Optimize DNS for Domains Managed by CloudFlare

CloudFlare is a web service that provides features such as DDOS protection and routing options, as well as the ability to configure SSL management for your domains with various levels of security. 

With their basic "SSL: Flexible" feature, all traffic generated on your branded links in HTTPS will be handled by CloudFlare's servers, which, in turn, will forward the data in HTTP to Rebrandly servers. 

Rebrandly is self-sufficient with regards to SSL encryption and can provide free SSL certificates to all branded domains in our users' accounts through the LetsEncrypt Certificate Authority. Unfortunately, you cannot have a Rebrandly SSL certificate and a CloudFlare proxy solution at the same time, as CloudFlare doesn't forward Rebrandly the necessary HTTP support for us to create the certificates in a safe way. 

There are cases, however, where you may need a higher level of security. For example, you may want to use CloudFlare's "SSL: Full" or  "SSL: Full (strict)" option. Rebrandly does not guarantee either of these two connection modes, as in a classic DNS scenario we recommend you configure your domain DNS records to point directly to our redirection IPs.

To provide a workaround for this issue, our engineering team prepared a custom balancing option to support the "SSL: Full" and/or  "SSL: Full (strict)" cases. This requires an extra configuration step at the DNS level on your end in order to work. 

The custom balancer answers to the long-term, https-ready address: https://proxies.rebrandlydomain.com

To adopt this solution, you're supposed to access your CloudFlare control panel in the DNS section and configure the DNS record corresponding to your domain name (in this example, "davide.link") in such a way that it is of type "CNAME" and points to "proxies.rebrandlydomain.com". 

You will see "is an alias of "proxies.rebrandlydomain.com" text when you save your changes, as shown below. 

image.png

Please test your HTTPS links and let us know if you face any issues after following the instructions contained within this guide. 

DISCLAIMER: We do not guarantee any long-term functionality of this proxy setup, as we have no control over changes CloudFlare service may apply to its terms and conditions, technologies, validation algorithms and security concerns over time. 

This Article is About: 

  • DNS Configuration
  • CloudFlare DNS Configuration
  • Rebrandly SSL Certificates

See Also:

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.