Connect your domain
Many of our layer 7 services depend on your domain using Cloudflare as a reverse proxy ↗ for its HTTP/HTTPS
traffic.
To get started with Cloudflare as a reverse proxy, you must first create an account and connect your domain. After creating your account, select Add site and follow the step-by-step tutorial to configure your DNS records, which informs Cloudflare where to forward requests.
Your domain is always in your control - connecting your domain to Cloudflare does not mean that you are relinquishing ownership. If you decide to transfer your domain registration to be managed at Cloudflare, you will still retain full ownership.
When you connect your domain to Cloudflare, a set of default configurations is generated for our application services, based on the domain plan ↗. These services determine how Cloudflare treats traffic for your domain.
Your configurations will only affect live traffic (that is, when your domain’s status is active and its traffic is proxied). Notably, your configurations can be altered prior to activating or enabling the proxy status on the DNS records for the hostnames you want to proxy.
Use the Cloudflare dashboard or API to modify, test, or version your configuration.
In a full setup, your domain will be pending until you update its nameservers at your domain registrar with the assigned Cloudflare nameservers. This step is essential for two reasons:
- First, to inform DNS resolvers that your traffic should route through Cloudflare
- And second, to verify that you are the domain’s owner. Only the owner or administrator of a domain can access its registrar and change its nameservers.
Registrars take up to 24 hours to process nameserver changes (quicker in most cases). You will receive an email when your domain becomes active. While your domain is pending, your HTTP/HTTPS
traffic is not proxied through Cloudflare, but Cloudflare will respond to DNS queries on your assigned nameservers.
By activating your domain on a full setup, your traffic will immediately start using Cloudflare’s DNS services, so it is important to review how to avoid downtime and what proxying traffic means.
In a full setup, it is essential that your domains DNS table has all your DNS records configured properly before activating your domain. In addition, you may need to:
- Disable DNSSEC. DNSSEC is a security extension that ensures all DNS answers can be trusted. If nameservers are changed before disabling DNSSEC, their cryptographic signatures will no longer match and DNS resolution will fail. After your domain is successfully activated, you should enable DNSSEC again.
- Accept Cloudflare traffic. If you are proxying traffic to your origin, you need to ensure that your origin will accept connections from Cloudflare. One way to do this is to allow traffic originating from Cloudflare IPs. You can harden the connection between Cloudflare and your origin by using Authenticated Origin Pulls (mTLS). An alternative approach to proxy traffic to your origin is to configure a Cloudflare Tunnel.
- Configure SSL/TLS. The first thing Cloudflare does when it receives a
HTTP/HTTPS
request is decryption.