From 5ddda8fb585b0101564784b94dd4b5f1acf35fd5 Mon Sep 17 00:00:00 2001 From: Mikulas Tomanka Date: Tue, 2 Sep 2025 15:32:00 +0200 Subject: [PATCH 1/4] Improve suggestions for Orange to Orange / custom Cloudflare configuration --- .../what-is-umbraco-cloud/frequently-asked-questions.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md b/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md index b61bb68f4ac..75abcfd19b4 100644 --- a/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md +++ b/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md @@ -954,9 +954,12 @@ For questions about resource usage, contact the support team. ### Can Cloudflare be used with Umbraco Cloud? -Yes. Since Umbraco Cloud already uses Cloudflare for DNS, hostnames must be enrolled as **DNS Only** with a CNAME pointing to `dns.umbraco.io`. Once the hostname appears as **Protected** in the **Project** > **Hostname** section, **Proxying** can be enabled in Cloudflare if specific features like Page Rules are required. +Yes. Hostnames managed in a customers CF zone can be be enrolled as **DNS Only** or by using [the hostname pre-validation flow](https://docs.umbraco.com/umbraco-cloud/go-live/manage-hostnames/hostname-pre-validation) in the [orange-to-orange configuration](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/how-it-works/). -For optimal performance, keeping the DNS entry set to **DNS Only** in Cloudflare is recommended. This allows Umbraco Cloud to manage automatic Transport Layer Security (TLS)/HTTPS certificates for hostnames. Before implementing a custom Cloudflare setup, consult the support team via chat or [email](mailto:support@umbraco.com). +- [Orange-to-orange configuration](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/how-it-works/) is the recommended approach for maximum control as you get to keep full control of you Edge configuration. In orange-to-orange configuration any Umbraco Cloud Cloudflare provided features such Managed Challenge, WAF can be stacked or disabled and managed manually in the customer zone. +- The **DNS Only** configuration is the recommended approach for minimum custom Cloudflare maintenance. In the **DNS Only** configuration the customers' Cloudflare zone won't apply DDoS protection or Web Application Firewall and the Umbraco Cloud Cloudflare features will continue working. + +It is worth mentioning that Umbraco Cloud websites already provide many baseline Cloudflare features such as DDoS or Web Application Firewall by default. ### Does Cloudflare add additional HTTP request headers? From b32684aa8a797cf9419f2ee5c78a5180cda91810 Mon Sep 17 00:00:00 2001 From: Esha Noronha <82437098+eshanrnh@users.noreply.github.com> Date: Wed, 3 Sep 2025 09:46:40 +0200 Subject: [PATCH 2/4] Update umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md --- .../what-is-umbraco-cloud/frequently-asked-questions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md b/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md index 75abcfd19b4..bf58f6191e7 100644 --- a/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md +++ b/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md @@ -954,7 +954,7 @@ For questions about resource usage, contact the support team. ### Can Cloudflare be used with Umbraco Cloud? -Yes. Hostnames managed in a customers CF zone can be be enrolled as **DNS Only** or by using [the hostname pre-validation flow](https://docs.umbraco.com/umbraco-cloud/go-live/manage-hostnames/hostname-pre-validation) in the [orange-to-orange configuration](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/how-it-works/). +Yes. Hostnames managed in a customer's Cloudflare (CF) zone can be enrolled as **DNS Only** or via [the hostname pre-validation flow](https://docs.umbraco.com/umbraco-cloud/go-live/manage-hostnames/hostname-pre-validation) in the [orange-to-orange configuration](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/how-it-works/). - [Orange-to-orange configuration](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/how-it-works/) is the recommended approach for maximum control as you get to keep full control of you Edge configuration. In orange-to-orange configuration any Umbraco Cloud Cloudflare provided features such Managed Challenge, WAF can be stacked or disabled and managed manually in the customer zone. - The **DNS Only** configuration is the recommended approach for minimum custom Cloudflare maintenance. In the **DNS Only** configuration the customers' Cloudflare zone won't apply DDoS protection or Web Application Firewall and the Umbraco Cloud Cloudflare features will continue working. From 6b448ffb6df5315d86f49a22e2fd7424dc66a903 Mon Sep 17 00:00:00 2001 From: Esha Noronha <82437098+eshanrnh@users.noreply.github.com> Date: Wed, 3 Sep 2025 09:46:47 +0200 Subject: [PATCH 3/4] Update umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md --- .../what-is-umbraco-cloud/frequently-asked-questions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md b/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md index bf58f6191e7..571c6ebe28c 100644 --- a/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md +++ b/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md @@ -956,7 +956,7 @@ For questions about resource usage, contact the support team. Yes. Hostnames managed in a customer's Cloudflare (CF) zone can be enrolled as **DNS Only** or via [the hostname pre-validation flow](https://docs.umbraco.com/umbraco-cloud/go-live/manage-hostnames/hostname-pre-validation) in the [orange-to-orange configuration](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/how-it-works/). -- [Orange-to-orange configuration](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/how-it-works/) is the recommended approach for maximum control as you get to keep full control of you Edge configuration. In orange-to-orange configuration any Umbraco Cloud Cloudflare provided features such Managed Challenge, WAF can be stacked or disabled and managed manually in the customer zone. +- [Orange-to-orange configuration](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/how-it-works/) is the recommended approach for maximum control, as you get to keep full control of your Edge configuration. In an orange-to-orange configuration, any Umbraco Cloud Cloudflare provided features, such as Managed Challenge, Web Application Firewall (WAF), can be stacked or disabled and managed manually in the customer zone. - The **DNS Only** configuration is the recommended approach for minimum custom Cloudflare maintenance. In the **DNS Only** configuration the customers' Cloudflare zone won't apply DDoS protection or Web Application Firewall and the Umbraco Cloud Cloudflare features will continue working. It is worth mentioning that Umbraco Cloud websites already provide many baseline Cloudflare features such as DDoS or Web Application Firewall by default. From 2d8a46003c5a357fde4a99ca4e9498b145074e8b Mon Sep 17 00:00:00 2001 From: Esha Noronha <82437098+eshanrnh@users.noreply.github.com> Date: Wed, 3 Sep 2025 09:46:52 +0200 Subject: [PATCH 4/4] Update umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md --- .../what-is-umbraco-cloud/frequently-asked-questions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md b/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md index 571c6ebe28c..2dccca56c18 100644 --- a/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md +++ b/umbraco-cloud/explore-umbraco-cloud/what-is-umbraco-cloud/frequently-asked-questions.md @@ -957,7 +957,7 @@ For questions about resource usage, contact the support team. Yes. Hostnames managed in a customer's Cloudflare (CF) zone can be enrolled as **DNS Only** or via [the hostname pre-validation flow](https://docs.umbraco.com/umbraco-cloud/go-live/manage-hostnames/hostname-pre-validation) in the [orange-to-orange configuration](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/how-it-works/). - [Orange-to-orange configuration](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/how-it-works/) is the recommended approach for maximum control, as you get to keep full control of your Edge configuration. In an orange-to-orange configuration, any Umbraco Cloud Cloudflare provided features, such as Managed Challenge, Web Application Firewall (WAF), can be stacked or disabled and managed manually in the customer zone. -- The **DNS Only** configuration is the recommended approach for minimum custom Cloudflare maintenance. In the **DNS Only** configuration the customers' Cloudflare zone won't apply DDoS protection or Web Application Firewall and the Umbraco Cloud Cloudflare features will continue working. +- The **DNS Only** configuration is the recommended approach for minimum custom Cloudflare maintenance. In the **DNS Only** configuration, the customers' Cloudflare zone won't apply DDoS protection or Web Application Firewall, and the Umbraco Cloud Cloudflare features will continue working. It is worth mentioning that Umbraco Cloud websites already provide many baseline Cloudflare features such as DDoS or Web Application Firewall by default.