How to use Cloudflare CDN - Xen-neX/Hiddify-Manager GitHub Wiki

flag_of_Iran  فارسی          

How to use Cloudflare CDN

Cloudflare is the largest provider of CDN services, which has several services that can be used to bypass Internet restrictions. The most important services are explained below.

Site or domain service

It means you are using your server behind a CDN provider. In other words, you register your domain (subdomain) with a CDN provider and then proxy it. Here we discuss how to register on cloudflare. If you want to see a tutorial on how to use GCore CDN on a Cloudflare registered domain, see this link.

Direct domain registration purchased on Cloudflare

First, you register using this link.

Log in after creating a profile. You must add your domain here. For this, click on Add Site button and add your domain.

PICTURE

In the next step, choose your desired plan. The free plan is enough for this. So you choose according to the photo.

PICTURE

In the next step, we do next according to the figure.

PICTURE

In the last step, put the given DNS servers in your domain settings.

PICTURE

Wait a while to register the domain settings. After that, the domain will be activated on the Cloudflare server.

PICTURE

Now you need to go to the registration section of DNS records.

PICTURE

In this case, to record records related to IP version 4, follow the figure.

PICTURE

After clicking on Add record, register the details of the desired subdomain by entering the server IP. Note that the proxy must be turned off for the direct domain.

PICTURE

If needed, you can change the TTL from automatic mode. The lower this value is; DNS records cached on the user's system are refreshed sooner.

To record the records related to IP version 6 of the server, follow the figure.

PICTURE

All the things mentioned about IP version 4 also apply in this case. The only difference is the record type, which is AAAA.

CDN domain registration in Cloudflare

This domain is registered behind the servers of a CDN provider or so-called proxy.

For example, you can use Cloudflare service. So after following the steps mentioned above; Your domain was activated on the site; You should go to the DNS section and register the desired record. This record is type A for IP version 4 and type AAAA for IP version 6. The only difference with the previous step is that you must turn on the proxy.

PICTURE

How to verify CDN domain registration

When you test this domain using various tools such as ping, nslookup, dig; In response, one of the IPs randomly assigned by Cloudflare will return to your domain and there is no more information about your IP. This provides a level of security for your server.

It should be noted that this IP changes in different periods of time and is not fixed. Sometimes it happens that the IP assigned by Cloudflare is blocked or disrupted in Iran, and in this regard, methods to bypass this type of filtering should be used.

Certificate settings of CDN domain

TLS is an algorithm that encrypts all internet traffic and helps the user stay safe online.

to describe precisely; TLS encrypts the communication between the client and the server in the web platform, which uses a set of cryptographic algorithms such as alpn, uTLS, allowInsecure.

Certificates assigned to domains are also based on the TLS protocol.

To do this, go to the SSL/TLS section on the Cloudflare site and set the certificate mode to Full.

PICTURE

Also, activate the SSL/TLS Recommender option to increase connection security. This option checks the connection and gives you security suggestions if it is possible to upgrade the TLS version.

Then go to the Network menu. Here you should check that QUIC, gRPC and WebSockets options are enabled.

PICTURE

PICTURE

Checking security status of CDN domain traffic To do this, go to the SSL/TLS section of the Cloudflare site. A graph is displayed for passing traffic, the more traffic passed based on the higher version TLS; Communication security has been higher. http traffic passes without using TLS encryption.

PICTURE

Worker service

To see details about this service, read this article.

Domain fronting service

To see details about this service, read this article.

This service is currently disabled in Cloudflare.

gRPC service

This service was introduced by Google in 2015 and is based on TLS and HTTP/2, and because its packet size is smaller, it requires less bandwidth and is therefore faster. This service is also active in Cloudflare and is compatible with many of its other services. Therefore, you can activate it on the domain service and use this feature to bypass filtering.

  • To do this, go to the Network section and then enable the gRPC option.

After that, it is possible to send gRPC packets from the client to Cloudflare. After the packets reach Cloudflare, they are forwarded to the original destination, which is your server.

WebSocket wervice

Another cloudflare service is WebSocket, which allows stable communication between the client and the main server. In this case, the client and server can exchange information without the need to re-establish communication and have a stable connection. This service can also be used to bypass filtering.

  • For this, go to the Network section and then activate the WebSockets option.

After that, it is possible to send WebSocket packets from the client to Cloudflare. After the packets reach Cloudflare, they are forwarded to the original destination, which is your server.

QUIC service

This service is based on HTTP/3 and works with TLS1.3. That's why it's so fast because its handshake is much faster than TCP.

http-request-over-quic
  • For this, go to the Network section and then activate the HTTP/3 (with QUIC) option.

QUIC

⚠️ **GitHub.com Fallback** ⚠️