It seems to be along time since CloudFlare was mentioned on this site. Am I correct in thinking that hosting is performed as normal by a regular host and and that by adding in and paying for cloudflare, the website is propagated via their servers, adding in performance and additional protections?
Does anyone have good or bad stories?
Is the $20 / month worthwhile and does it really add that value?
Hey Nick,
I use Cloudflare for most of my sites, but havent paid anything to them as of yet. The free account does a lot.
You are correct in hosting on your current host, and then just pointing the name servers to CloudFlare. I use it on a tourism site (still free account) and it massively, boosts performance, and saves tons of bandwidth from my server. See the screenshot below.
I also sell a stack that allows you to turn on cloudflare development mode and purge cache from your site admin page. You can get it for 55% off by supporting Stacks Pro development with the Stacks Basecamp promo on right now.
I also use the free version on dozens and dozens of websites, some that consistently generate 10k unique visitors per month. For my sites, the free version offers everything I’m looking for:
Ease of use - the platform is intuitive and easy to navigate
Caching & Compression - both of which speed up my sites
GlobalCDN - ensuring faster load times for users around the world (granted, 99% of my users are in the US, though)
DDoS Protection - the free plan offers excellent DDoS protection (enabled by default, but stronger layers can be flipped on)
Two more that don’t really apply to me since I’m with DreamHost, but might to others depending upon your hosting service:
Always Online Feature - if your site goes down, Cloudflare displays a cached version
Free HTTPS - if your provider doesn’t offer free certificates, Cloudflare’s free version does
Their paid version offers enhanced security, lots of performance options and a much wider insight into your website’s performance and security. For me, the free version is all I require.
I have several clients who use TCMS for their websites, giving them full control over all content. One client, who often updates their site, was initially on Cloudflare. However, I decided to remove them from the service. At the time I built their website, the stack mentioned just above (Cloud Dev Tools) wasn’t available. Had it been, I would’ve opted for it and made sure my client was comfortable using it. It was quite challenging to explain to them why their site wasn’t reflecting updates immediately, due to Cloudflare serving cached content.
Thank you @StacksWeaver and @dave for your really helpful comments. CloudFlare definitely looks like the way to go, as does the DevTools stack (it is compatible with Source?)
My only potential loss, if I understand correctly, is the ability to view where traffic is from geographically? I currently check IP addresses and can recognise individual customers, which can be handy (small business!).
Interesting, the mention of TotalCMS on the stack page - I have a licence, but the site never did go live because the company folded, so a total waste of $100
I would have to check out my analytics, I believe cloudflare passes that info to the server, but protects you from the visitor.
My Dev Tools stack is not tied to any framework, it should work no problem. If you have any issues with it, you can let me know. I’m always happy to jump on a zoom and fix things.
As for your TCMS license, if the site was never launched, reach out to @joeworkman at support@weavers.space. He can probably do something for you about that license.
He has some FAQs about license moving here.
That is really kind of you Joshua, thank you! Really appreciate the help from you and @dave
I’ll get cloudflare setup and be in touch shortly :)
As a follow on and hopefully useful to some: the Cloudflare setup was very straightforward and moving name servers fine. Then it all went wrong.
My regular host is thorough and a paid certificate is in place and all traffic is https. The problem is that Cloudflare seems to have a regular issue with ‘double https’, judging by the volume of support posts. There is a relatively straightforward fix, but having lost a big chunk of traffic over a weekend with switching nameservers (this should have been quick!) the decision to switch off cloudflare was taken. We will revisit this shortly, as the benefits seem valuable, as others have pointed out.
pro tip, if you have an ssl on your server, on cloudflare set your ssl setting to Full, the number one issue sometimes when you add cloudflare, is that it may default to flexible, to which you will get a massive redirect error, switching to Full solves that instantly.
Thanks for pointing this out. Once I can get Cloudflare up and running again (v long story, friends & servers), I’ll check that box.
Heads up for anyone wanting a ‘free’ VPN - CloudFlare’s Warp on Mac / 1.1.1.1 on iOS is excellent
I guess I should add that I have been running multiple sites through Cloudflare since the New Year. Fault free and wonderful. The trick is there are errors with SSL is to set the SSL/TLS encryption mode to Full (strict) - if anyone has issues, please feel free to ask.
The beauty for me is the additional security. One site in particular seem to attract a great deal of Chinese and Russian traffic. No idea why. On that site, I have set the security level to high.
The simple reason for that is the fact that Chinese and Russian (and North Korean, of course) hackers are most active in picking up all possible vulnerabilities in the net for espionage and ransomware purposes.
CloudFlare is a convenient layer of additional security, but when they fall, every one of their customers falls as well, so it’s good that you take care of your own security, besides CloudFlare.
Absolutely! I’m always careful of my own security, but the extra layer is helpful.
