• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Cloudflare

O

othmaqsa

Regular Pleskian
Server operating system version
18.0.55 Update #1
Plesk version and microupdate number
20.04.6 LTS
Hello,

I have few questions about using Cloudflare with Plesk.

1- Do I need to add all the DNS records mentioned in Plesk, in the Cloudflare dashboard, like SRV record etc ?
2- Is it recommended to use Cloudflare's Full (Strict) encryption with Plesk or Full is enough? I have tried few months ago to use the option Full, but I have noticed the error 520/521 is randomly occur, multiple times per day?

Thanks.
 
othmaqsa said:
1- Do I need to add all the DNS records mentioned in Plesk, in the Cloudflare dashboard, like SRV record etc ?
Click to expand...
You don't need all records, only those you believe you'll actually need so if you're planning on using autodiscover for email configuration then yes you'll need the SRV records.

Now there is an extension that allows you to sync your DNS records to Cloudflare for you so you can do all your records within Plesk itself.
othmaqsa said:
2- Is it recommended to use Cloudflare's Full (Strict) encryption with Plesk or Full is enough? I have tried few months ago to use the option Full, but I have noticed the error 520/521 is randomly occur, multiple times per day?
Click to expand...
In all honestly it's completely up to you what level of encryption to use but depending on which level will depends on if you need a valid certificate or not. Like for one of my site I use flexible so the encryption between the browser and cloudflare is encrypted but the rest is whatever because I've had weird issues using any of the others and been too lazy to fix it. Full allows you to use a self signed certificate on the server while full strict requires you to have a certificate from a trusted CA or use the cloudflare's origin ca cert on the server. It basically comes down to personal preferences with how you have things configured.

TECNECHALLY speaking you should use Full Strict whenever possible and use Full if you can't use Full Strict.
 
@scsa20 , thank you for your message.

I have another question please:

I have added real_ip_header CF-Connecting-IP; in the Additional nginx directives in order to log the real IP address of the user, but the CF IP still showing in the logs.

A solution please ?
 
If you do a search you can find this post

Nginx ngx_http_realip_module for Plesk?

Any chance of getting the Nginx ngx_http_realip_module module for the version of nginx included in Plesk 12 on CentOS 6 & 7? We have customers using Cloudflare who want the real IP in their logs from the requests handled by nginx; we can do the cloudflare mod to handle the requests apache sees.
talk.plesk.com talk.plesk.com

Follow that instructions to get real IP working correctly.
 
You must log in or register to reply here.

Similar threads

kaw.one
Question (VPS) Cloudflare, Gmail and Other Plesk Panel 8443 (2 minutes - slow read)
Replies
1
Views
595
kaw.one
kaw.one
K
Issue Adding DNS record failes due to wrong format (bug?)
Replies
4
Views
719
kaschi
K
f0rtem
Question Unable to use SSL unless I expose my IP?
Replies
2
Views
800
f0rtem
f0rtem
UHF
Resolved Domain is not resolvable
Replies
3
Views
1K
UHF
UHF
T
Resolved Lets Encrypt renewal - wildcard seems to want to use http challenge
Replies
2
Views
1K
TomBoB
T
Back
Top