Learn about Centmin Mod LEMP Stack today
Become a Member

Cloudflare DNS Getting started with Cloudflare

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Jon Snow, Oct 20, 2017.

  1. Jon Snow

    Jon Snow Active Member

    190
    27
    28
    Jun 30, 2017
    Ratings:
    +32
    Local Time:
    7:53 PM
    Nginx 1.13.4
    MariaDB 10.1.26
    First time using Cloudflare. I signed up for an account but I haven't done anything yet. This might be considered as recon since I wouldn't be doing anything with it soon but want to do it in the future.

    Do I Need to Change My Name Server to Use CloudFlare?

    This can be limited to Bluehost, but I'm still using it as my reference to find the answer to my question. It says with cPanel, if you use it you don't have to sign up. With CMM and a Cloudflare account, I need to use NameCheap's DNS for email forwarding. Am I out of luck with hiding my IP behind Cloudflare?
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,606
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,297
    Local Time:
    9:53 AM
    Nginx 1.13.x
    MariaDB 5.5
  3. Jon Snow

    Jon Snow Active Member

    190
    27
    28
    Jun 30, 2017
    Ratings:
    +32
    Local Time:
    7:53 PM
    Nginx 1.13.4
    MariaDB 10.1.26
    Thanks! I decided just not to use it.

    I've finished the Cloudflare setup and now I'm waiting for DNS. I haven't created the vhost domain on my server yet. I've added a new IP to my Linode server (currently has two IPs) for the new site and I want to use this new IP with Cloudflare for a WP install.

    Is there anything I need to do on the CMM side to make this work and keep the IP masked?
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,606
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,297
    Local Time:
    9:53 AM
    Nginx 1.13.x
    MariaDB 5.5
    If you use a reverse proxy like Cloudflare in front of Centmin Mod Nginx, you need to setup nginx realip to be passed onto Nginx.

    See Getting Started Guide step 5 and setting correct real ip via nginx module config at http://centminmod.com/nginx_configure_cloudflare.html.

    If using Centmin Mod 123.09beta01 and newer, there's an added tools/csfcf.sh script to aid in this. Details at:
    You just need to setup a cronjob to run
    Code (Text):
    /usr/local/src/centminmod/tools/csfcf.sh auto

    and ensure your nginx.conf http{} context has the include file /usr/local/nginx/conf/cloudflare.conf and/or your individual nginx vhost's server contexts has the same include file
    Then restart nginx server via command shortcut
    Code (Text):
    ngxrestart

    or
    Code (Text):
    service nginx restart
     
  5. Jon Snow

    Jon Snow Active Member

    190
    27
    28
    Jun 30, 2017
    Ratings:
    +32
    Local Time:
    7:53 PM
    Nginx 1.13.4
    MariaDB 10.1.26
    So I need to run that after setting up the vhost for the domain?

    Do I need to do anything to make the second IP work for this site only? Linode said they have a network helper so do I only have to enter that IP in Cloudflare's DNS page?
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,606
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,297
    Local Time:
    9:53 AM
    Nginx 1.13.x
    MariaDB 5.5
    yes for any domain behind needs realip setup

    Adding additional IPs to a server involves 2 main tasks
    1. Adding and registering additional IPs to system network configuration which Linode network helper would of done
    2. Configuring Nginx to use those additional IPs which you need to do yourself

    Configuring Nginx Additional IP Usage



    Nginx can setup Vhosts to use either name based hosting (default) sharing the main IP address or IP based hosting where a Vhost uses a dedicated or different IP address for main IP address. This is controlled by Nginx listen directive How nginx processes a request

    Centmin Mod 123.09beta01 and higher have native support to configure Nginx vhost creation routines to use a separate second IP from the main server IP address via persistent config file /etc/centminmod/custom_config.inc set variable called SECOND_IP discussed and added at Beta Branch - update nginx vhost generator routines support second IP

    Support secondary dedicated IP configuration for centmin mod nginx vhost generator, so out of the box, new nginx vhosts generated will use the defined SECOND_IP=111.222.333.444 where the IP is a secondary IP addressed added to the server.

    You define SECOND_IP variable is centmin mod persistent config file outlined at Upgrade Centmin Mod - CentminMod.com LEMP Nginx web stack for CentOS you manually create the file at /etc/centminmod/custom_config.inc and add SECOND_IP=yoursecondary_IPaddress variable to it which will be registered with nginx vhost generator routine so that any new nginx vhosts created via centmin.sh menu option 2 or /usr/bin/nv or centmin.sh menu option 22, will have pre-defined SECOND_IP ip address set in the nginx vhost's listen directive.

    So in persistent config file you create or already created at /etc/centminmod/custom_config.inc set in it
    Code (Text):
    SECOND_IP=111.222.333.444
    


    Only set SECOND_IP in /etc/centminmod/custom_config.inc if you want future nginx vhosts created listening on the 2nd IP instead primary main IP.



    So at centmin.sh menu option 2, 22 or nv command runs to create a fresh new Nginx vhost instead of server{} context's listen directive being listed as
    Code (Text):
    listen 80;
    

    with SECOND_IP set it will become
    Code (Text):
    listen 111.222.333.444:80;
    

    for HTTPS on port 443

    instead of
    Code (Text):
    listen 443;
    

    with SECOND_IP set it will become
    Code (Text):
    listen 111.222.333.444:443;
    

    where you defined SECOND_IP=111.222.333.444

    Thus allowing you to use a different server IP for new nginx vhosts generated automatically.

    Now if you want to use a different IP address from main server IP or the one defined in SECOND_IP variable, then right now you would need to manually edit your Nginx vhost config file's listen directive yourself defining the additional IP you added earlier and restart Nginx server afterwards
    Code (Text):
    service nginx restart
    

    or centmin mod command shortcut
    Code (Text):
    ngxrestart
    
     
    • Like Like x 1
  7. Jon Snow

    Jon Snow Active Member

    190
    27
    28
    Jun 30, 2017
    Ratings:
    +32
    Local Time:
    7:53 PM
    Nginx 1.13.4
    MariaDB 10.1.26
    That's exactly what I needed.

    So just to confirm, I need to :

    1. Edit my custom_config.inc and add the line with my second IP for the new website.
    2. Remove the added line from custom_config.inc after creating the vhost for the domain that uses the 2nd IP.

    Since I don't want future domains to use the second IP for step #2.
     
  8. eva2000

    eva2000 Administrator Staff Member

    30,606
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,297
    Local Time:
    9:53 AM
    Nginx 1.13.x
    MariaDB 5.5
    yup you can do that add SECOND_IP once for new vhost and then remove it from /etc/centminmod/custom_config.inc
     
    • Like Like x 1
  9. Jon Snow

    Jon Snow Active Member

    190
    27
    28
    Jun 30, 2017
    Ratings:
    +32
    Local Time:
    7:53 PM
    Nginx 1.13.4
    MariaDB 10.1.26
    Done.
    I noticed that this was commented out in both files.

    Just for clarification, do I run /usr/local/src/centminmod/tools/csfcf.sh auto before or after? The first time while reading the instructions, I did it before and then I removed the "#" and ran it again.
     
  10. eva2000

    eva2000 Administrator Staff Member

    30,606
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,297
    Local Time:
    9:53 AM
    Nginx 1.13.x
    MariaDB 5.5
    yes commented out in vhost so just uncomment it

    as to running csfcf.sh you can do it before or after as 123.09beta01 initial install already runs it once these days to populate the include file
     
    • Like Like x 1