Why Cloudflare for Odoo?
Cloudflare provides: free SSL certificates, CDN for static asset caching, DDoS protection, DNS management, and performance optimization. The free plan covers most Odoo deployments. It sits between your users and your Odoo server, handling security and performance.
Setup Steps
Step 1: Add Domain to Cloudflare
- Sign up at cloudflare.com
- Add your domain
- Cloudflare scans existing DNS records
- Update nameservers at your registrar to Cloudflare's nameservers
- Wait for DNS propagation (up to 24 hours)
Step 2: DNS Configuration
# A record pointing to your Odoo server:
# Type: A
# Name: @ (or subdomain like erp)
# Content: YOUR_SERVER_IP
# Proxy: Proxied (orange cloud) ← IMPORTANT
# TTL: Auto
# If using www:
# Type: CNAME
# Name: www
# Content: your-domain.com
# Proxy: ProxiedStep 3: SSL Configuration
# Cloudflare SSL/TLS settings:
# SSL mode: Full (strict) ← Use this if you have a valid cert on origin
# SSL mode: Full ← Use this if you have a self-signed cert
# SSL mode: Flexible ← NOT recommended (insecure between CF and origin)
# Always Use HTTPS: ON
# Automatic HTTPS Rewrites: ON
# Minimum TLS Version: TLS 1.2Step 4: Caching Configuration
# Page Rules for Odoo:
# Rule 1: Cache static assets
# URL: your-domain.com/web/static/*
# Setting: Cache Level = Cache Everything
# Edge Cache TTL: 1 month
# Rule 2: Do NOT cache dynamic pages
# URL: your-domain.com/web/*
# Setting: Cache Level = Bypass
# Rule 3: Do NOT cache API
# URL: your-domain.com/api/*
# Setting: Cache Level = Bypass
# Rule 4: Bypass cache for login
# URL: your-domain.com/web/login*
# Setting: Cache Level = Bypass, Security Level = HighStep 5: WebSocket Configuration
Odoo uses WebSocket for live chat, notifications, and discuss. Cloudflare must support this:
# Network settings:
# WebSockets: ON (enabled by default on all plans)
# If using Odoo 16+:
# WebSocket URL: /websocket
# Cloudflare proxies WebSocket connections automatically
# If live chat breaks:
# Check Cloudflare Network → WebSockets is ON
# Check nginx has WebSocket proxy configuredPerformance Optimization
# Speed → Optimization:
# Auto Minify: JavaScript ✓, CSS ✓, HTML ✓
# Brotli: ON
# Early Hints: ON
# Rocket Loader: OFF (can break Odoo's OWL framework)
# IMPORTANT: Keep Rocket Loader OFF for Odoo
# It defers JavaScript loading which breaks OWL componentsSecurity Settings
# Security:
# Security Level: Medium
# Challenge Passage: 30 minutes
# Browser Integrity Check: ON
# Hotlink Protection: ON (prevents image theft)
# WAF (Web Application Firewall):
# Managed Rules: ON (free plan has basic rules)
# OWASP Ruleset: ON (Pro plan)
# Bot Fight Mode: ON
# But: Create exception for legitimate bots (Googlebot, etc.)
# Rate Limiting (free basic):
# Block IPs making > 100 requests/minute to /web/login
# Prevents brute force attacksFirewall Rules
# Block database manager access:
# Expression: (http.request.uri.path contains "/web/database")
# Action: Block
# Allow only specific IPs for admin:
# Expression: (http.request.uri.path contains "/web/login") and not (ip.src in {OFFICE_IP})
# Action: ChallengeCommon Issues
| Issue | Fix |
|---|---|
| Redirect loop (ERR_TOO_MANY_REDIRECTS) | Set SSL mode to "Full" or "Full (strict)", not "Flexible" |
| Odoo OWL components broken | Turn OFF Rocket Loader in Cloudflare Speed settings |
| Live Chat not working | Enable WebSockets in Network settings |
| File upload fails (>100MB) | Free plan limits uploads to 100MB. Upgrade or bypass CF for uploads |
| Real IP not logged by Odoo | Set proxy_mode=True in odoo.conf. Nginx must forward CF-Connecting-IP |
Cloudflare + nginx Configuration
# nginx should trust Cloudflare IPs for real client IP:
# Add to nginx config:
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
# ... (full list at cloudflare.com/ips)
real_ip_header CF-Connecting-IP;DeployMonkey + Cloudflare
DeployMonkey supports Cloudflare for all deployed instances. The AI agent helps configure DNS, SSL mode, caching rules, and security settings. Cloudflare Tunnel support for zero-exposed-port deployments.