Why Connect Cloudflare to Odoo?
Odoo serves web pages, API requests, and file downloads — all of which benefit from Cloudflare's infrastructure. CDN caching speeds up static assets globally. DDoS protection prevents downtime from attacks. SSL management simplifies HTTPS configuration. DNS management through Cloudflare's API enables automation for SaaS platforms that provision custom domains.
This is not a data integration — it is an infrastructure integration that makes your Odoo deployment faster, more secure, and more reliable.
What Cloudflare Provides
CDN and Performance
| Feature | Benefit for Odoo |
|---|---|
| Static asset caching | CSS, JS, images served from edge nodes worldwide |
| Minification | Automatic CSS/JS/HTML minification |
| Brotli compression | Smaller payloads, faster page loads |
| HTTP/3 and QUIC | Faster connections on modern browsers |
| Image optimization | Automatic format conversion and resizing |
Security
- DDoS mitigation at layers 3, 4, and 7
- Web Application Firewall (WAF) rules
- Bot management for scraping and credential stuffing protection
- Rate limiting for API endpoints
- IP reputation filtering
SSL/TLS
- Free SSL certificates with automatic renewal
- Full (Strict) mode with origin server certificates
- Automatic HTTPS redirects
- TLS 1.3 with early data support
Setup Steps
1. DNS Configuration
- Add your domain to Cloudflare
- Update nameservers at your registrar to Cloudflare's
- Create A/AAAA records pointing to your Odoo server
- Enable proxy (orange cloud) for web traffic
- Use gray cloud (DNS only) for non-HTTP services like mail
2. SSL Configuration
- Set SSL mode to Full (Strict) for end-to-end encryption
- Generate Cloudflare Origin Certificate and install on your Odoo server
- Enable Automatic HTTPS Rewrites
- Enable HSTS (HTTP Strict Transport Security)
- Configure minimum TLS version to 1.2
3. Caching Rules for Odoo
Odoo requires specific caching rules:
- Cache static assets (/web/static/*) aggressively (1 month TTL)
- Do NOT cache dynamic pages (/web, /my, /shop checkout)
- Bypass cache for authenticated sessions (when session cookie present)
- Cache public website pages (/blog, /about) with shorter TTL (1 hour)
- Use Cache-Control headers from Odoo to guide Cloudflare behavior
4. WAF Rules for Odoo
- Allow all traffic to /web/login and /web/session
- Rate limit /web/login to prevent brute force (5 attempts/minute)
- Block common attack patterns on /xmlrpc and /jsonrpc endpoints
- Allow API access from known IP ranges only
- Enable managed WAF ruleset for OWASP top 10 protection
5. Page Rules and Transform Rules
- Create page rules for specific URL patterns
- Set cache levels per section (standard for static, bypass for dynamic)
- Configure security levels per path
- Use Transform Rules for URL rewriting if needed
API Automation
For SaaS platforms managing multiple Odoo instances:
- Use Cloudflare API to create DNS records programmatically
- Automate SSL certificate provisioning for custom domains
- Manage WAF rules per tenant
- Purge cache on deployment
- Monitor analytics per domain
Common Pitfalls
- Websocket support — Odoo's longpolling uses websockets. Ensure Cloudflare's websocket support is enabled.
- Large file uploads — Cloudflare's free tier limits uploads to 100MB. Increase for Odoo file attachments if needed.
- Session stickiness — Odoo sessions are server-side. If using multiple Odoo workers behind a load balancer, configure session affinity.
- Cache purging — After Odoo module updates, purge Cloudflare cache to serve updated static assets.
Getting Started
DeployMonkey automatically configures Cloudflare for Odoo instances — DNS records, SSL certificates, and caching rules are handled during deployment. For self-managed setups, follow the steps above to get Cloudflare protecting and accelerating your Odoo installation.