Subdomain for Cloudflare Images without proxying the apex domain

Hi there,

  • I have a Next.js site, that is hosted on Vercel:
  • Currently all images are optimised by Vercel, but I intend change that and serve images via Cloudflare Images. I’ve just uploaded all 14k images today into Cloudflare Images.
  • I’d like to deliver these from a subdomain though, specifically:
  • Currently my nameservers for the zone are on AWS, and the apex domain is a CNAME to Vercel

How to set up the DNS records to achieve all the above?


  • I could change my nameservers to be the Cloudflare ones, but I don’t intend to proxy the apex ( domain, because of Vercel’s recommendations here:
  • Considering this, how to set the DNS record for the subdomain so that it points to Cloudflare Images? I couldn’t find any CNAME target or IP targets in the doc.

Thank you,

Custom domains for Images need to be in your Cloudflare account. If you don’t want to use the URLs you could change your nameservers to Cloudflare and just not proxy the apex domain.

Your subdomain for image delivery doesn’t need to actually point to anything. You can create in your Cloudflare DNS and just give it an AAAA record to the dummy IP address 100::, including the trailing colons. This name will then work just fine for Cloudflare Images URLs.


Welcome to the Cloudflare Community. :logodrop:

It seems that @i40west covered the key points while I was drafting my missive, so please pardon any redundancy. :grin:

My reading of the relevant documentation suggests that the custom domain needs to be in the same account as the Cloudflare Images subscription.

If you opt for the full setup and move your domain DNS to Cloudflare, it is simple to bypass the Cloudflare proxy for individual hostnames, including your apex name. Simply set the record to :grey: DNS Only. Thanks to CNAME flattening, you can even use a CNAME at your apex.

I didn’t see anything in the Vercel documentation that recommended against proxying the Vercel hostname. I do question why they are advising to use Full instead of Full (strict) encryption mode.

If you only plan on using to deliver your Cloudflare Images, you can probably make due with one AAAA record set to 100:: and :orange: Proxied. This is considered an originless setup as it will not direct any traffic to an origin server. You might consider a specially crafted Redirect Rule to send any requests for the naked domain to you main site.

You can also use a Partial (CNAME) setup on a Business Plan or higher. That would allow you to leave the parent zone DNS at AWS. Unless you have a need for that, it is likely easier and more cost effective to move your DNS to Cloudflare.


Thanks. It worked.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.