How to use Cloudflare CDN
Cloudflare is the largest provider of CDN services, which has several services that can be used to bypass Internet restrictions. The most important services are explained below.
Site or domain service
It means you are using your server behind a CDN provider. In other words, you register your domain (subdomain) with a CDN provider and then proxy it. Here we discuss how to register on cloudflare. If you want to see a tutorial on how to use GCore CDN on a Cloudflare registered domain, see this link.
Direct domain registration purchased on Cloudflare
First, you register using this link.
Log in after creating a profile. You must add your domain here. For this, click on Add Site button and add your domain.
In the next step, choose your desired plan. The free plan is enough for this. So you choose according to the photo.
In the next step, we do next according to the figure.
In the last step, put the given DNS servers in your domain settings.
Wait a while to register the domain settings. After that, the domain will be activated on the Cloudflare server.
Now you need to go to the registration section of DNS records.
In this case, to record records related to IP version 4, follow the figure.
After clicking on Add record, register the details of the desired subdomain by entering the server IP. Note that the proxy must be turned off for the direct domain.
If needed, you can change the TTL from automatic mode. The lower this value is; DNS records cached on the user's system are refreshed sooner.
To record the records related to IP version 6 of the server, follow the figure.
All the things mentioned about IP version 4 also apply in this case. The only difference is the record type, which is AAAA.
CDN domain registration in Cloudflare
This domain is registered behind the servers of a CDN provider or so-called proxy.
For example, you can use Cloudflare service. So after following the steps mentioned above; Your domain was activated on the site; You should go to the DNS section and register the desired record. This record is type A for IP version 4 and type AAAA for IP version 6. The only difference with the previous step is that you must turn on the proxy.
How to verify CDN domain registration
When you test this domain using various tools such as ping, nslookup, dig; In response, one of the IPs randomly assigned by Cloudflare will return to your domain and there is no more information about your IP. This provides a level of security for your server.
It should be noted that this IP changes in different periods of time and is not fixed. Sometimes it happens that the IP assigned by Cloudflare is blocked or disrupted in Iran, and in this regard, methods to bypass this type of filtering should be used.
Certificate settings of CDN domain
TLS is an algorithm that encrypts all internet traffic and helps the user stay safe online.
to describe precisely; TLS encrypts the communication between the client and the server in the web platform, which uses a set of cryptographic algorithms such as alpn, uTLS, allowInsecure.
Certificates assigned to domains are also based on the TLS protocol.
To do this, go to the SSL/TLS section on the Cloudflare site and set the certificate mode to Full.
Also, activate the SSL/TLS Recommender option to increase connection security. This option checks the connection and gives you security suggestions if it is possible to upgrade the TLS version.
Then go to the Network menu. Here you should check that QUIC, gRPC and WebSockets options are enabled.
Checking security status of CDN domain traffic To do this, go to the SSL/TLS section of the Cloudflare site. A graph is displayed for passing traffic, the more traffic passed based on the higher version TLS; Communication security has been higher. http traffic passes without using TLS encryption.
Worker service
To see details about this service, read this article.
Domain fronting service
To see details about this service, read this article.
This service is currently disabled in Cloudflare.
gRPC service
This service was introduced by Google in 2015 and is based on TLS and HTTP/2, and because its packet size is smaller, it requires less bandwidth and is therefore faster. This service is also active in Cloudflare and is compatible with many of its other services. Therefore, you can activate it on the domain service and use this feature to bypass filtering.
- To do this, go to the
Networksection and then enable thegRPCoption.
After that, it is possible to send gRPC packets from the client to Cloudflare. After the packets reach Cloudflare, they are forwarded to the original destination, which is your server.
WebSocket wervice
Another cloudflare service is WebSocket, which allows stable communication between the client and the main server. In this case, the client and server can exchange information without the need to re-establish communication and have a stable connection. This service can also be used to bypass filtering.
- For this, go to the
Networksection and then activate theWebSocketsoption.
After that, it is possible to send WebSocket packets from the client to Cloudflare. After the packets reach Cloudflare, they are forwarded to the original destination, which is your server.
QUIC service
This service is based on HTTP/3 and works with TLS1.3. That's why it's so fast because its handshake is much faster than TCP.
- For this, go to the
Networksection and then activate theHTTP/3 (with QUIC)option.