1.8 KiB
Cloudflare
CloudFlare offers free SSL and DDOS mitigation services. Why not take advantage of it?
Setup
You’ll need to register an account on CloudFlare’s site.
Along the top bar, select Add Site
Enter your domain name. It will scan records and let you know you can add the site. Continue setup.
On the next page you should see an A record for example.com pointing at your server IP. If not, manually add one:
A example.com my.server.ip.address Automatic TTL
Add the record and ensure the cloud under Status is orange. If not, click it. This ensures traffic gets screened by CloudFlare.
If you want forums or kb on a subdomain, and want these to be protected by CloudFlare, add an additional record for for each subdomain in the following format, ensuring the cloud is orange:
CNAME subdomain example.com Automatic TTL
CloudFlare blocks ports outside 80 and 443 on hosts it protects. This means, if the cloud is orange, only web traffic will get through. We need to reconfigure AllianceAuth to provide services under a subdomain. Configure these subdomains as above, but ensure the cloud is not orange (arrow should go around a grey cloud).
Redirect to HTTPS
Now we need to configure the https redirect to force all traffic to https. Along the top bar of CloudFlare, select Page Rules
. Add a new rule, Pattern is example.com, toggle the Always use https
to ON, and save. It’ll take a few minutes to propagate.
Update Auth URLs
Edit settings.py and replace everything that has a HTTP with HTTPS (except anything with a port on the end, like OPENFIRE_ADDRESS
)
And there we have it. You’re DDOS-protected with free SSL.