> ## Documentation Index
> Fetch the complete documentation index at: https://www.qovery.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Setting Up Cloudflare and Custom Domain on Qovery

> Configure Cloudflare as a domain provider for your Qovery applications

This tutorial guides you through configuring Cloudflare as a domain provider for applications deployed on Qovery. The process involves adding a custom domain and establishing proper DNS and SSL/TLS settings.

## Prerequisites

* Active Qovery application
* Domain ownership on Cloudflare or registrar
* Access to Cloudflare DNS settings

## Step 1: Add a Custom Domain

1. Access your application settings in Qovery Console
2. Navigate to the **Domains** section
3. Enter your Cloudflare-managed domain
4. **Critical**: Enable the **"Domain behind a CDN"** toggle

<Info>
  Enabling "Domain behind a CDN" automatically disables certificate generation since Cloudflare handles SSL/TLS management.
</Info>

<Frame>
  <img src="https://mintcdn.com/qovery/oR5FEQ5ecXf7EXKc/images/cloudflare/1.png?fit=max&auto=format&n=oR5FEQ5ecXf7EXKc&q=85&s=72d6203901c793980abf5c9b148b6018" alt="Add custom domain" width="2212" height="848" data-path="images/cloudflare/1.png" />
</Frame>

## Step 2: Configure Cloudflare DNS

### Add CNAME Entry

1. Go to Cloudflare DNS settings
2. Add a CNAME entry using values provided by the Qovery Console
3. The proxy mode can remain enabled

<Frame>
  <img src="https://mintcdn.com/qovery/DYuxDyyByK2wvJFz/images/cloudflare/2.png?fit=max&auto=format&n=DYuxDyyByK2wvJFz&q=85&s=0773a5349443b2cd51fb7989c4c5570a" alt="Cloudflare CNAME configuration" width="2784" height="1820" data-path="images/cloudflare/2.png" />
</Frame>

<Frame>
  <img src="https://mintcdn.com/qovery/DYuxDyyByK2wvJFz/images/cloudflare/3.png?fit=max&auto=format&n=DYuxDyyByK2wvJFz&q=85&s=1c1d01ffa6e1879a88b8ef0e1105ab01" alt="CNAME record details" width="2784" height="1820" data-path="images/cloudflare/3.png" />
</Frame>

## Step 3: Configure SSL/TLS Settings

The last step to configure the domain Cloudflare side properly is to use the **Full** TLS encryption for proper custom domain functionality.

1. Navigate to **SSL/TLS** settings in Cloudflare
2. Select **Full** encryption mode

<Frame>
  <img src="https://mintcdn.com/qovery/oR5FEQ5ecXf7EXKc/images/cloudflare/4.png?fit=max&auto=format&n=oR5FEQ5ecXf7EXKc&q=85&s=c17df7b346f20790286e6156740e07ae" alt="SSL/TLS Full encryption" width="2003" height="986" data-path="images/cloudflare/4.png" />
</Frame>

<Warning>
  Using "Flexible" encryption mode will not work properly with Qovery. Always use "Full" or "Full (strict)" mode.
</Warning>

## Step 4: Access Restriction Options

You have two options for restricting access to your application:

### Option 1: IP Whitelisting

Add Cloudflare IP ranges to Qovery's advanced settings to allow only Cloudflare traffic.

<Frame>
  <img src="https://mintcdn.com/qovery/oR5FEQ5ecXf7EXKc/images/cloudflare/5.png?fit=max&auto=format&n=oR5FEQ5ecXf7EXKc&q=85&s=56eff29c5d1ccb2c1f24e9dcafebaf70" alt="IP whitelisting configuration" width="2358" height="1354" data-path="images/cloudflare/5.png" />
</Frame>

### Option 2: Cloudflared Tunnel

Cloudflared establishes outbound tunnels between resources and Cloudflare's network, enabling tunnel-based access without public exposure.

<Frame>
  <img src="https://mintcdn.com/qovery/oR5FEQ5ecXf7EXKc/images/cloudflare/6.png?fit=max&auto=format&n=oR5FEQ5ecXf7EXKc&q=85&s=c3c6bbc0713fb154ea3a3b9141de850f" alt="Cloudflared tunnel setup" width="3380" height="1278" data-path="images/cloudflare/6.png" />
</Frame>

<Frame>
  <img src="https://mintcdn.com/qovery/oR5FEQ5ecXf7EXKc/images/cloudflare/7.png?fit=max&auto=format&n=oR5FEQ5ecXf7EXKc&q=85&s=4674eae8a8ebfd03fb9b8fb74808da18" alt="Tunnel configuration" width="3068" height="2168" data-path="images/cloudflare/7.png" />
</Frame>

## Verification

Once configured, your application should be accessible via your custom domain through Cloudflare's network.

<Frame>
  <img src="https://mintcdn.com/qovery/DYuxDyyByK2wvJFz/images/cloudflare/8.png?fit=max&auto=format&n=DYuxDyyByK2wvJFz&q=85&s=2916c342b2261082a30de695b90b1076" alt="Domain verification" width="2784" height="1820" data-path="images/cloudflare/8.png" />
</Frame>

<Frame>
  <img src="https://mintcdn.com/qovery/DYuxDyyByK2wvJFz/images/cloudflare/9.png?fit=max&auto=format&n=DYuxDyyByK2wvJFz&q=85&s=536e052627f9c34437d33dc87de8f570" alt="SSL certificate verification" width="2784" height="1820" data-path="images/cloudflare/9.png" />
</Frame>

***

## Additional Configuration

### Advanced Cloudflare Features

You can leverage Cloudflare's additional features:

<Frame>
  <img src="https://mintcdn.com/qovery/DYuxDyyByK2wvJFz/images/cloudflare/10.png?fit=max&auto=format&n=DYuxDyyByK2wvJFz&q=85&s=1f5484a6ccb1e135e6b56d2b60481298" alt="Cloudflare WAF" width="2784" height="1820" data-path="images/cloudflare/10.png" />
</Frame>

<Frame>
  <img src="https://mintcdn.com/qovery/oR5FEQ5ecXf7EXKc/images/cloudflare/11.png?fit=max&auto=format&n=oR5FEQ5ecXf7EXKc&q=85&s=7a74578636a626a15b042b5f44819d8e" alt="Firewall rules" width="1083" height="301" data-path="images/cloudflare/11.png" />
</Frame>

<Frame>
  <img src="https://mintcdn.com/qovery/DYuxDyyByK2wvJFz/images/cloudflare/12.png?fit=max&auto=format&n=DYuxDyyByK2wvJFz&q=85&s=15412df1ded1ac38f56e0025963de1cb" alt="Page rules" width="2784" height="1820" data-path="images/cloudflare/12.png" />
</Frame>

<Frame>
  <img src="https://mintcdn.com/qovery/DYuxDyyByK2wvJFz/images/cloudflare/13.png?fit=max&auto=format&n=DYuxDyyByK2wvJFz&q=85&s=aa847d7c33c08a88c5c79fca5d64c73c" alt="Analytics dashboard" width="2784" height="1820" data-path="images/cloudflare/13.png" />
</Frame>

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="Domain not resolving">
    * Verify CNAME record is correct
    * Check DNS propagation (can take up to 48 hours)
    * Ensure proxy mode is enabled in Cloudflare
  </Accordion>

  <Accordion title="SSL/TLS errors">
    * Confirm "Full" encryption mode is selected
    * Wait for SSL certificate provisioning (5-10 minutes)
    * Check that "Domain behind a CDN" toggle is enabled in Qovery
  </Accordion>

  <Accordion title="502 Bad Gateway errors">
    * Verify application is running in Qovery
    * Check that the CNAME points to the correct Qovery domain
    * Ensure Cloudflare IP ranges are whitelisted if using IP restriction
  </Accordion>
</AccordionGroup>

***

## Related Documentation

<CardGroup cols={2}>
  <Card title="Custom Domains" icon="globe" href="/configuration/application">
    Learn about custom domain configuration
  </Card>

  <Card title="SSL/TLS Certificates" icon="lock" href="/getting-started/security-and-compliance/overview">
    Understand SSL/TLS certificate management
  </Card>

  <Card title="Advanced Settings" icon="sliders" href="/configuration/service-advanced-settings">
    Configure advanced service settings
  </Card>

  <Card title="Networking" icon="network-wired" href="/configuration/integrations/api-gateway-nginx">
    Learn about networking and ingress
  </Card>
</CardGroup>