Using Discourse with Cloudflare: Best Practices

Using Discourse with Cloudflare: Best Practices

This topic provides a comprehensive guide to using Discourse with Cloudflare. It includes a step-by-step guide, and best practices to ensure maximum compatibility.

Why use Discourse with Cloudflare

Using Discourse with Cloudflare can provide several benefits:

  • Performance: Cloudflare’s CDN can speed up worldwide access to common assets on your Discourse forum, improving the user experience for your community members no matter where they are located (source).
  • Security: Cloudflare provides additional layers of security for your Discourse forum, including DDoS protection and HTTPS support with Let’s Encrypt (source).

For self-hosters, it’s important to note that while Cloudflare can provide these benefits, it also adds complexity to your Discourse setup. This document aims to help you navigate this complexity and make the most of using Discourse with Cloudflare.

Setting Up Discourse with Cloudflare

  • Cloudflare Fundamentals to begin setting up Discourse with Cloudflare. Once you have your Discourse instance running, make certain you’re familiar with Cloudflare Fundamentals. Cloudflare Fundamentals is a one-stop location for pointers to Cloudflare resources.
  • Set Up: To get the security, performance, and reliability benefits of Cloudflare, you need to set up Cloudflare on your domain. Directions .

Best Practices

  • DNS Ensure the DNS records pointing to your Discourse instance are proxied. Go here to manage your DNS records .
  • SSL/TLS encryption mode should be set to Full (strict). Go here to manage your SSL/TLS settings . :warning: If not set up properly, this may lead to redirect loops.
  • Caching Level should be set to Standard. Go here to set caching level.
  • Create a Page Rule for community.example.com/session/* to set Cache Level to Bypass. Go here to create a Page Rule.
  • Rules Settings should be configured to Normalize incoming URLs. Go here to configure Rule settings.
  • Network Settings depending upon Cloudflare plan type, should be configured as follows. If they are not already enabled, enable IPv6 Compatibility, WebSockets, IP Geolocation, Network Error Logging, and Onion Routing. If they are not already disabled, disable Pseudo IPv4, Response Buffering, True-Client-IP Header, and gRPC. Set Maximum Upload Size per your site policy, 100 MB is sufficient. Go here to configure Network settings.
  • WAF Settings depend upon Cloudflare plan type and security needs. If your Cloudflare account supports Managed Rules, configure a Managed Rule to Skip WAF on post creation / edits. Do this by adding a Managed Rule matching on URI Path and Request method. The Rule should appear as follows: (http.request.uri.path matches "/posts(/[0-9]+)?" and http.request.method in {"POST" "PUT"}). Choose the option to Skip all remaining rules and enable Log matching requests. If you are using the Data Explorer plugin, configure a Managed Rule to Skip WAF on admin queries. Do this by adding a Managed Rule matching on URI Path and Request method. The Rule should appear as follows: (http.request.uri.path contains "/admin/plugins/explorer/queries/" and http.request.method eq "PUT"). Choose the option to Skip all remaining rules and enable Log matching requests. Go here to create Managed Rules.
  • Content Optimization should have Brotli turned on, and Rocket Loader™ off. Go here to set Content Optimization. :warning: Discourse gets plenty site down reports due to Rocket Loader™ being on.
  • Auto Minify Auto Minify is deprecated and will be removed on 2024-08-05. Prior to deprecation, it should be disabled until it is removed from the dashboard. After this date, Auto Minify will no longer be available via the Cloudflare dashboard, API, or Terraform. We recommend that you minify at the origin during the build phase. Minification is included in most modern web development frameworks. Go here to disable Auto Minify.

Troubleshooting Common Issues

For help troubleshooting issues with Discourse & Cloudflare, seek assistance on the appropriate forum. For advice & insight into using Cloudflare, visit the Cloudflare Community at community.cloudflare.com.

Support

For direct support from Cloudflare, please login to dash.cloudflare.com to post on the Cloudflare Community

Alternatively, you may search for specific issues on Meta: Search results for ‘cloudflare’ - Discourse Meta

2 Likes