Instructions

Custom Hostnames: CNAME CDN by Cloudflare for SaaS

1. Advantages

refer to:

CDN Tuning Guide (2) Make full use of Cloudflare
https://blog.tsinbei.com/archives/1313/

2. Access

Assumptions:

Origin IP: 8.8.8.8
Domain name resolved to the origin IP (i.e. "fallback domain"): cname.xxx.xxx
Domain name accessed by CNAME: yyy.yyy.yyy

Tip:
The xxx.xxx here must first be fully connected to Cloudflare using the NS method, and then it can be used as the SaaS "affiliated" domain name of yyy.yyy. You can use Freenom’s free domain name, or pp.ua’s free domain name.

Log in to the Cloudflare console, go to the DNS - Records page, parse a cname.xxx.xxx record, point to the origin IP, and check "Proxy":

Fallback domain resolution

Go to the SSL/TLS - Custom Hostname page. If it has never been enabled, you need to activate it first:

Activate custom hostname

Here is an example of selecting the payment method PayPal:

Select payment method

To authorize, fill in the necessary information:

Fill in information

Complete the activation and set the "fallback domain" to cname.xxx.xxx:

Add fallback source

After the rollback domain status changes to "valid", add a custom host name:

Add custom hostname

If you want to get A/A+ with SSL Labs, the minimum TLS version is TLS 1.2; I choose TLS 1.1. The verification method uses TXT verification.

Verification information

Parse according to the verification information, Ignore the warning that the custom domain name does not have a CNAME to the fallback domain. After a few minutes, click "Refresh" and you will find that the status changes to "valid".

If this occurs:

The hostname is using Cloudflare and cannot be activated with an TXT or HTTP validation token. To activate the custom hostname, the DNS target needs to point to the SaaS zone.

You can refer to the articles on this site:

Troubleshooting Cloudflare's inability to verify custom hostnames using TXT
https://blog.tsinbei.com/archives/1267/

In addition, as long as the region corresponding to the CA (such as an "offshore" line using DNSPod) is resolved to Cloudflare, HTTP verification will be automatically used when the certificate is about to expire.

Note:
If a redirection rule is added to Cloudflare's Redirection Rules, automatic HTTP verification cannot be performed (which will cause the redirected content to be accessed during verification).
Therefore, if you use a domain name connected to SaaS, it is recommended to set up redirection on the origin site instead of using Cloudflare's Redirect Rule redirection.

The access is now complete, Enjoy it!

Custom Hostnames: CNAME CDN by Cloudflare for SaaS

https://blog.tsinbei.com/en/archives/761/

Author
Hsukqi Lee
Posted on

2023-11-19

Edited on

2023-11-19

Licensed under

CC BY-NC-ND 4.0

CDN from Scratch (2) Take Full Advantages of Cloudflare
Send QQ Messages on Go-CQHTTP with QSign API Server

Comments

Name
Mail
Site
None yet
×
Pages
Copyright Issues 1. Statement1. When publishing o... Subscribe Articles on this site are synchr... Friendship Links My information ... About Tsinbei Blog 1. About meHsukqi Lee is my Engl... User Agreement Tsinbei Blog User AgreementWe he...
Tags
Programing 31 posts Cpp 20 posts OpenJudge 20 posts NOI 20 posts NOIP 20 posts