Using CloudFlare with Qoddi apps

0
5
1

For easy, secure, and reliable DNS management, we recommend CloudFlare.

The CloudFlare Free plan has all the tools required to manage your DNS and connect your domain with Qoddi, while the Pro plan can add more monitoring features to your infrastructure.

Once your domain name uses CloudFlare DNS, you can create a CNAME record pointing to the appropriate Qoddi’s cluster.

You can use * as a CNAME (that will redirect your root domain and ALL subdomains) or @ to redirect your root domain only :

For a specific subdomain, make sure to not use * for this domain. For example, to set up test.flashdrive.io hosted in the US (US01) datacenter :

Note : Using “proxied” method will use CloudFlare SSL certificates and CloudFlare CDN.


We recommend using “DNS Only” and uses Qoddi’s managed SSL certificate and global Edge network to use Qoddi’s Edge Network to it’s full capacity.

Here are some additional settings you can consider;

  1. If you used the Proxied method, you can activate the Cloudflare SSL but, you will also need to activate it on your ‘container’ inside your ‘apps’ settings on Qoddi. This activation is to make sure your container listens to the appropriate port, and the load-balancer forwards the requests from CloudFlare at the right place. After adding your Cloudflare domain name to your FlashDrive app, make sure to click “Activate SSL.”

2. Do not use Full (strict) SSL settings. Full will work fine, and the (strict) option requires that you install a CloudFlare SSL certificate inside the load balancer. Qoddi does not allow for the injection of SSL certificates. Here is the recommended setting for SSL:

3. If you want to force SSL on your domain, you must have selected the setting on Qoddi:

IMPORTANT : Make sure “Always use https” is turned off on Cloudflare side or this will create a conflict with Qoddi’s routing policies :

With these settings, CloudFlare will forward the appropriate headers to Qoddi, and Qoddi will serve the appropriate page over an SSL connection.

Our reverse proxy uses Let’s Encrypt to generate certificates for any subdomains that are used for Security Portals. If your domain has existing CAA records, you will need to add an entry for Let’s Encrypt: 0 issue "letsencrypt.org"

More details can be found here: https://letsencrypt.org/docs/caa/

If you have any questions, please feel free to contact us!

Was this helpful?

5 / 1