The guide assumes that you have an application up and running on Qovery. We'll go through the process of adding a new Custom Domain to the application and use Cloudflare as the domain provider. We also assume that you own a custom domain on Cloudflare (or any other domain registrar):

Adding a Custom Domain

First, let's open application settings:

Add your Cloudflare managed domain in Domain section:

Cloudflare Configuration

CNAME

To finish the configuration on Cloudfalre, open the DNS Settings:

And add a CNAME entry with the value taken from the Qovery Console just like this:

You can safely use the Proxy mode.

SSL/TLS

The last step to configure the domain Cloudflare side properly, is to use the Full TLS encryption:

This is the requirement to make Custom Domain work properly using Cloudflare as the domain provider on Qovery.

Restrict application access

If you want to limit the application access via Cloudflare only, you have two ways to perform it:

IP whitelisting

In Qovery it is possible to whitelist a range of IPs that can reach your application:

• In the advanced settings section of your application:

  

• Get the Cloudflare ips
• Edit the network.ingress.whitelist_source_range setting and add the Cloudflare IPs separated with a comma:

  

• Save and redeploy your application

Cloudflared

Cloudflared establishes outbound connections (tunnels) between your resources and Cloudflare’s global network.

You have different ways to install Cloudflared on your cluster, you can find the installation instructions within this documentation Since Cloudflared establishes a tunnel for you and the domain and TLS management is done by Cloudflare, you don't need to expose publicly the application during the setup (See port setup

You can decide to install Cloudflared by yourself or via Qovery. Within the section below, you will find documentation on how to install Cloudflared as a container in one of the Qovery environments. By creating and deploying the following service, using the Cloudflared image:

Create a TUNNEL_TOKEN secret environment variable (Scope: Environment) to pass the Cloudflare token.

Once your tunnel is created and connected, you have to set the public hostname and the related service settings.

To get the service name of your application deployed by Qovery, you can get it in your application variables:

This setup works for static environments but not for dynamic ones since the service name is dynamic. We should probably suggest to use the cloudflared helm chart once we release helm deployment

Conclusion

After following the steps from above, our application should be accessible using the custom domain we selected:

In the guide we went through all the necessary steps to configure Cloudflare and Qovery to make use of your custom domain.