Cloudflare configuration

One of the main features that a modern DNS provider needs to have in order to work well with is colloquially known as “CNAME Flattening”. This solves the problem of being able to point your “root domain” ( to a domain name (CNAME) rather than an IP address (A record). This post explains it well.

In order to correctly point DNS to your project, you need at the very least the production environment CNAME, in other words the domain of your site before you add a custom domain on the management console for that project (or otherwise in the CLI). This is the value you would get from Step 4 of the pre-launch checklist.

Assuming that you are using both a www. subdomain as well as the bare domain, you’ll want to point both of those DNS entries to the same place. Whether you choose the bare domain version or the www subdomain doesn’t make any practical difference, as they both will reach and be handled correctly.

Enable “Full SSL” option in the Cloudflare admin 

Cloudflare also makes it possible to use their free TLS/SSL service to secure your site via HTTPS, while also being behind their CDN if you so choose. If you decide to use Cloudflare’s CDN functionality in addition to their DNS service, you should be sure to choose the “Full SSL” option in the Cloudflare admin.

This means that traffic to your site is encrypted from the client (browser) to Cloudflare’s servers using their certificate, and also between Cloudflare’s servers and your project hosting here at, mostly like using your project’s Let’s Encrypt certificate.

# Cloudflare's Full SSL option
		   https                       https
User <---------------> Cloudflare <------------->

The other option known as “Flexible SSL” will cause issues if you intend to redirect all traffic to HTTPS. The “Flexible SSL” option will use Cloudflare’s TLS/SSL certificate to encrypt traffic between your users and the CDN, but will pass requests from the CDN back to your project at via HTTP. This facilitates sites that don’t have a TLS/SSL certificate beginning to offer their users a more secure experience, by at the least eliminating the unencrypted attack vector on the “last mile” to the user’s browser.

# Cloudflare's Flexible SSL option
		   https                       http
User <---------------> Cloudflare <------------->

This will cause all traffic from Cloudflare to your project to be redirected to HTTPS, which will set off an endless loop as HTTPS traffic will be presented as HTTP to your project no matter what.

In short: Always use “Full SSL” unless you have a very clear reason to do otherwise