Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2025-07-12 14:00:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
allianceauth/docs/maintenance/cloudflare.md
Basraah 9ad61c1f4c Move documentation into repository (#613)
2017-01-06 00:11:24 -05:00

42 lines
2.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# CloudFlare
CloudFlare offers free SSL and DDOS mitigation services. Why not take advantage of it?
## Setup Protection
Youll need to register an account on [CloudFlares site.](https://www.cloudflare.com/)
Along the top bar, select `Add Site`
Enter your domain name. It will scan records and let you know you can add the site. Continue setup.
On the next page you should see an A record for yourdomain.com pointing at your server IP. If not, manually add one:
A yourdomain.com my.server.ip.address Automatic TTL
Add the record and ensure the cloud under Status is orange. If not, click it. This ensures traffic gets screened by CloudFlare.
If you want forums or kb on a subdomain, and want these to be protected by CloudFlare, add an additional record for for each subdomain in the following format, ensuring the cloud is orange:
CNAME subdomain yourdomain.com Automatic TTL
CloudFlare blocks ports outside 80 and 443 on hosts it protects. This means, if the cloud is orange, only web traffic will get through. We need to reconfigure AllianceAuth to provide services under a subdomain. Configure these subdomains as above, but ensure the cloud is not orange (arrow should go around a grey cloud).
## Redirect to HTTPS
Now we need to configure the https redirect to force all traffic to https. Along the top bar of CloudFlare, select `Page Rules`. Add a new rule, Pattern is yourdomain.com, toggle the `Always use https` to ON, and save. Itll take a few minutes to propagate.
![infographic](http://i.stack.imgur.com/VUBvo.jpg)
## Update Auth URLs
Edit settings.py and change the following values:
- FORUM_URL = `os.environ.get('AA_FORUM_URL', "http://forums.mydomain.com")` if forums are on a subdomain
- IPBOARD_ENDPOINT = `os.environ.get('AA_IPBOARD_ENDPOINT', 'http://forums.mydomain.com/ipboard/interface/board/index.php')` if forums are on a subdomain
- JABBER_URL = `os.environ.get('AA_JABBER_URL', "jabber.yourdomain.com")`
- OPENFIRE_ADDRESS = `os.environ.get('AA_OPENFIRE_ADDRESS', "http://jabber.yourdomain.com:9090")`
- MUMBLE_URL = `os.environ.get('AA_MUMBLE_URL', "mumble.yourdomain.com")`
- TEAMSPEAK3_PUBLIC_URL = `os.environ.get('AA_TEAMSPEAK3_PUBLIC_URL', 'ts.yourdomain.com')`
And there we have it. Youre DDOS-protected with free SSL.
Reference in New Issue View Git Blame Copy Permalink