The Self-Hoster's Guide to Cloudflare
Cloudflare's free tier offers DDoS protection, CDN, and DNS for your self-hosted apps. Here's how to set it up properly.
Why Cloudflare?
Cloudflare's free tier provides an incredible amount of value for self-hosters:
All free. No credit card required.
Setting Up Cloudflare
1. Add Your Domain
Sign up at cloudflare.com and add your domain. Cloudflare scans your existing DNS records and imports them.
2. Change Nameservers
Update your domain registrar to use Cloudflare's nameservers. This routes all DNS queries through Cloudflare.
3. Add DNS Records
Point your domain and subdomains to your server's IP address with A records.
4. Configure SSL Mode
Set SSL mode to "Full (strict)" — this ensures encryption between Cloudflare and your server (where Caddy provides the certificate).
Proxy Mode (Orange Cloud)
When the orange cloud is enabled for a DNS record, traffic flows through Cloudflare's network:
Common Configuration
Always Use HTTPS
SSL/TLS → Edge Certificates → Always Use HTTPS = On
Minimum TLS Version
SSL/TLS → Edge Certificates → Minimum TLS Version = TLS 1.2
HSTS
SSL/TLS → Edge Certificates → HTTP Strict Transport Security = Enabled
Caching
Caching → Configuration → Browser Cache TTL = Respect Existing Headers
Cloudflare + TinyPod
The recommended setup:
1. Cloudflare manages your domain's DNS
2. A records point to your TinyPod server (with proxy enabled)
3. Caddy on the server handles SSL for the origin connection
4. Cloudflare provides CDN and DDoS protection
This gives you enterprise-grade protection for your $5/month server.