I’m running a site that is basically a frontend to a database, the server puts Cache-Control headers on each page. I’d like to have Cloudflare or some other CDN between fly and my server to cache these pages for e.g. 24 hours because the database doesn’t update often. The goal isn’t just to serve pages faster, but reduce load on the database.
What’s the easiest way to do this? Using the orange cloud (cloudflare proxy) from Cloudflare on the DNS record just seems to break SSL certificates for me- I’m sure there’s a way to do it but I’m not sure if there’s an explicit guide on it anywhere.
Full, then I pointed A and AAAA records to fly. I’m using the shared ipv4 ip
I got it to work briefly but then cloudflare was throwing 520s where it couldn’t handshake with fly. I’d kind of prefer to use flexible and just have fly serve http but that seems to be discouraged.
Ok update: This might be because the browser is caching the certificate? I’m going to leave it on proxy mode for a bit because it seems to work in incognito
Delete that record and recreate it. Leave the Proxy as DNS only. Then create a cert in your app… wait a few minutes then toggle the proxy status to the orange cloud.
@khuezy does that have to happen after every deploy? I wish I understood the behavior better- We deploy this site daily so it’d be annoying to have to do that. It’s also annoying to switch to “flexible” because if I understand cloudflare that is a domain-wide setting so it would impact other subdomains.
Originally fly had obtained a certificate via the A/AAAA records with Cloudflare in DNS only mode, once fly has a certificate does it ever need to reissue it? e.g. if switching from A/AAAA to CNAME or on renewal?
Should users expect that their browsers will cache the certificate from fly, and therefore should expect to see a 520 from cloudflare or something like that?
So the site has been down most of the day with the 520, i was waiting for a cache to clear or something but I had a friend verify they were also getting a 520 and I have no idea why it was working in incognito.
The CNAME record, whether DNS-only or proxied by cloudflare broke the site, it was unable to reach the host.
I reverted to the A/AAAA records and the site is back up with Cloudflare DNS-only mode.
Edit: I made a mistake! The proxy was set to Flexible instead of Full when I was messing around above! Make sure to set your Cloudflare proxy mode to Full as shown below.
