Using Cloudflare for DNS and CDN Free Performance and Security for Node.js
Learn how to use Cloudflare as a DNS provider and CDN for your Node.js application setting up DNS, enabling the proxy, configuring SSL, and using Page Rules.
Using Cloudflare for DNS and CDN
Cloudflare is a free DNS provider and CDN that improves performance and security for your Node.js application. This guide covers setup, configuration, and best practices.
What Cloudflare Provides
- DNS management Fast, free DNS hosting
- CDN Caches static assets at edge locations worldwide
- DDoS protection Automatic protection against attacks
- SSL Free SSL certificate (in addition to Let's Encrypt)
- Firewall Block malicious traffic
- Analytics Traffic insights and security events
- Page Rules Redirect, cache, or secure specific URLs
- Workers Run JavaScript at the edge (paid)
Step 1: Create a Cloudflare Account
- Go to https://cloudflare.com
- Sign up for a free account
- Click "Add a Site"
- Enter your domain name
Step 2: Update Nameservers
Cloudflare will scan your existing DNS records and give you two nameservers:
ns1.cloudflare.com
ns2.cloudflare.com
Update nameservers at your registrar (Namecheap, GoDaddy, etc.):
- Log in to your registrar
- Find your domain
- Change nameservers to Cloudflare's
- Wait for propagation (can take up to 24 hours, usually 1-2 hours)
Step 3: Configure DNS Records
In Cloudflare dashboard → DNS → Records:
| Type | Name | Content | Proxy |
|---|---|---|---|
| A | @ | 12.34.56.78 (EC2 IP) | Proxied (orange) |
| A | api | 12.34.56.78 (EC2 IP) | Proxied (orange) |
| A | app | 12.34.56.78 (EC2 IP) | Proxied (orange) |
| CNAME | www | yourdomain.com | Proxied (orange) |
Proxied (orange cloud) Traffic goes through Cloudflare (CDN, DDoS protection, SSL) DNS only (gray cloud) Traffic goes directly to your server (no Cloudflare features)
Step 4: Configure SSL
Cloudflare dashboard → SSL/TLS:
SSL/TLS encryption mode:
- Off No encryption (not recommended)
- Flexible Cloudflare to client is HTTPS, Cloudflare to origin is HTTP
- Full Both HTTPS, but origin certificate not verified
- Full (strict) Both HTTPS with valid certificate (recommended)
Use Full (strict) if you have Let's Encrypt on your origin server.
Step 5: Enable Performance Features
Cloudflare dashboard → Speed → Optimization:
- Auto Minify Minify HTML, CSS, JS
- Brotli Compress responses (better than gzip)
- Rocket Loader Defer JavaScript loading (test before enabling)
Step 6: Enable Caching
Cloudflare dashboard → Caching → Configuration:
- Caching Level: Standard
- Browser Cache TTL: Respect Existing Headers
- Always Use HTTPS: On
For static assets, Cloudflare automatically caches them at edge locations.
Step 7: Set Up Page Rules
Cloudflare dashboard → Rules → Page Rules:
Redirect HTTP to HTTPS:
URL: http://yourdomain.com/*
Setting: Always Use HTTPS
Cache everything for static paths:
URL: yourdomain.com/assets/*
Setting: Cache Level: Cache Everything
Setting: Edge Cache TTL: 1 month
Bypass cache for API:
URL: api.yourdomain.com/*
Setting: Cache Level: Bypass
Step 8: Configure Firewall (Optional)
Cloudflare dashboard → Security → WAF:
Block by country:
Action: Block
Countries: [select countries to block]
Block by IP:
Action: Block
IP: [suspicious IP addresses]
Challenge page for suspicious traffic:
Action: Challenge
Security Level: High
Step 9: Use Cloudflare with Nginx
When Cloudflare proxies traffic, Nginx sees Cloudflare's IP instead of the client's real IP. To fix this:
# In nginx.conf http block set_real_ip_from 173.245.48.0/20; set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; # ... add all Cloudflare IP ranges real_ip_header CF-Connecting-IP;
Or use Cloudflare's header:
real_ip_header CF-Connecting-IP;
Now $remote_addr and req.ip will return the real client IP.
Step 10: Cloudflare and Let's Encrypt
With Cloudflare proxy enabled, you have two SSL layers:
- Client → Cloudflare (Cloudflare's SSL)
- Cloudflare → Your server (Let's Encrypt SSL)
For certbot to work with Cloudflare proxy:
- Use DNS-01 challenge instead of HTTP-01
- Or temporarily disable Cloudflare proxy (gray cloud) during certificate renewal
- Or use Cloudflare Origin Certificate (free, 15-year validity)
The Takeaway
Cloudflare provides free DNS, CDN, DDoS protection, SSL, and firewall for your Node.js app. Set up by creating an account, updating nameservers at your registrar, configuring DNS records (proxied for CDN features), setting SSL to Full (strict), enabling performance features (Brotli, auto minify), setting up Page Rules for caching and redirects, and configuring Nginx to use CF-Connecting-IP for real client IP.
DNS management, CDN (caches static assets globally), DDoS protection, free SSL certificate, firewall (block by IP/country), analytics, Page Rules (redirect, cache, secure URLs), and Brotli compression. The free plan is sufficient for most Node.js projects.
Create a Cloudflare account, add your domain, Cloudflare scans existing DNS records and gives you nameservers, update nameservers at your registrar, configure DNS records in Cloudflare (proxied for CDN features), and set SSL to Full (strict) if you have Let's Encrypt on your origin.
Proxied (orange cloud) routes traffic through Cloudflare, providing CDN caching, DDoS protection, SSL, and firewall. DNS only (gray cloud) just resolves the DNS, and traffic goes directly to your server without Cloudflare features.
Add set_real_ip_from directives in nginx.conf for all Cloudflare IP ranges, then set real_ip_header CF-Connecting-IP. Now $remote_addr and req.ip (with trust proxy) will return the real client IP instead of Cloudflare's IP.
With Cloudflare proxy, there are two SSL layers: client to Cloudflare (Cloudflare's SSL) and Cloudflare to your server (Let's Encrypt). Use Full (strict) mode. For certbot renewal, use DNS-01 challenge, or temporarily disable proxy, or use Cloudflare Origin Certificate (free, 15-year validity).
Ready to master Node.js completely?
Want to upskill yourself, crack your next interview, and get your dream job? Join our comprehensive course to dive deeper with high-quality video tutorials, solve interview questions, and a premium community.
Master Node.js
Want to upskill yourself, crack your next interview, and get your dream job? Join our comprehensive course.

