Facebook Pixel

Using Cloudflare for DNS and CDN Free Performance and Security for Node.js

Learn how to use Cloudflare as a DNS provider and CDN for your Node.js application setting up DNS, enabling the proxy, configuring SSL, and using Page Rules.

Using Cloudflare for DNS and CDN

Cloudflare is a free DNS provider and CDN that improves performance and security for your Node.js application. This guide covers setup, configuration, and best practices.

What Cloudflare Provides

  1. DNS management Fast, free DNS hosting
  2. CDN Caches static assets at edge locations worldwide
  3. DDoS protection Automatic protection against attacks
  4. SSL Free SSL certificate (in addition to Let's Encrypt)
  5. Firewall Block malicious traffic
  6. Analytics Traffic insights and security events
  7. Page Rules Redirect, cache, or secure specific URLs
  8. Workers Run JavaScript at the edge (paid)

Step 1: Create a Cloudflare Account

  1. Go to https://cloudflare.com
  2. Sign up for a free account
  3. Click "Add a Site"
  4. Enter your domain name

Step 2: Update Nameservers

Cloudflare will scan your existing DNS records and give you two nameservers:

ns1.cloudflare.com
ns2.cloudflare.com

Update nameservers at your registrar (Namecheap, GoDaddy, etc.):

  1. Log in to your registrar
  2. Find your domain
  3. Change nameservers to Cloudflare's
  4. Wait for propagation (can take up to 24 hours, usually 1-2 hours)

Step 3: Configure DNS Records

In Cloudflare dashboard → DNS → Records:

TypeNameContentProxy
A@12.34.56.78 (EC2 IP)Proxied (orange)
Aapi12.34.56.78 (EC2 IP)Proxied (orange)
Aapp12.34.56.78 (EC2 IP)Proxied (orange)
CNAMEwwwyourdomain.comProxied (orange)

Proxied (orange cloud) Traffic goes through Cloudflare (CDN, DDoS protection, SSL) DNS only (gray cloud) Traffic goes directly to your server (no Cloudflare features)

Step 4: Configure SSL

Cloudflare dashboard → SSL/TLS:

SSL/TLS encryption mode:

  • Off No encryption (not recommended)
  • Flexible Cloudflare to client is HTTPS, Cloudflare to origin is HTTP
  • Full Both HTTPS, but origin certificate not verified
  • Full (strict) Both HTTPS with valid certificate (recommended)

Use Full (strict) if you have Let's Encrypt on your origin server.

Step 5: Enable Performance Features

Cloudflare dashboard → Speed → Optimization:

  • Auto Minify Minify HTML, CSS, JS
  • Brotli Compress responses (better than gzip)
  • Rocket Loader Defer JavaScript loading (test before enabling)

Step 6: Enable Caching

Cloudflare dashboard → Caching → Configuration:

  • Caching Level: Standard
  • Browser Cache TTL: Respect Existing Headers
  • Always Use HTTPS: On

For static assets, Cloudflare automatically caches them at edge locations.

Step 7: Set Up Page Rules

Cloudflare dashboard → Rules → Page Rules:

Redirect HTTP to HTTPS:

URL: http://yourdomain.com/*
Setting: Always Use HTTPS

Cache everything for static paths:

URL: yourdomain.com/assets/*
Setting: Cache Level: Cache Everything
Setting: Edge Cache TTL: 1 month

Bypass cache for API:

URL: api.yourdomain.com/*
Setting: Cache Level: Bypass

Step 8: Configure Firewall (Optional)

Cloudflare dashboard → Security → WAF:

Block by country:

Action: Block
Countries: [select countries to block]

Block by IP:

Action: Block
IP: [suspicious IP addresses]

Challenge page for suspicious traffic:

Action: Challenge
Security Level: High

Step 9: Use Cloudflare with Nginx

When Cloudflare proxies traffic, Nginx sees Cloudflare's IP instead of the client's real IP. To fix this:

# In nginx.conf http block set_real_ip_from 173.245.48.0/20; set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; # ... add all Cloudflare IP ranges real_ip_header CF-Connecting-IP;

Or use Cloudflare's header:

real_ip_header CF-Connecting-IP;

Now $remote_addr and req.ip will return the real client IP.

Step 10: Cloudflare and Let's Encrypt

With Cloudflare proxy enabled, you have two SSL layers:

  1. Client → Cloudflare (Cloudflare's SSL)
  2. Cloudflare → Your server (Let's Encrypt SSL)

For certbot to work with Cloudflare proxy:

  • Use DNS-01 challenge instead of HTTP-01
  • Or temporarily disable Cloudflare proxy (gray cloud) during certificate renewal
  • Or use Cloudflare Origin Certificate (free, 15-year validity)

The Takeaway

Cloudflare provides free DNS, CDN, DDoS protection, SSL, and firewall for your Node.js app. Set up by creating an account, updating nameservers at your registrar, configuring DNS records (proxied for CDN features), setting SSL to Full (strict), enabling performance features (Brotli, auto minify), setting up Page Rules for caching and redirects, and configuring Nginx to use CF-Connecting-IP for real client IP.

DNS management, CDN (caches static assets globally), DDoS protection, free SSL certificate, firewall (block by IP/country), analytics, Page Rules (redirect, cache, secure URLs), and Brotli compression. The free plan is sufficient for most Node.js projects.

Create a Cloudflare account, add your domain, Cloudflare scans existing DNS records and gives you nameservers, update nameservers at your registrar, configure DNS records in Cloudflare (proxied for CDN features), and set SSL to Full (strict) if you have Let's Encrypt on your origin.

Proxied (orange cloud) routes traffic through Cloudflare, providing CDN caching, DDoS protection, SSL, and firewall. DNS only (gray cloud) just resolves the DNS, and traffic goes directly to your server without Cloudflare features.

Add set_real_ip_from directives in nginx.conf for all Cloudflare IP ranges, then set real_ip_header CF-Connecting-IP. Now $remote_addr and req.ip (with trust proxy) will return the real client IP instead of Cloudflare's IP.

With Cloudflare proxy, there are two SSL layers: client to Cloudflare (Cloudflare's SSL) and Cloudflare to your server (Let's Encrypt). Use Full (strict) mode. For certbot renewal, use DNS-01 challenge, or temporarily disable proxy, or use Cloudflare Origin Certificate (free, 15-year validity).

Ready to master Node.js completely?

Want to upskill yourself, crack your next interview, and get your dream job? Join our comprehensive course to dive deeper with high-quality video tutorials, solve interview questions, and a premium community.

Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.