Or, more appropriately, are there plans to include mod_cloudflare in EA4? Assuming the answer is no, what is a non-headache-inducing way to install mod_cloudflare on a CPanel server? I'm not a hosting partner, so CF's official plugin is out since I doubt they'll approve me. Suggestions are appreciated, up to and including something I have yet to find on Google (I'm just getting off a 10-hour shift).
Hello @quanin
The simple answer to this is that you don't, mod_cloudflare is not even supported by CloudFlare at this point. What you should use is mod_remoteip which is also what CloudFlare Suggests:
mod_remoteip is available in the EA repository as well:
The simple answer to this is that you don't, mod_cloudflare is not even supported by CloudFlare at this point. What you should use is mod_remoteip which is also what CloudFlare Suggests:
https://support.cloudflare.com/hc/en-us/articles/200170916-Restoring-original-visitor-IPs-Option-1-Installing-mod-cloudflare said:
mod_remoteip is available in the EA repository as well:
Code:
Name : ea-apache24-mod_remoteip
Arch : x86_64
Version : 2.4.43
Release : 1.1.1.cpanel
Size : 41 k
Repo : EA4/7/x86_64
Summary : IP replacement module for the Apache HTTP Server
URL : http://httpd.apache.org/
License : ASL 2.0
Description : The mod_remoteip module is used to treat the useragent which initiated
: the request as the originating useragent as identified by httpd for
: the purposes of authorization and logging, even where that useragent
: is behind a load balancer, front end server, or proxy server.
:
: The module overrides the client IP address for the connection with the
: useragent IP address reported in the request header configured with
: the RemoteIPHeader directive.
:
: Once replaced as instructed, this overridden useragent IP address is
: then used for the mod_authz_host Require ip feature, is reported by
: mod_status, and is recorded by mod_log_config %a and core %a format
: strings. The underlying client IP of the connection is available in
: the %{c}a format string.@cPanelLauren but isn't mod_remoteip going to be difficult to setup in cPanel? You have to change the LogFormat statement?
Having said the above, it's getting more and more difficult to use CloudFlare on cPanel servers. Besides depreciating mod_cloudflare, they are using the cPanel API V1 for their cPanel plugin. When we opened a ticket with them, we were told that the plugin is also no longer being supported.
Having said the above, it's getting more and more difficult to use CloudFlare on cPanel servers. Besides depreciating mod_cloudflare, they are using the cPanel API V1 for their cPanel plugin. When we opened a ticket with them, we were told that the plugin is also no longer being supported.
The plugin isn't supported anymore, no, which is a bummer as I know a lot of people used it, that wasn't our decision though, it was theirs.
As far as enabling mod_remoteip for CloudFlare the instructions are indeed different than what they provide. I do miss the ease of their instructions for mod_cloudflare.
So, I believe the following should work (only including relevant steps):
Apply to all virtual hosts on the system
And that should be it!
I tried to keep you off the command line as much as I could and make this as straight forward as possible. Let me know if there are any issues with this though.
As far as enabling mod_remoteip for CloudFlare the instructions are indeed different than what they provide. I do miss the ease of their instructions for mod_cloudflare.
So, I believe the following should work (only including relevant steps):
Using Modify Apache Virtual Hosts with Include Files | cPanel & WHM Documentation
Apply to all virtual hosts on the system
- With and without SSL - /etc/apache2/conf.d/userdata/includename.conf
- With SSL
- /etc/apache2/conf.d/userdata/ssl/2_4/includename.conf
- /etc/apache2/conf.d/userdata/ssl/includename.conf
- Without SSL
- /etc/apache2/conf.d/userdata/std/2_4/includename.conf
- /etc/apache2/conf.d/userdata/std/includename.conf
RemoteIPHeader CF-Connecting-IP
- After you create or edit an Apache include userdata file, you must rebuild the httpd.conf file and restart Apache for the changes to take effect.
- To rebuild the httpd.conf file, run the following script:
Code:
/usr/local/cpanel/scripts/rebuildhttpdconf - To restart Apache, run the following script:
Code:
/usr/local/cpanel/scripts/restartsrv_httpd
- To rebuild the httpd.conf file, run the following script:
- This can be done at WHM>>Service Configuration>>Apache Configuration>>Global Configuration:
- LogFormat (combined)
- Default is:
%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
- Default is:
- LogFormat (common)
- Default is:
%h %l %u %t \"%r\" %>s %b
- Default is:
- LogFormat (combined)
- Note that all you're going to do is replace
%hwith%aso it should look like the following:- LogFormat (combined)
Code:
%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" - LogFormat (common)
Code:
%a %l %u %t \"%r\" %>s %b
- LogFormat (combined)
- Ensure you click the checkbox for the customized version then click Save at the bottom of the page
- A prompt will appear telling you what's been saved, confirm everything is as it should be
- Select Rebuild Configuration and Restart Apache at the bottom of the page
- This can be done through WHM>>Service Configuration>>Apache Configuration>>Include Editor -> Pre Main Include
- Select All Versions
- Add the following:
Code:
<IfModule mod_remoteip.c> RemoteIPHeader CF-Connecting-IP RemoteIPTrustedProxy 173.245.48.0/20 RemoteIPTrustedProxy 103.21.244.0/22 RemoteIPTrustedProxy 103.22.200.0/22 RemoteIPTrustedProxy 103.31.4.0/22 RemoteIPTrustedProxy 141.101.64.0/18 RemoteIPTrustedProxy 108.162.192.0/18 RemoteIPTrustedProxy 190.93.240.0/20 RemoteIPTrustedProxy 188.114.96.0/20 RemoteIPTrustedProxy 197.234.240.0/22 RemoteIPTrustedProxy 198.41.128.0/17 RemoteIPTrustedProxy 162.158.0.0/15 RemoteIPTrustedProxy 104.16.0.0/12 RemoteIPTrustedProxy 172.64.0.0/13 RemoteIPTrustedProxy 131.0.72.0/22 RemoteIPTrustedProxy 2400:cb00::/32 RemoteIPTrustedProxy 2606:4700::/32 RemoteIPTrustedProxy 2803:f800::/32 RemoteIPTrustedProxy 2405:b500::/32 RemoteIPTrustedProxy 2405:8100::/32 RemoteIPTrustedProxy 2a06:98c0::/29 RemoteIPTrustedProxy 2c0f:f248::/32 </IfModule> - Click Update
- Click Restart Apache
And that should be it!
I tried to keep you off the command line as much as I could and make this as straight forward as possible. Let me know if there are any issues with this though.
As I said, it's going to be a pain to setup 
I did not mean to imply that cPanel was involved in any way with these decisions. I was just trying to point out that without mod_cloudflare and the cPanel modules, it's more difficult for most hosts to easily deal with CloudFlare.
I did not mean to imply that cPanel was involved in any way with these decisions. I was just trying to point out that without mod_cloudflare and the cPanel modules, it's more difficult for most hosts to easily deal with CloudFlare.
@cPanelLauren, thanks for the instructions. Command line usage doesn't really bother me (I actually prefer that), but I've learned over the years that if I can do it in WHM I'll have less of an excuse to drink later when CPanel decides to argue with me. I was more asking about some kind of CF specific module/plugin because, as @ffeingol points out, Cloudflare and CPanel are a wee bit of a trick to get to play nicely together. Mostly in terms of making sure I catch all the subdomains etc CPanel creates when I put something new on the server. I suppose worst case if I want a domain on Cloudflare I can cheat and use another DNS service first (either my provider's, or the local DNS server), so CF pulls in all the relevant junk properly, but I was mostly looking for a way not to have to. Lazy sysadmin is lazy.
Yea it's a bit more difficult but not more steps than they list on their site if that's any consolation. It took me about 45 minutes to set up but most of that time was formatting the text in what I was writing out for you guys here. If I had to set it up just by itself without writing instructions, I think it wouldn't have taken maybe max 10 minutes. With these instructions, I am hoping anyone that uses them will take less.As I said, it's going to be a pain to setup
I did not mean to imply that cPanel was involved in any way with these decisions. I was just trying to point out that without mod_cloudflare and the cPanel modules, it's more difficult for most hosts to easily deal with CloudFlare.
@quanin this is the only supported method. You can still use mod_cloudflare but the instructions I provided should be everything you need to do with mod_remoteip, I went along as I was writing and enabled all this on my own server and can confirm its a good solution
And just a side note that the list of CloudFlare IP's is not 'fixed', so you'll want to check IP Ranges | Cloudflare every once in a while to insure your list matches their list.
Yep, which functions the same way with mod_cloudflare as well - they had the CloudFlareRemoteIPTrustedProxy list
Also to note, the third step on the mod_remoteip instructions is optional but I took it as the safer bet. Best to define what we trust if we know it ahead of time.
@cPanelLauren Oh, I gathered that much. And yes, your instructions are perfect--any chance we can get this included in the docs? What I was semi-complaining about is for new domains. Create domain on CPanel, create domain in Cloudflare, point DNS to Cloudflare won't work quite as nicely as I'd like due to all the extra cruft CPanel adds as subdomains that need to be migrated over as well. Just adds an extra step for me is all, but for new projects that's all of about 5 seconds plus propagation time. I'd rather avoid it, but what can ya do?
Well from what I found, as far as create a domain in cloudflare it pulls all the domain information in the DNS zone into the CloudFlare UI - For example, when I was testing this for you yesterday:
Keep in mind I removed all my domain and IP related information in this screenshot - this was definitely a newly created domain/account as I just bought it the other day to have a domain registered with google domains so I could familiarize myself with their interface
I was going to request that we add it to our support docs at cPanel but it may be something I add to a new forum I'm adding here soon with community based how-to articles
Ah. So you did the step I was trying to avoid. Register the domain, park it with a DNS server that's fed by CPanel (or the CNS server local to CPanel), create the domain inside CPanel, then migrate DNS over to Cloudflare. I'd ideally like to cut out that middle step. Create the domain within CPanel, set it up in Cloudflare's DNS, and have it just... work. No Google Domains or other DNS service required.
Well, I had to register the domain, I'm not sure what you mean? I didn't need a 3rd party service, I just happened to have registered the domain with google because I'd wanted a domain with them (the purpose of that was so that I could accurately tell you guys how to navigate in there when asked). I just included that information so it was clear I used a new domain that hadn't been added to cPanel yet. The steps relevant to this were:
- Point NS for domain to my cPanel server
- Create account for the domain in cPanel
- Wait a bit for propagation
- Add domain to CloudFlare
- Update NS for domain to CloudFlare's NS
If the domain had existed prior in cPanel it would have been a bit faster:
-Add domain to CloudFlare
-Point NS to CloudFlare's NS
Now, what was really nice about the CloudFlare plugin is that you didn't need to do any of that, it just added a CNAME record. I Found that CloudFlare does have a domain registrar Cloudflare Registrar | Domain Transfer | Cloudflare but I don't know if that will make things any easier as I haven't used it at all.
The short answer is no. The functionality you were describing from the Cloudflare plugin is close to what I was looking for--where it basically did all the actual moving things around for you. I mean, I had no problem changing my DNS settings, but if Cloudflare didn't scan my already existing DNS and pull in all the subdomains CPanel adds, I'd have probably missed something.
also and because the question was implied, Cloudflare's registrar would be no help there at all. You apparently can't actually change your DNS info with them. It's either Cloudflare's DNS or nothing.
community.cloudflare.com
also and because the question was implied, Cloudflare's registrar would be no help there at all. You apparently can't actually change your DNS info with them. It's either Cloudflare's DNS or nothing.
Moving away from Cloudflare - changing the DNS?
Hello, I would I go about changing my DNS back to Namecheap from Cloudflare? Thanks!
community.cloudflare.com
That link seems to just be someone confused about how to go back to using their registrar's DNS which is super easy for most providers. You don't need CloudFlare at all to do that. It didn't look like they had their domain registered with CloudFlare at all though.
The answer was in one of the replies to that question. I don't think the OP was all too clear what he wanted.
Sir should I need Host API Key For this ?
and Did it Support with LiteSpeed ?
I have these on my server :-
CPanel ( dedicated server )
CloudLinux
LiteSpeed
Imunify360
Config Server Firewall
Sir please reply on this thread -
forums.cpanel.net
New Thread - How to Install CloudFlare Plugin in CPanel Server ?
Sir sorry for this new post I created , but my topic doesn't cleared and I referred to another article and another article also referred me to another article , I am in too much confusion. Actually , I want to Install CloudFlare Plugin in My Server so that my clients can easily connect Thier...
I want to add CloudFlare option in CPanel , if I follow these steps then will it add CloudFlare option in CPanel ?
Or do I need to do something more ?