Existing wix domain setup on cloudflare

I am new to cloudflare. I currently have a wix built website that was purchased on google domains. I also utilize a new documentation platform for my IT company. I am trying to get a sub domain setup and they only support connections from Cloudflare. My question is do I have to transfer my domain control over to cloudflare to use the paid $20 a month service in order to utilize the cloudflare services? I did not see a way to do any sort of sub domain setups without adding my domain here in cloudflare itself. Sorry for the noob question domains are not my strong suit.

Hi @user5563,

This is an interesting situation. Wix state that they don’t support Cloudflare, do they allow you to point to their service without using their nameservers?

You can’t add a subdomain to Cloudflare directly (without a Business or Enterprise plan) and need to add the entire domain and change the nameservers.

Do you know why the new provider needs you to use Cloudflare? If they provide a hosted service, it’s common for them to use Cloudflare themselves (normally the SaaS product) but not to require you to set it up yourself.

Yes they offer a Saas service that I am now signed up for. The whole reason for clouldflare is that their equipment is accessible only via cloudflare connections if I want my subdomain to work correctly with SSL. They said in the initial setup that I would be required to use cloudflare for advanced branding. This is a saas service for notes that allows my clients access to the information. I really did not want to have them access a non ssl connection to the information considering what it’s for. I can still use SSL with the service however without the “advanced branding” it would redirect to a portal that the customer can clearly see is not tied directly to my company.

Does it have to be a subdomain? Would it be ok if it was a “companion” domain, such as mycompanydocs.com?

it appears that it does have to be a subdomain yes

This sounds like a bit of a security issue. If I understand what they want correctly, they’re not issuing a certificate for your subdomain and are trying to mask that by getting you to use Cloudflare. This would mean your visitors information would be encrypted as far as Cloudflare but unencrypted between Cloudflare and this provider.

Precisely, I’d still be concerned about this because of how they seem to be asking you to set it up.

Let me grab a screen shot of some information one moment

Advanced Branding

We understand that you do not want to see portal.it-portal.com in the URL. Because of the complexity of the request, it will require many changes to our backend, and support will be more difficult for us to maintain. We want to try to make this work for you. To make this happen, you require a CloudFlare plan that starts at $20/Month. Cloudflare is needed as we do not allow access to our web servers directly on the Internet. Our web servers only respond to secure requests from Cloudflare.

What security measures safeguard our sensitive information?

You may prefer to do on-premise and safeguard it yourself. For those needing Cloud services, we offer the options below.

• AES 256 Bit Encryption.
• Optional Encryption key. Encrypt usernames and passwords with this key. Uploaded files will be encrypted as well using this same key. The default key will encrypt data if you do not have an optional key.
• Built-in 2 Factor Authentication
• Encryption at rest
• Our web servers are not open to the Internet. Our web servers are only accessible by the CloudFlare CDN (Content Delivery Network). You transparently connect to CloudFlare, and they present you with your data. Also, note that CloudFlare handles 10% of the world’s web traffic and is very secure.

Perhaps that helps? this is the information I was given during my initial review of the platform

I don’t know of any $20 plan feature that you’d need to do this. A free plan should do whatever it is they want you to do.

Still, though, you’re really stuck if this is your only option. And, as Dom pointed out, I don’t see why they’d need Cloudflare to do this. A CNAME from your domain should be sufficient, and you don’t need Cloudflare for that.

I tried it without cloudflare as a cname and it will not connect to their servers.

A Cloudflare account will behave no differently. Your CNAME should point to a Cloudflare-proxied hostname that belongs to that Docs company.

Have they actually done this before?

It seems they have done it for other people plenty lol. I have confirmed with Wix they do not currently support cloudflare domains via support chat. So it seems I have 2 options.

1. use the software without the branding I prefer
2. or find something else to use all together

The issue comes in with My RMM/PSA software Intergrations. I really wanted something that integrated with it as well.

I’d sure love to hear the technical explanation on why they need you to be on Cloudflare to CNAME to them. Or would you be using an “A” record?

I will certainly ask them for the technical explanation. I am concerned now more than I was previously. I will post back here any additional information I obtain.

Cloudflare has a product aimed at SaaS providers like this, I would assume given what you have said that they use this. If that’s the case, you won’t even be able to control your Cloudflare config anyway. You should just add a verification record and point a CNAME to them and they handle the rest.

I have asked for additional information from the software vendor. Just for more information I am including a link to the software in question.
IT-Portal

Ok so the software vendor states they use cloudflare for their backend as well. Im not being given a more technical answer. I did want to thank you all for your assistance regarding my questions. I believe my best option is to do away with advanced branding and stick to basic branding. The portal of the site will still be my own branding the link will simply tell the user (if they pay attention to it) that I use a hosted service provider. Wix is actively working on integrating cloudflare according to support so for now I just have to wait that process out. Have a good day gentleman.