much unless you want a reminder then you have disable universal ssl so that's the ssl certificate that we're using here and you can disable that for whatever reason if you wanted to i don't recommend you do but you can next part is you've got client certificates these are to secure and authenticate any sort of api or web applications you can block traffic from devices and if they don't have that right certificate then it's just not going to come through now i haven't personally used this myself but i'm sure if you had a reason for it you would already know what it's for and you're probably using it already now the origin server this is one of my most talked about parts of cloudflare that a lot of people can miss a lot of people who use something like swag or came from let's encrypt which i was one of those people who used to use let's encrypt we'll know that unless crypt needs to renew every 90 days i believe now if it all worked perfectly fine each time that wouldn't really be an issue however i found that a lot of the time it would fail and there would be problems especially while using cloudflare because it couldn't connect to our root ip address so what the origin certificate allows us to do is to have that on our server which allows us to have full strict mode turned on under ssl overview and it provides us a valid certificate for up to 15 years as you can see here now we covered how to install that certificate and whatnot in our nginx proxy manager video and our cloudflare video so i recommend you check those out if you're interested why renew every 90 days leave it 15 years don't worry about it make your life easier and custom hostname could be possible but it is a enterprise feature now in firewall you don't really have to do anything but if you wanted to you can create all sorts of rules in here to help protect your site you can create rules for example that stop known bots or you might have a rule that says ip address source you can even go by continent or country so if you wanted to block any access or allow only access from certain sites then you can do that here so if you know that your business only operates in melbourne australia you don't need it going out to the rest of the world you can just protect it down to that one area under bots you've got bot fight mode so it'll challenge requests that match patterns of known bots before they access your site i don't have it on personally but it might be worth turning on if you know you're under attack otherwise i'd probably just leave it off that's really up to you now this is a new feature from cloudflare which is ddos protection and ddos protection rules so under here you can actually configure the rules that they've provided for you that automatically block any requests according to the rules that they've got so if we click browse rules here's a bunch that they've got in here already if you don't know what you're doing just leave it as is you don't have to configure it but if you want to expand it a little bit more they've now given customers the option to do that which is fantastic then finally you have the tools tab under firewall a couple of these features are paid features so we won't be able to do too much with them as it is for most people it's not anything we need to worry about anyway if we head over to the access tab this is where you can set up cloudflare access now this is pretty useful especially if you don't want to bother setting something up locally on your server for authentication for example orthelia which we showed you how to set up a long time ago if you don't want to use authilia you can use something like cloudflare access so it'll allow you to authenticate people up on the dns level even before they get to your site which is pretty cool and it's completely free as well you set up different methods whether it's by a third party or whether it's a one-time pin that's provided to you you can set it up and customize it as you wish there's a whole bunch of settings here related to it that will take you some time to set up i have tried it and i thought it was okay but i still prefer other personally but that's just my personal take on it have the access itself is still working perfectly fine now the next tab is the speed tab as you can see it's not going to really give us anything because we don't have a live website running on this domain so overview is not going to give us much so here's our ibracorp website for example and it says that 60 faster with cloudflare so it gives you just a little image timeline here of how long it took to load without cloudflare how long it did with cloudflare so if you head over to the opt optimization section here and you start scrolling down pay attention if you're using something like wordpress i've recently had some experience setting that up and there's a few settings that you really should take a look at first is the auto minifier so i highly recommend you flick all of these on as we're doing these changes you got to make sure that you're checking the website making sure it hasn't affected your code or your theme or whatever it might be and then continue on because if you enable nearly everything on the page and then you go and test it and it breaks it's gonna be a lot harder to go back and find out what it was so turn that on then you've got the broccoli compression it'll speed up the load times for visitors by applying the broccoli compression to it again i highly recommend you turn it on it seems to work perfectly fine for most scenarios now clairefully does have a wordpress plugin that you can purchase and then have it loaded here so then they can help you optimize wordpress as much as possible it's not essential but if you got the money to do it then go for it with a click purchase here it costs you a monthly subscription so five dollars a month pro features don't need to worry about rocket loader is one i recommend you leave off this one can cause a lot of problems especially if you're using wordpress i highly suggest you turn that off then finally down here is our amp real url now if you're using google amp pages for your website this one can just make things a little bit nicer in their branding instead of having the old amp url path it'll give you your original url so that customers can see it for better branding you can also redirect if you have a mobile page as opposed to a non-mobile one so that it can automatically redirect for you and a lot of people don't know about this one but if you go up to the top and you go to account analytics you can actually set up analytics for each site and have them measured for you through cloudflare pretty cool and if you go to the web analytics section down here this is where you can actually add a site so click on add a site for example and you can add a site and it'll automatically start monitoring stuff for you it takes a little bit of time to build its database up but once it does it's actually a very useful analytics tool so i highly recommend you guys check that part out i'm not a lot of people know about it because it's hidden up in the top here so under caching it is one of the most important features of cloudflare that's how it speeds up delivery of your website by caching content on their servers so instead of having to deliver it from your home it delivers it from the edge so argo tiered caching is off by default you can turn that on and what that will do will as it says here dynamically find the single best upper tier for an origin which reduces the amount of requests to the origin server i haven't tested this one fully it's something that i'll probably have to give a little bit more testing before i give my recommendation entirely but it's worth giving a try and seeing how you go very easy option to disable then you've got the actual configuration part so in here we can custom purge a page or just purge everything all together pretty handy like i said if you're testing a website and it's changes then the level of caching that you want the browser cache time to live so you can set that to really anything you prefer basically tells the browser how long to keep the files for depending what kind of website you've got if it's something that's generating a lot of content all the time it might be worth you know not leaving it too long um but if it's something that can sit there for a while then maybe you know a week a day a week whatever suits you don't need to worry about the scanning tool always online most of the time i found it to be more of an issue more of a problem than a solution and the reason is if you have something for example that's monitoring your website uptime it doesn't always tell when it's an always online page so it may think your website's actually up when it's not whereas if you turn it off it will get the actual error for example a 502 and tell you that your website's down here's that development mode tab again we're not going to worry about that workers like i said pretty advanced stuff we're not going to worry about that today but possibly in a future video if people are interested it is mostly a paid feature so it doesn't really sing out to a lot of us home users who are just trying to make it through with as least cost as possible so really in my opinion the last most important tab is the rules page and this one can be really handy so this one can redirect traffic or you know set up bypasses now a lot of people have asked how do we get plex through cloudflare the rule is you cannot use plex through cloudflare while it's proxied now as far as we can determine from the rules and regulations of cloudflare unless it's http content it cannot be going through the proxy so if you're casting videos and things this could be a problem so way around that is creating a page rule then the settings are i want you to cache level bypass okay because if it's not being cached then cloudflare doesn't have really a big problem with it because it's not chewing up server bandwidth and resources um it's not being cached at all it's coming directly from your server now i'm just going to give you a warning that that doesn't necessarily mean you won't get banned you do this at your own risk i don't do it personally but i know people that do so if that's something you want to try you can do that then there's other options like always online we'll leave that off and probably the other one if you are using this for plex you can keep the ssl strict something like that for example and you can pick the order that you want the rule to deploy go ahead and click save and deploy the other thing is you can have domains let's say domains that you've purchased and you want them to just forward on to somewhere else you don't even want to bother setting up anything else here you can do that so in the rule section you can just say set up a forwarding rule 301 or 302 send anything from here to here simple as that then you've got some more advanced rules again ones we're probably not going to cover today but you can if you like now skimming over the last few tabs we've got network so these are some settings that i recommend you check as well so http 3 we probably want to turn that on it does help speed up your website delivery connection resumption can stay off web sockets is a very important one so if you are using anything to do with web sockets it's recommended you leave this on um if you're having problems for example with sonar radar things like that not working correctly you know that nginx proxy manager has websockets enabled then the next place to check is here on cloudflare they also have a setting for websockets so you want to make sure that's on onion routing is fine you can if you like sudo ipv4 i wouldn't recommend at the moment you can leave that off you've got ipg location just to give you more information on the people that are reaching your site and it might help you make up your mind in terms of a security point of view if you need to block a particular country the rest of its enterprise so we don't need to worry about that now under traffic if you're using the argo tunnel this just gives you a help section for that um again we've covered it in our argo video our carefully tunnel video so check that out it's really really interesting but argo itself is a paid feature so just be careful with that be mindful it will speed up your site but it will cost you money then you've got health checks and you also have waiting rooms which are part of the business plan so then they've got a streaming option now this streaming option is for example if you wanted to stream something via the cloudflare cache but as you can see it's not very cheap and that's because space costs a lot of money so five dollars per 1000 minutes if you want to prepay or a dollar per thousand minutes if you want to post pay it as you can see most things in these custom pages are for pro and above so we're not really worried about that and here is the apps section of cloudflare whether you knew this or not clairefolio actually does have an app store and there's a lot of things that you can install here for example on the top level so that you don't have to host it from the website itself pretty interesting stuff i haven't spent too much time on it myself and something i actually wouldn't mind checking out a little bit more um but you can also develop them here and put them up for them if you like let's say here for example real-time bot protection let's see what that offers and as you can see it gives you quite a few features it says that you can try it free for 30 days and you'll be able to analyze your traffic and then after that there's pricing plans so i'm not sure whether some are free and some are paid but the option is there for you to check it out and the final tab is the scrape shield so this one is really helpful it can prevent a lot of information being taken off your website for example email addresses can be obfuscated and that means that bots can't read them server side excludes and hot link protection so if you've got you know images that are copyright things like that you don't want them hot linked into other sites then you can have that enabled here to secure so guys that's pretty much every feature in cloudflare and as you can see here with one with a little bit more stats on the unusedninja.org page for example that's what the graph can potentially look like for you that should cover most of the things if there's anything that i missed please let me know please let me know down in the comments below if there's anything you'd like to see for a future video leave it there as well feel free to join us on our discord and it's been an absolute pleasure we hope to see you in the next ever corp video you

Info

Channel: IBRACORP

Views: 5,520

Rating: undefined out of 5

Keywords: ibracorp, ibraco, ibra corp, cloudflare, ibracorp unraid, cloudflare tutorial, setup cloudflare, cloudflare ssl, cloudflare dns, cloudflare cdn, how to setup cloudflare, cloudflare on unraid, cloudflare setup unraid, nginx proxy manager, cloudflare dynamic dns, cloudflare dns setup, configure cloudflare, pfsense router, increase website speed, cloudflare setup, install cloudflare, cloudflare dns records, cloudflare origin certificate, domain cloudflare, cloudflare wordpress

Id: BlhbsHrmcDc

Channel Id: undefined

Length: 30min 43sec (1843 seconds)

Published: Fri Sep 24 2021