[GENERAL QUESTION] Regarding setting up cloudflare
So we're a bit lost when it comes to network security.
Basically what's going on is that we have a running backend app > aaaand we're expecting to be DDoS-ed 1 or 2 times > which lead us to setting up cloudflare.
Now, we don't know if setting up this https://railway.app/template/cf-tunnel would do the job and (in case of yes) if there's anyone willing to help us, whether as a paid Railway service or what not (We're not trying to stretch the ToS or anything, we just don't know whats allowed and what not to ask/do in here)
Solution:Jump to solution
okay so you want to use cloudflare for ddos protection, there's two main ways to do that -
- use Cloudflare's proxy with the CNAME railway gave you.
you will need to remove and replace the domain to get a new CNAME.
this means traffic to your site would go through cloudflare's proxy and then through railway's proxy....
30 Replies
Project ID:
2856e5bf-b7e7-469d-a8b1-dd8ff16514a02856e5bf-b7e7-469d-a8b1-dd8ff16514a0
this is definitely a question for the community, so you are in the right place!
What do you currently have setup?
Just a NestJs app with like 4 endpoints, all available to public, no authentication layer, and some lenient rate limits
do you have a custom domain set on it?
yea
jeetscape.com
is that with cloudflare?
no, just linked to railway
we don't have any cloudflare setup yet
who is the domain with right now?
there's only 1 CNAME record pointing to railway, that's all
if you meant who is owning the domain, us
im talking about who the domain is with
oh
namecheap
are the nameservers also namecheap?
I reckon yes
we didn't touch those, just added a cname record for railway
Solution
okay so you want to use cloudflare for ddos protection, there's two main ways to do that -
- use Cloudflare's proxy with the CNAME railway gave you.
you will need to remove and replace the domain to get a new CNAME.
this means traffic to your site would go through cloudflare's proxy and then through railway's proxy.
- use cloudflare's tunnel .
for this you would not have any custom or railway provided domain in your railway service and the domain would solely be managed by cloudflare.
this means traffic would go through cloudflare's proxy and into the private network to communicate with your application directly, bypassing railways proxy entirely.
either option would require you to use cloudflare's nameservers, so go ahead and do that anyway.
bypassing railway proxy
does the railway proxy apply some additional filters / black box magic good stuff or it's irrelevant for the task at hand?
it doesn't provide any ddos mitigations for an individual users application, but it's an extra layer that could be eliminated
oh well, then I guess we'll setup a cloudflare tunnel then, thx for help
did you need help with that? it can be tricky the first time around
we kinda do need help with everything that has the word "cloudflare" in it (which is I guess out of bounds in this case), let alone the railway cloudflare component 😂
this is a railway server so we have to draw a line in the sand on what we can and can't help with but I'd say helping you setup a cloudflare tunnel is within reach since it's tightly integrated with railway
well, we gotta clear the first hurdle first before getting to railway, which is setting up a cloudflare proxy with the appropriate rules
so I guess let ya know when we get past that
you aren't even using cloudflare yet, you are jumping a few steps there
no, in the begining we assumed this template was a do it all kind of thing, but now we got a better picture
first you need to start using cloudflare's nameservers -
https://developers.cloudflare.com/dns/zone-setups/full-setup/setup/
on it
can close this ticket, went the easy route without tunneling, since we're using duplex communication and it looks like we might encounter some issues
also, this was a lifesaver https://discord.com/channels/713503345364697088/1238796472716099606/1241738857528168509
you now just have your domain managed by cloudflare?
yea
sounds good