Setting Up CloudFlare CDN on a Website

1.) Create a CloudFlare account

2.) Setup an SSL certificate (it will be uploaded with the alias setup)

One of the features that OpenShift Online has is the chance to use your own SSL certificates for new application aliases. The main purpose to use your own self-signed certificates in your application aliases is to identify and provide who is the owner of the website. If you want to know more, please visit the following link: https://www.openshift.com/blogs/domain-names-and-ssl-in-the-openshift-web-console.

Creating the SSL certificate

Executing this command you will create two certificates:

  • The SSL certificate: cert.pem.
  • The private key certificate: key.pem.
$ openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650
Generating a 2048 bit RSA private key
............+++
..+++
writing new private key to 'key.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:ES
State or Province Name (full name) [Some-State]:Your State
Locality Name (eg, city) []:Your Town
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Test Ltd.
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:your-site.example.com                                        
Email Address []:[email protected]

I used 3650 days (10 years) for certificate validity and random information for educational purposes. Use your own information and FQDN for your OpenShift Online application alias.

 3.) Setup the CNAME record with my DNS provider

Click CPanel Hosting->Domains

MORE THAN 6 DOMAINS (I.E. 7 OR MORE)

  1. Click the domain name you want to use.
  2. Click the DNS Zone File tab.
  3. Click Add Record.
  4. From the Record type list, select CNAME (Alias).
  5. Complete the following fields:
    • Host: — Enter the subdomain name for the alias assignment. For example, type www.dukesdojo.com
      • NOTE: If “www” already exists, you must delete it first.
    • Points to: — Enter the host name you want the alias to point to. For example, type @ to map the alias directly to your domain name or blog-dukesdojo.rhcloud.com to point to OpenShift.
    • TTL: — Select how long the server should cache the information.
  6. Click Finish, then click Save Changes.

You can click Restore Defaults in the CNAME (Alias) section of the Zone File Editor to restore the default CNAME records for your domain name.

4.) Setup a domain alias for your URL via OpenShift web console

CloudFlare will not work directly on appname-domain.rhcloud.comURLs because OpenShift Online users cannot control the nameservers for rhcloud.com

On the application’s settings page, there should be a “change” link next to your initial OpenShift-provided hostname:

Change your application's domain name

Clicking this link will open up the new hostname configuration page:

Configure OpenShift to field requests addressed to your domain

Here you can enter the domain name that you would like to associate with your application. I’ve decided to make my parks application available at “http://parks.ryanjarvinen.com/“.

Configuring your application to be available on a subdomain is generally easier. We’ll see why in the next section.

Click “Save“, at the bottom of the page when you’re ready to save your settings.

You should see a notification message if the host alias was configured successfully:

OpenShift console domain configuration success message

Additional host aliases can be added as needed.

 4a.)

Uploading the certificate

NOTE: I placed my files in /Users/ksmith/git/vship

Once you have generated your self-signed certificate, you must uploaded to your OpenShift Online application. You have two ways:

  • Using the OpenShift Online web UI
  • Using the command line tool rhc. If you use the web UI, go to your application, click on the alias which you want to upload the new certificates and the following dialog will appear:

Upload your certificates and press “Save“.

On the other hand, if you use the rhc command (the method I prefer to use), you must execute the following command:

$ rhc alias update-cert <app_name> -n <domain> <app_alias> --certificate cert.pem --private-key key.pem

5.) Add OpenShift website to CloudFlare

Next, continue to the Add a website form or sign in to CloudFlare and go to the Websitespage. Type in your OpenShift site’s custom domain name, which I will call www.yourdomain.com, and click Add website.

The domain you enter must be a custom domain, set up with an alias on OpenShift through RHC or the web console. CloudFlare will not work directly on appname-domain.rhcloud.comURLs because OpenShift Online users cannot control the nameservers for rhcloud.com.

One you have added the website, CloudFlare will retrieve the site’s current DNS records.

Screenshot of the Add Website form for use with OpenShift

6.)

Verify That All Of Your DNS Records Are Listed Below/Configure DNS Records on CloudFlare

CloudFlare will present you with a list of site DNS records. The screenshot below shows this for my website lambdaladies.com, which is hosted on OpenShift Online.

Screenshot of the DNS record list for LambdaLadies.com

You can choose which parts of your site are directed through the CDN and add or delete records if you wish. If your site DNS is set up properly, you may not need to touch the records at all.

The service automatically creates a new ‘direct’ subdomain for direct application access, that can be used to bypass the CloudFlare network when you are using the domain to access services such as SSH or FTP. This record can be deleted if you wish as it is not necessary for OpenShift sites, given you can bypass the CDN via the appname-domain.rhcloud.com URL, which is used by tools such as RHC for SSH access.

CloudFlare allows users to create CNAME entries for naked domains, such as yourdomain.com, but this is not considered good practice and can cause mail sent to your domain to bounce. If you did want to do this, you would delete the A record and add a CNAME for yourdomain.com pointing to appname-domain.rhcloud.com. There is more discussion about alternatives in this blog post.

Once you are done configuring your DNS records, click I’ve added all missing records, continue.

7.)Change Your Nameservers

thevship.org is registered with godaddy

The transfer process can take up to 24 hours. There will be no downtime when you switch your name servers. Traffic will gracefully roll from your old name servers to the new name servers without interruption. Your site will remain available throughout the switch.

Current Nameservers Change Nameservers to:
ns73.domaincontrol.com newt.ns.cloudflare.com
ns74.domaincontrol.com tess.ns.cloudflare.com

Leave a Reply