cloudflare’s cdn accelerates the website and optimizes ip

cloudflare is a good network acceleration CDN and security protection service. Many websites want to access CloudFlare CDN, but there is a problem that the NS server of the website domain name needs to be modified. Many people do not want to modify the NS server of the domain name, so there are many Cloudflare Partner access management, which can directly use IP or CNAME to access the CDN.

However, CloudFlare has stopped most of the Cloudflare Partner API services, resulting in many people who want to directly access CloudFlare CDN through CNAME or IP unable to find a good way. Fortunately, CloudFlare for SaaS recently adjusted the free quota. It used to charge 2USD/month per domain name.

Now CloudFlare for SaaS not only provides 100 domain names for free, but also charges 0.1USD/month for each domain name after the quota is exceeded. This quota can be said to be enough for everyone. CloudFlare for SaaS has a very useful feature: self-hosting. Using this custom hosting function, domain names that are not connected to CloudFlare can be quickly connected.

1. Preparation stage

1. To enable Cloudflare for SaaS, you need to add a payment credit card (UnionPay is supported) or PayPal
2. Prepare two domain names, the main domain name and the transit domain name (the transit domain name must be connected to cf, the main domain name is optional, the demonstration in this article is all connected to cf)
3. Source server: the destination server that ultimately needs to be accessed ip

2. Enable CloudFlare for SaaS by transferring the domain name back to the source.

1. First add an A record to resolve to the origin site IP and enable the proxy

2. Operation of custom host name

Open the SSL/TLS settings for the domain name that CloudFlare uses for transit, select "Custom host name", and add the host name to the final target domain name. And add the domain name just resolved as the fallback source.

3. Verify valid status

Verify the txt certificate given by the custom host name and resolve it in the dns of the main domain name.

Wait for a while, then return to the source domain name refresh to refresh the status of the custom host name. (@ here represents ooly.cc)

After waiting for the status to become valid, start selecting your own IP; remember to renew the certificate every year!
Note: After the certificate is valid, the primary domain name will delete the record added by the primary domain name above! Don’t delete the custom host of the source domain name.

3. Preferred/optional ip

1. Connect the primary domain name to a service provider that supports sub-operator resolution (please skip if already connected). We recommend a few free ones: Huawei Cloud DNS, Qingyun DNS [recommended practice, you can also use CloudFlare directly]

2. Use the following script to select the IP. Remember to test it with devices from different operators:

The most famous project of Cloudflare ST, it is powerful but requires downloading the executable file corresponding to the system and architecture.

Better Cloudflare IP is based on bat and bash, simple and highly versatile.

4. The main domain name points to the IP of your choice (choose one)

Delete the “TXT” verification record and CNAME record just added

Point the primary domain name to your own IP or preferred domain name

(Note: If your main domain name is on Cloudflare, the proxy status here needs to be changed to “DNS only”)

1.CNAME record points to domain name that has preferred IP

You can add a domain name that dynamically resolves the preferred IP before this, and then the main domain name CNAME points to this domain name.

2.A record points to already preferred IP

5. Precautions

• The origin site uses the SSL certificate of the main domain name. Do not use the SSL certificate of the back-to-origin domain name.
• The primary domain name can directly use the 15-year source server certificate in cloudflare (note: the source server certificate is not a client certificate!).
• Deleting the custom host name of the "source domain name" will cause the "primary domain name" to return to the origin (unreachable).
• Cannot put "main domain name" CNMAE to "source domain name", such as: a.com(main)CNAME b.com(source), In this way, writing that both the main domain name and the source domain name can be accessed does not achieve the optional effect. This is only used as the initial certificate verification. After verifying the main domain name of the certificate, please delete these two verification records.
• Remember to check regularly whether your chosen IP is available.