Configure a CDN

Configuring a Content Delivery Network (CDN), such as Cloudflare, protects and accelerates your Workload running at Control Plane.

Follow the steps below to configure your Domain at Cloudflare. The configuration at other CDN providers will be similar.

Prerequisites

• Review the Configure a Domain guide.
• An account at Cloudflare.
• Your Domain's DNS is hosted at Cloudflare.
• Your Workload is configured and in a Ready state.

Configuration Steps

Step One - Domain Set Up and Certificate Generation at Cloudflare

From the Cloudflare UI, perform the following:

Domain Set Up

• From the DNS management page for your domain, add a new CNAME record.
  • For the Name field, enter the desired target subdomain.
  • For the Target field, enter the Canonical Endpoint URL from the Workload's Info page.
  • Toggle on the Proxied switch.

Certificate Generation Set Up

• From the SSL/TLS page, select the Full (strict) radio box.
• Click on the Origin Server submenu link.
  • Create a new origin certificate for your domain with the following settings. This certificate will be added as a TLS Secret at Control Plane.
    • Select Generate private key and CSR with Cloudflare.
    • Select the Private key type: RSA (2048).
    • The default list of hostnames shouldn't have to be changed and will contain the *.DOMAIN and DOMAIN hostnames.
    • Choose a long Certificate Validity such as 15 years.
    • NOTE: It is your responsibility to ensure the certificate mapped to your domain at Control Plane is valid.
    • Click Create. The next page will display the certificate and private key. You may save these as separate text files or leave the page open and copy/paste the values when creating the TLS Secret at Control Plane in the next step.

Step Two - Certificate Set Up at Control Plane

• Using the certificate and private key from the previous step, create a new TLS Secret at Control Plane by performing the following:
  • Click Secrets from the left side menu.
  • Click the New button at the top.
  • Enter a Name for the secret and select the secret type TLS.
  • Either upload or paste the respective certificate and private key file in the proper textbox. The TLS Chain can be left empty since this certificate is self-signed.
  • Click Create. This secret will be used when configuring your domain in the next step.

Step Three - Domain Set Up at Control Plane

Follow the steps below to configure your Domain at Control Plane.

Note: If a subdomain is being configured, the APEX domain will need to be verified.

• Click Domains from the left side menu.
• Click the New button at the top.
• Enter the Fully Qualified Domain Name (FQDN) of your Domain.
• Click Next (Spec).
• Select CNAME for the DNS Mode.
• Select and configure the desired Routing Mode.
• Toggle on the Configure TLS switch.
• Toggle on the Use Custom Server Certificate and select the TLS Secret created in the step above.
• Click Next (DNS).
• This page will display any DNS records that are required to be added for your domain. After adding the records, it will take a few minutes to propagate. Click the checkbox and click Create.