ReadyMage Help
  • ReadyMage
  • USER PORTAL
    • User Portal Access
    • Change Password
    • Two-Factor Authentication
  • Project Management
    • Project List
    • Project Settings
      • General Info
      • Git Management
      • Environments
      • Members and roles
      • Security
        • Deletion Protection
        • TFA Enforcement
      • Delete Project
  • Application Management
    • Magento Details
    • Domain Management
    • Logs & Monitoring
    • Backups
      • Backup process
      • Disaster recovery process
    • Deployments
      • Deploy without build cache
      • Queue Tab (Launching soon)
      • Settings Tab (Launching soon)
        • Automatic Deployments
        • ReadyMage Maintenance Page
          • Website Access During Maintenance
      • Notifications Tab (Launching soon)
        • Managing email notifications
        • Managing Slack notifications
      • Pipeline Deployments
      • Pipeline Configuration file
        • Migration guide from 0.x.x to 1.0.0
    • SSH Access
      • SSH Usage
      • Database Access using Graphical Interface
      • Troubleshooting
    • IP Whitelist
    • Password Authentication
    • Database & Media
    • Search Engine Bots Discovery
  • Service Management
    • Server-Side Rendering
    • SFTP
    • NewRelic
    • Packagist Modules
    • Cloudflare
  • Infrastructure Management
    • Autoscale
    • Sleep Mode
    • Manage Services
    • Historical Resource Usage
  • PROJECT DEVELOPMENT
    • Node.js version
    • Store access
    • Creating a Production Environment
    • Additional Environments
    • ScandiPWA, PWA Studio, Hyva, or Luma
    • Project Migration to ReadyMage
    • SSH Access for Magento CLI, database and media
    • Code customization and local setup
    • Extension installation
    • Add translations (switch locale)
    • Existing ScandiPWA Project Code Migration
    • Database and media migration
    • Redirect setup
    • Connect CDN and WebP optimization
    • Email setup
    • Changing the Domain & Multi-Store Set up
    • Internal service addresses
    • Kibana filters and useful CLI commands
    • Persistent directories
  • FAQ
    • General
    • Autoscaling
    • Billing
    • User Portal Options
    • Services connected to ReadyMage
    • Hosting, managing resources and autoscaling
    • Source Code Management
    • ScandiPWA and Magento Versions, Commerce Edition and Upgrades
    • Supported software versions
Powered by GitBook
On this page
  • Setup for a domain hosted on Cloudflare
  • Setup for a domain hosted outside of Cloudflare
  • Recommended Cloudflare settings
  • SSL/TLS
  • Security
  • Speed
  • Caching
  • Rules
  • Exclude Magento admin from Cloudflare

Was this helpful?

  1. PROJECT DEVELOPMENT

Connect CDN and WebP optimization

Connect CDN for free and get unlimited WebP image optimization for 20$ per month. WebP compression helps to make your store faster reducing image size up to 50%. Visit https://www.cloudflare.com/ for more details.

Throughout the guide replace "yourdomain.com" with the domain you are connecting to Cloudflare.

Setup for a domain hosted on Cloudflare

  1. Open a Cloudflare account and attach billing information

  2. Migrate DNS records to Cloudflare if the domain is not already there.

  3. Switch NS records in the register if the domain is not already there.

  4. Point www.yourdomain.com CNAME — lb.ireland.eu.i.readymage.com (for instance created in EU Ireland region), — lb.ohio.us.i.readymage.com (for instance created in US Ohio region), — lb.stockholm.eu.i.readymage.com (for instance created in EU Stockholm region), — lb.central.ca.i.readymage.com (for instance created in Canada Central region), — lb.central.me.i.readymage.com (for instance created in Middle East UAE region) proxy → yes

  5. Point yourdomain.com CNAME — lb.ireland.eu.i.readymage.com (for instance created in EU Ireland region) — lb.ohio.us.i.readymage.com (for instance created in US Ohio region), — lb.stockholm.eu.i.readymage.com (for instance created in EU Stockholm region), — lb.central.ca.i.readymage.com (for instance created in Canada Central region), — lb.central.me.i.readymage.com (for instance created in Middle East UAE region) proxy → yes

  6. Adjust Cloudflare settings according to recommended settings.

Setup for a domain hosted outside of Cloudflare

Cloudflare setup if you host your domain outside of Cloudflare and can't migrate NS records:

  1. Open a Cloudflare account and attach billing information

  2. Purchase Cloudflare Business Plan for 200$ for the specific domain.

  3. Contact Cloudflare support asking to switch the account using TXT (CNAME) validation method. Cloudflare performs the switch within hours.

  4. Cloudflare support will provide you with the DNS record that you need to add.

  5. Add the provided DNS record to your existing DNS hosting panel and wait for Cloudflare activation.

  6. In Cloudflare point: www.yourdomain.com CNAME — lb.ireland.eu.i.readymage.com (for instance created in EU Ireland region) — lb.ohio.us.i.readymage.com (for instance created in US Ohio region), — lb.stockholm.eu.i.readymage.com (for instance created in EU Stockholm region), — lb.central.ca.i.readymage.com (for instance created in Canada Central region), — lb.central.me.i.readymage.com (for instance created in Middle East UAE region) proxy → yes

  7. In Cloudflare point: yourdomain.com CNAME — lb.ireland.eu.i.readymage.com (for instance created in EU Ireland region) — lb.ohio.us.i.readymage.com (for instance created in US Ohio region), — lb.stockholm.eu.i.readymage.com (for instance created in EU Stockholm region), — lb.central.ca.i.readymage.com (for instance created in Canada Central region), — lb.central.me.i.readymage.com (for instance created in Middle East UAE region) proxy → yes

  8. In existing DNS hosting panel point: www.yourdomain.com CNAME www.yourdomain.com.cdn.cloudflare.net

  9. In existing DNS hosting panel point: yourdomain.com CNAME yourdomain.com.cdn.cloudflare.net

  10. Adjust Cloudflare settings according to recommended settings:

Recommended Cloudflare settings

SSL/TLS

Edge Certificates

  • Always Use HTTPS → On

  • HSTS

    • Enable HSTS → On

    • Max Age Header → 6 months

    • Apply HSTS policy to subdomains → Off

    • Preload → On

    • No-Sniff Header → On

  • Minimum TLS Version → TLS 1.2

  • Opportunistic Encryption → On

  • TLS 1.3 → On

  • Automatic HTTPS Rewrites → On

Security

WAF → Managed rules

  • Managed rules → On

  • Cloudflare Managed Ruleset

    • Cloudflare Magento → On

    • Cloudflare Php → On

Bots → Configure Super Bot Fight Mode

  • JavaScript Detections → Off (if you leave it "on", the performance will decrease slightly, but it will be possible to detect robots more accurately)

Settings

  • Browser Integrity Check → On

  • Privacy Pass Support → On

  • Replace insecure JavaScript libraries → On

Speed

Image Optimization

  • Polish → Lossy + webP

  • Mirage → On

Content Optimization

  • Early Hints → On

  • Rocket Loader → Off (You can try to enable it for sites that are not single-page applications [SPA], for example, for ScandiPWA which is a SPA site it should be disabled)

Protocol Optimization

  • HTTP/2 → On

  • HTTP/2 to Origin → On

  • HTTP/3 (with QUIC) → On

  • Enhanced HTTP/2 Prioritization → On

  • 0-RTT Connection Resumption → On

Caching

Configuration

  • Crawler Hints → On

Rules

Page Rules → Create Page Rule

  • *site.com/static/*, Browser Cache TTL: a year, Cache Level: Cache Everything, Edge Cache TTL: a year, Origin Cache Control: Off

  • *site.com/media/*, Browser Cache TTL: a year, Cache Level: Cache Everything, Edge Cache TTL: a year, Origin Cache Control: Off

Exclude Magento admin from Cloudflare

In order to avoid Cloudflare becoming a bottleneck for long backend operations, you can exclude it from Cloudflare.

Replace admin.yourdomain.com with your Magento 2 admin URL.

  1. Set up a separate domain for your Magento 2 admin that differs from your Magento 2 front-end domain.

  2. Point admin.yourdomain.com CNAME lb.eu.i.readymage.com (for instance created in EU region) /lb.us.i.readymage.com (for instance created in US region), proxy → no.

PreviousRedirect setupNextEmail setup

Last updated 12 days ago

Was this helpful?