Configuring Cloudflare DNS
This guide assumes you've added your domains to the corresponding Render service. If you haven't done this yet, follow the steps to add custom domains to your service.
To configure Cloudflare for custom domains, we need to set up CNAME
records for all the domains you want to point to your Render app. In this guide, we’ll configure Cloudflare for example.com
and www.example.com
.
Make sure to remove any existing AAAA
records for your domains when you update your DNS settings. AAAA
records map a domain to a corresponding IPv6 record, but Render does not support IPv6 addresses yet. As a result, AAAA
records can interfere with Render hosting your custom domains.
-
Log into Cloudflare, and go to the SSL/TLS settings for your domain. Set SSL/TLS to Full.
-
Go to the DNS settings for your domain.
-
Add a CNAME record for
example.com
to point to your Render subdomain which looks likeexample.onrender.com
.
Make sure the proxy status is set to DNS only (gray cloud). This ensures your requests go to Render instead of Cloudflare so that we can verify the domain and issue a certificate.
-
Add another CNAME record for your
www
domain . Again, toggle the proxy status to DNS only (gray cloud).
The final configuration should look something like this:
That’s it! DNS changes can take a few minutes to propagate, but once they do you should be all set.
The proxy status DNS only (gray cloud) is required until the certificates are issued and working. You can then enable Proxied (orange cloud).
Add a Wildcard Custom Domain Without Adding the Base Domain
If your custom domain setup meets all the following conditions, an additional configuration is required to host your application on Render while using Cloudflare.
- You are adding a wildcard custom domain (e.g.
*.example.com
) to Render - You are not adding the corresponding base domain (e.g.
example.com
) to Render - You are using Cloudflare to manage your custom domains with proxying enabled (orange cloud) for the base domain.
Origin Override with a Cloudflare Worker
In order to direct wildcard traffic to Render and base domain traffic elsewhere, you can use a Cloudflare Worker to perform an origin override.
The following instructions assume that you have the custom domain example.com
. You want your Render web service example.onrender.com
to serve traffic for *.example.com
and you want base-domain-origin.com
to serve traffic for example.com
Add a DNS record pointing to base-domain-origin.com
Create a Worker
- Navigate to Workers -> Overview -> Create Service
- Name your service
base-domain-override
, select HTTP Handler, and click Create service
- Scroll down and click Quick Edit
- Add the following configuration. Replace
example.com
with your custom domain and make sure thebase-domain-origin
subdomain matches the DNS record you created in the first step.
addEventListener('fetch', event => {
event.respondWith(handleRequest(event.request))
})
async function handleRequest(request) {
return fetch(request, { cf: { resolveOverride: "base-domain-origin.example.com" } })
}
- Click Save and Deploy -> Navigate back to the Worker overview page -> Click Triggers -> Add Route
- Add a route matching your base domain and click Add Route
- Finally, add CNAME records for both your base domain and wildcard domain pointing to your onrender subdomain. Pointing your base domain to Render is required for an orange to orange setup. With this configuration, Cloudflare will send traffic to your zone first. The Worker that you just set up will match the route and trigger an origin override, so traffic for the base domain will not get sent to Render. If you do not do this, Cloudflare will send the traffic directly to Render’s zone and the Worker you set up wil have no effect.
Your wildcard traffic should now be directed to Render and your base domain traffic directed to the origin you specified. If you have any questions, you can get in touch with us at support@render.com.