In some circumstances it's desirable to add an additional proxy in front of our CDN to add an additional layer of protection during DDoS attacks. We recommend the Cloudflare proxy for this as it is compatible with your Super site.
How to set up Cloudflare DDOS proxy with your Super site
Super is set up with a content delivery network that caches your website and ensures a speedy delivery of content to your site visitors. This CDN also protects your site from heavy load and ensures your site remains fast and accessible to users no matter what the load.
We recommend the Cloudflare proxy for adding an extra layer of protection against DDoS attacks, as it is compatible with your Super site and you can add this for free with Cloudflare.
There are a couple of steps and things to check when setting up the Cloudflare proxy with a Super site. This guide will take you through those steps.
Set up the Cloudflare environment
Cloudflare's automated DDoS protection systems constantly analyze traffic and generate real-time signatures to mitigate attacks across the network and application layers. These mitigations are automatically enabled for all customers across all Cloudlfare plans, including the free plan. Learn more
Set up the DNS records in Cloudflare
In order to set up the Cloudflare proxy your domain must be using the Cloudflare DNS service. Please check that your DNS records for your domain are set up correctly to point to Super.
Root domain records on Cloudflare
Type | Name | Content |
CNAME | @ | cname.super.so |
CNAME | www | cname.super.so |
Subdomain records on Cloudflare
To connect a subdomain to Super using Cloudflare like docs.super.so where docs is the subdomain, use:
Type | Name | Content |
CNAME | subdomain | cname.super.so |
Configure SSL
Ensure the SSL/TLS encryption mode is set to Full or Full (strict):
Using Cloudflare proxy
When Cloudflare proxy is on your site may show an error err_too_many_redirects.
This issue occurs when your Cloudflare SSL/TLS configuration is set to "Flexible". This will have Cloudflare send requests to Super over HTTP and in response Super will send data back over HTTPS. To keep all our connections secure you must request Cloudflare to only send requests over HTTPS.
To fix this issue, the "SSL/TLS" option in Cloudflare needs to be set to "Full" or "Full (strict)".
Enable the Cloudflare proxy
When you proxy an A, AAAA, or CNAME DNS record for your Super site (also known as in Cloudflare language as orange-clouding), DNS queries for these records will resolve to Cloudflare Anycast IPs instead directly to Super.
This means that all requests intended for proxied hostnames will go to Cloudflare first and then be forwarded to Super. This behavior allows Cloudflare to optimize, cache, and protect all requests for your Super site.
To enable the proxy for your site, edit the DNS settings in Cloudflare for the DNS record(s) for your Super site and turn on the Orange proxy toggle. Press save.
It will take a minute or two for these changes to propagate, and after that your site will be running through the Cloudflare Proxy protection.
In this doc:
- How to set up Cloudflare DDOS proxy with your Super site
- Set up the Cloudflare environment
- Set up the DNS records in Cloudflare
- Root domain records on Cloudflare
- Subdomain records on Cloudflare
- Configure SSL
- Using Cloudflare proxy
- Enable the Cloudflare proxy