• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Cloudflare

othmaqsa

Regular Pleskian
Server operating system version
18.0.55 Update #1
Plesk version and microupdate number
20.04.6 LTS
Hello,

I have few questions about using Cloudflare with Plesk.

1- Do I need to add all the DNS records mentioned in Plesk, in the Cloudflare dashboard, like SRV record etc ?
2- Is it recommended to use Cloudflare's Full (Strict) encryption with Plesk or Full is enough? I have tried few months ago to use the option Full, but I have noticed the error 520/521 is randomly occur, multiple times per day?

Thanks.
 
1- Do I need to add all the DNS records mentioned in Plesk, in the Cloudflare dashboard, like SRV record etc ?
You don't need all records, only those you believe you'll actually need so if you're planning on using autodiscover for email configuration then yes you'll need the SRV records.

Now there is an extension that allows you to sync your DNS records to Cloudflare for you so you can do all your records within Plesk itself.
2- Is it recommended to use Cloudflare's Full (Strict) encryption with Plesk or Full is enough? I have tried few months ago to use the option Full, but I have noticed the error 520/521 is randomly occur, multiple times per day?
In all honestly it's completely up to you what level of encryption to use but depending on which level will depends on if you need a valid certificate or not. Like for one of my site I use flexible so the encryption between the browser and cloudflare is encrypted but the rest is whatever because I've had weird issues using any of the others and been too lazy to fix it. Full allows you to use a self signed certificate on the server while full strict requires you to have a certificate from a trusted CA or use the cloudflare's origin ca cert on the server. It basically comes down to personal preferences with how you have things configured.

TECNECHALLY speaking you should use Full Strict whenever possible and use Full if you can't use Full Strict.
 
@scsa20 , thank you for your message.

I have another question please:

I have added real_ip_header CF-Connecting-IP; in the Additional nginx directives in order to log the real IP address of the user, but the CF IP still showing in the logs.

A solution please ?
 
If you do a search you can find this post

Follow that instructions to get real IP working correctly.
 
Back
Top