Announcement

Collapse
No announcement yet.

How to set up Cloudflare for your 3dcart site

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to set up Cloudflare for your 3dcart site

    This thread will eventually be a guide for other 3dcart customers in how to set up cloudflare with a 3dcart site. I'll edit the original post afterwards so that it's a useful How-to for others. I would appreciate any advice you might be able to give.

    If you see anything incorrect here, let me know and I'll fix it


    What steps are needed with your website domain registrar? (DNS)
    During the signup process, cloudflare will scan your site and tell you to change your dns at the registrar so that it points to cloudflare

    What steps to take regarding the SSL

    ​You need to have an SSL set up at 3dcart and use the "Full SSL-STRICT" option on cloudflare.

    Page Rules on Cloudflare:
    After signing up for cloudflare, it is suggested that you create a page rule that excludes https://www.yoursite/admin/*

    Preserving the IP addresses of your visitors for analytics purposes:

    Cloudflare suggests this:

    Preserving IP information --> Install mod_cloudflare (or equivalent)
    Since CloudFlare acts as a reverse proxy for websites, CloudFlare's IPs are going to show in your server logs. There is an easy fix to restore original visitor IP for any web server. If you have issues with things like GeoIP or .htaccess blocks not working properly on your site, installing mod_cloudflare will resolve the problem immediately.
    A 3dcart user stated:

    You need to open a support ticket to modify something on the server. Not all servers support this modification and we had to be moved to another server resulting in the site being off-line for 8 hours (not sure if the problem was with cloudflare, or 3dcart). When moving servers, you will need to change the IP address on Cloudflare to the new IP provided by 3dcart.
    Security Settings on Cloudflare??

    Performance Settings on Cloudflare??

    Last edited by bzeltzer; 03-05-2015, 10:57 PM.

  • #2
    We have been using Coudflare for over a year now and it is worth every penny.

    We have the cheapest certificate for the longest possible term installed on 3dcart. On CloudFlare I have "FULL SLL" selected. With this setup customer information is always encrypted, between customer and 3dcart, and between 3dcart and Cloudflare.

    With this setup we do not have any problems whatsoever with authentication no matter how we have the links.
    You can get a 5 year SSL for $25, plus $99 install fee. A bargain if you ask me.
    One note, is that these cheap SSLs do not come with a live Validation Link from the badge, so we just made our own "VERIFIED XXXX" popup window linked from the SSL badge. It looks very official and reassuring.

    Comment


    • #3
      On the DNS portion of mine when I signed up I had to change the DNS1 and DNS2 from 3dcrt.com to name servers that were provided to me after cloudflare scanned my site and I clicked the next button. I did however continue to get warnings about identity of the site not being known and a warning that my connection to the site was not encrypted. I opened a support ticket and got a huge long response about mixed content and how I'd need to change/code some of the content on my site. At that point I paused cloudflare and I'm still in the process of attempting to rectify this. If anyone else has had experience with that, I'm sure interested to know how you resolved it?

      Comment


      • #4
        Does anyone know if these items are a concern with 3dcart?

        1. Preserving IP information --> Install mod_cloudflare (or equivalent)
        Since CloudFlare acts as a reverse proxy for websites, CloudFlare's IPs are going to show in your server logs. There is an easy fix to restore original visitor IP for any web server. If you have issues with things like GeoIP or .htaccess blocks not working properly on your site, installing mod_cloudflare will resolve the problem immediately.

        Is this needed?

        2. You should also whitelist all of CloudFlare's IP addresses with your hosting provider and on your server.

        Not sure how to whitelist things but is it necessary or does 3dcart already whitelist them?

        3. Exclude certain URLs from CloudFlare features and caching

        Checkout pages??

        4. use PageRules to exclude the admin section of your website from CloudFlare's optional performance features

        5. Whitelist the IP(s) of services you expect to or want to access your site
        If you expect certain services (APIs, crawlers, payment providers, etc.)...

        Not sure how to whitelist things but do I need to worry about whitelisting big payment processors like authorize.net?

        Comment


        • #5
          As to white listing of Cloudflare IPs, this is already done by 3dcart. No need to worry about it.

          As to preserving customer IPs, that is an issue. You need to open a support ticket to modify something on the server. Not all servers support this modification and we had to be moved to another server resulting in the site being off-line for 8 hours (not sure if the problem was with cloudflare, or 3dcart). When moving servers, you will need to change the IP address on Cloudflare to the new IP provided by 3dcart.

          We don't have anything excluded. Haven't noticed any problems.

          Note, the Visitor stats on Cloudflare are wrong. They know of the issue, and have no plans of fixing the issue.

          Comment


          • #6
            Originally posted by elightbox View Post
            As to white listing of Cloudflare IPs, this is already done by 3dcart. No need to worry about it.

            As to preserving customer IPs, that is an issue. You need to open a support ticket to modify something on the server. Not all servers support this modification and we had to be moved to another server resulting in the site being off-line for 8 hours (not sure if the problem was with cloudflare, or 3dcart). When moving servers, you will need to change the IP address on Cloudflare to the new IP provided by 3dcart.

            We don't have anything excluded. Haven't noticed any problems.

            Note, the Visitor stats on Cloudflare are wrong. They know of the issue, and have no plans of fixing the issue.
            Thank you very much for this information

            Comment


            • #7
              When setting this up, there was a choice for "Performance" and "security. By default they're set to medium and CDN only. Is there a reason not to use the CDN+basic optimization? Also, any opinions of the security level?


              cloudflare2.jpg


              cloudflarge1.jpg

              Comment


              • #8
                For optimization we use CDN+Basic Optimization with no issues
                For Security, It seems like we use the Medium setting, but we also exclude a bunch of countries (China, Easter Block, India, most of Africa, etc..). That screen shot looks new since we signed up.

                Comment


                • #9
                  Originally posted by elightbox View Post
                  For optimization we use CDN+Basic Optimization with no issues
                  For Security, It seems like we use the Medium setting, but we also exclude a bunch of countries (China, Easter Block, India, most of Africa, etc..). That screen shot looks new since we signed up.
                  Thanks again for the info. I turned on a few of the image optimization services independently and something made my main product images stop appearing. I'll have to do a little testing. Mine was one of the initial html5 sites they designed so I have some junky out of date code that may not work the same as everyone else's.

                  Comment


                  • #10
                    Originally posted by bzeltzer View Post

                    ​You need to have an SSL set up at 3dcart and use the "Full SSL-STRICT" option on cloudflare.

                    What does "You need to have a SSL set up at 3Dcart" mean? Do we need to purchase SSL and pay 3dcart for the installation? We have SSL set to Full Strict in Cloudflare, but sill our secure pages go through 3dcart shared SSL, instead of having htts://www.ourdomainname.com we get http://www.ourdomainname-com.3dcartstores.com. How do we change that?

                    Comment


                    • #11
                      Originally posted by Alena C View Post

                      What does "You need to have a SSL set up at 3Dcart" mean? Do we need to purchase SSL and pay 3dcart for the installation? We have SSL set to Full Strict in Cloudflare, but sill our secure pages go through 3dcart shared SSL, instead of having htts://www.ourdomainname.com we get http://www.ourdomainname-com.3dcartstores.com. How do we change that?
                      Yep, to prevent it from using 3dcartstores.com for secure pages, you need to pay for SSL. Cheapest SSL you can get should do the job.

                      Comment


                      • #12
                        Originally posted by bzeltzer View Post
                        Yep, to prevent it from using 3dcartstores.com for secure pages, you need to pay for SSL. Cheapest SSL you can get should do the job.
                        So, correct me if I am wrong. Even though 3dcart installs SSL, let's say GoDadday SSL, the store will be using Cloudflare SSL? I am curios as to what's going to happen after GoDaddy SSL expires. Is it going to switch back to shared SSL, or as long as we have our store connected to CloudFlare we don't ever need to worry about buying another SSL?

                        Comment


                        • #13
                          Originally posted by Alena C View Post
                          So, correct me if I am wrong. Even though 3dcart installs SSL, let's say GoDadday SSL, the store will be using Cloudflare SSL? I am curios as to what's going to happen after GoDaddy SSL expires. Is it going to switch back to shared SSL, or as long as we have our store connected to CloudFlare we don't ever need to worry about buying another SSL?

                          I have been using cloudflares SSL exclusively for a few years. (My SSL ran out a long time ago) Nothing has changed as far as the end user is concerned. If you want to see what it looks like go to:
                          https://www.nmteaco.com

                          Comment


                          • #14
                            Originally posted by NMTEACO View Post


                            I have been using cloudflares SSL exclusively for a few years. (My SSL ran out a long time ago) Nothing has changed as far as the end user is concerned. If you want to see what it looks like go to:
                            https://www.nmteaco.com

                            Oh, good to know! Thanks for sharing

                            Comment


                            • #15
                              Originally posted by NMTEACO View Post


                              I have been using cloudflares SSL exclusively for a few years. (My SSL ran out a long time ago) Nothing has changed as far as the end user is concerned. If you want to see what it looks like go to:
                              https://www.nmteaco.com
                              Just had a look at https://www.nmteaco.com/Forlife_Curve_Teapot_24oz.html and I received the warning about only secure content shown. Check your images as you have something that has the http included instead of just the /images.............. info.
                              Rob

                              Comment

                              Working...
                              X