Cloudflare is a SaaS product helping you to optimize and protect your applications against a wide variety of attacks. The role of Cloudflare is to position itself between the users of your apps and your app instances themselves, located in Scalingo infrastructure. Then several features can be used:
HTTPS Termination: By using Cloudflare, you don’t have to care anymore about TLS certificates, they are automatically handled by them. At the precise moment your domain is configured to use their proxy, a valid certificate will be served to your users. Read the End-to-end HTTPS section for more information.
Application Firewall: Cloudflare proxies are looking at incoming requests to check for common attempt to exploit security holes like SQL injections, XSS or known breaches your application might be sensible to. These requests are automatically dropped without threatening your application.
DDoS Protection: If the case an application might be likely to be attacked. Cloudflare positions itself as a shield against a wide variety of distributed DDoS attacks, legitimate keeps being transferred to your application while unwanted ones are dropped.
Setup of your Cloudflare account
The first thing to do is to setup your domain with Cloudflare. It will require to change your domain name servers at the registrar level (the entity which sold the domain). This process might take up to 24 hours.
To go through this process, you are encouraged to follow their official documentation.
Configuration of your application on Scalingo
Configure Cloudflare DNS to target Scalingo
To configure your domain, you need to create a
CNAME DNS entry for each domain
added to the Scalingo application. The target of this
CNAME entry should be
# If the application name is 'my-app' my-app.osc-fr1.scalingo.io.
Add the domains to your application
You need to declare to Scalingo all domains that your app will have to respond to.
Where: Domains/SSL tab of your application
What: Type your domain in the text field and click on
LINK DOMAIN NAME TO THE APP
scalingo --app my-app domains-add example.com scalingo --app my-app domains-add www.example.com # etc. according the the domains you want to target
Cloudflare as DNS server
Cloudflare can also be used as a simple DNS server to configure how your DNS zone
is configured. In this case requests won’t be routed to their infrastructure,
but it is also not possible to use their features caching or application
firewalling. To use it as DNS server only, change the status of the concerned
An advantage of using Cloudflare as DNS provider is that it provides CNAME
flattening on root domains. Usually DNS providers only let you configure
CNAME fields on subdomains (i.e.
www.example.com) but not on root domains
example.com). It obliges you to create a A field targeting a
IP to reach your application, which is not flexible and internal
changes at Scalingo might impact your app. Their DNS service will let you
configure a CNAME entry for a root domain, removing the static IP
Cloudflare offers HTTPS termination so that your application is always reachable via HTTPS. At the precise moment your domain is configured to use their proxy, a valid certificate will be served to your users. However, in order to ensure complete protection to your clients, your application should use the “Full (strict)” mode. With this mode, the traffic to your application is encrypted from your customers browser to your Scalingo hosted application going through Cloudflare network. Cloudflare “Full (strict)” mode will work out of the box along with Scalingo automatic certificate generation with Let’s Encrypt.
Here is Cloudflare documentation page about it.