Vercel and Cloudflare Integration |
您所在的位置:网站首页 › cloudflarecname › Vercel and Cloudflare Integration |
Vercel integrates with Cloudflare in two ways: Using Cloudflare as your DNS providerUsing Cloudflare as a reverse proxyWhile Vercel does offer DNS, you may already have a domain registered with Cloudflare. If so, Cloudflare manages DNS for your domain. Using Cloudflare as Your DNS ProviderTo use Cloudflare as your DNS provider, follow the steps below: Insert a DNS RecordIn your Cloudflare dashboard, create a CNAME record pointing your domain to cname.vercel-dns.com. Disable the Cloudflare ProxySet the Proxy status to DNS only. This ensures DNS queries result in Vercel serving the request instead of Cloudflare. Using Cloudflare as a Reverse ProxyVercel offers a native reverse proxy with redirects to proxy requests to other services. However, if you want to use Cloudflare as a reverse proxy, you can do so by following the steps below: Insert a DNS RecordIn your Cloudflare dashboard, create a CNAME record pointing your domain to cname.vercel-dns.com. Enable the Cloudflare ProxyEnable the Cloudflare proxy to send traffic through Cloudflare first. Set Cloudflare SSL/TLS Encryption ModeSet Cloudflare SSL mode to Full to encrypt traffic between Cloudflare and Vercel. Using Wildcard Domains (Optional)If you are using wildcard domains like *.acme.com, you can use Vercel DNS to issue and automatically renew TLS certificates for your domains. Vercel requires wildcard domains to use Vercel nameservers for issuing and automatically renew TLS certificates. If you can't change the apex domain nameservers, you can instead: Create NS recordsCreate NS records for the _acme-challenge subdomain pointing to ns1.vercel-dns.com and ns2.vercel-dns.com. For example: Record TypeNameValueNS_acme-challengens1.vercel-dns.comNS_acme-challengens2.vercel-dns.comSimilarly, if you add *.foo.acme.com, you can add NS records for _acme-challenge.foo subdomain. Enable Vercel DNSEnable Vercel DNS in your Vercel dashboard for your apex domain. This delegates the _acme-challenge subdomain to Vercel for wildcard certificate issuance. Select the Enable Vercel DNS option in the Domains section of your project settings. TroubleshootingBoth Cloudflare and Vercel utilize the ACME protocol鈥攚ith SSL providers like Let鈥檚 Encrypt鈥攖o issue certificates. To validate domain ownership, the protocol sends an HTTP (not HTTPS) request to /.well-known/acme-challenge/ on your server. Cloudflare has a variety of services that, depending on their configuration, could block the ACME protocol verification checks, resulting in Vercel failing to issue TLS certificates properly: Page RulesAccessBot Fight ModeTo avoid disruption, the following path: http:///.well-known/acme-challenge/*Must be excluded from page rules, bot protection, or bypassed inside Access. |
CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |