Skip to content

Reference, Cloudflare & External Integrations

Info

Advanced deployments often require a Content Delivery Network (CDN), DDoS protection, and enhanced DNS. Cloudflare integrates smoothly as a reverse-proxy and Web Application Firewall in front of NGINX for both cloud and on-prem setups.

Cloudflare Integration Architecture

flowchart LR
    Cloudflare("(Cloudflare CDN/WAF)") -- HTTPS --> NGINX[NGINX Reverse Proxy]
    NGINX -- "HTTP(S)" --> Artifactory["Artifactory Pro Node(s)"]
    Artifactory -- DB/Storage --> Backend["External DB / Shared Filestore"]

DNS & SSL

  • DNS:
    • Point artifactory.domain.com to the public IP of your NGINX reverse proxy.
    • Proxy status “orange cloud”/enabled in Cloudflare dashboard.
  • Flexible/Full SSL:
    • Use “Full” or “Full (strict)” SSL mode in Cloudflare for secure end-to-end encryption.
  • Origin certificate:
    • Optionally install Cloudflare Origin Certificate on NGINX for trusted backend SSL.

DDoS & Security

  • Enable Cloudflare DDoS protection, WAF, and rate limiting as required for your compliance level.
  • Customize firewall rules to block non-country/user agents, credential stuffing, and known CVEs.

Common Pitfalls

Warning

Always allow Cloudflare IP ranges in your NGINX firewall config; otherwise, legitimate traffic may be blocked. Keep Cloudflare IPs updated regularly.

See Cloudflare docs for latest best practices: https://developers.cloudflare.com