How to Set Up Cloudflare CDN for a Getwebup Website
Putting Cloudflare in front of a site you host with us is one of the cheapest performance wins you can make - free tier, five minutes of DNS work, and your visitors start pulling static assets from a server near them instead of your origin every single time. Get the SSL mode wrong, though, and you'll trade a fast site for a redirect loop or a broken padlock. Here's how to set it up correctly the first time.
What Cloudflare Actually Does for a Getwebup Site
Cloudflare sits between your visitors and your Getwebup server. Once it's active, requests hit Cloudflare's edge network first. Static content (images, CSS, JS, cached HTML) gets served straight from the nearest edge location; only the requests that actually need your server - dynamic pages, form submissions, logged-in sessions - get passed through to your origin. You get a CDN, a second layer of DDoS protection, and a free SSL certificate on top of whatever certificate is already running on your hosting.
It doesn't replace your Getwebup hosting or your DNS zone there - it takes over DNS resolution for the domain and proxies traffic to your existing server IP. Your site's files, database, and cPanel/WHM setup don't move anywhere.
Before You Start
Have these ready so you're not hunting for them mid-setup:
- Access to your domain registrar (to change nameservers) or to your current DNS zone if you're only changing individual records
- Your Getwebup server's IP address - find it in cPanel under General Information, or run
dig yourdomain.com +shortif the site is already live - A list of every subdomain currently in use -
mail,ftp,cpanel,webmail, any staging subdomains - so nothing quietly stops resolving after the switch - A valid SSL certificate already installed on the Getwebup side (AutoSSL is fine) - Cloudflare's "Full (strict)" mode needs one to talk to
Step 1: Add Your Site to Cloudflare
Sign up at Cloudflare and click Add a Site. Enter your domain, pick the Free plan (it covers everything in this guide), and let it scan your existing DNS records. The scan usually finds your A record, MX records, and any CNAMEs automatically - but scans miss things, so don't skip the review step.
Step 2: Check Every DNS Record Before You Go Further
This is the step people rush through and regret. Compare what Cloudflare imported against what's actually in your Getwebup DNS zone (WHM → Zone Editor, or cPanel → Zone Editor). At minimum you need:
| Type | Name | Points to | Proxy status |
|---|---|---|---|
| A | @ | Your Getwebup server IP | Proxied (orange cloud) |
| CNAME | www | yourdomain.com | Proxied (orange cloud) |
| A / CNAME | Your Getwebup server IP | DNS only (grey cloud) | |
| MX | @ | Your mail server (usually mail.yourdomain.com) | DNS only - MX can't be proxied |
| TXT | @ | SPF record (e.g. v=spf1 include:...) | DNS only |
| TXT | default._domainkey | DKIM record | DNS only |
| A / CNAME | cpanel, webmail, autodiscover | Your Getwebup server | DNS only (grey cloud) |
The rule of thumb: proxy (orange cloud) the records people browse to - the root domain and www. Leave everything mail-related and any admin panel subdomains on DNS-only (grey cloud), or your mail client and cPanel login will try to connect through Cloudflare's edge instead of your server directly, which either breaks the connection or triggers certificate warnings.
Step 3: Point Your Nameservers to Cloudflare
Cloudflare will give you two nameservers, something like ada.ns.cloudflare.com and bob.ns.cloudflare.com. Log into your domain registrar and replace the existing nameservers with these two. If your domain is registered through Getwebup, you can do this from your client area; otherwise it's whichever registrar you bought the domain from.
This is the point of no return for DNS-only changes - once the nameservers switch, Cloudflare's zone is authoritative, and any records you didn't copy over in Step 2 simply stop existing as far as the internet is concerned. That's why the review step matters more than the signup step.
# check current nameservers before you change anything
dig NS yourdomain.com +short
# after propagation, confirm Cloudflare is authoritative
dig NS yourdomain.com +short
# should now show something like ada.ns.cloudflare.com / bob.ns.cloudflare.com
Propagation for a nameserver change typically takes 1-24 hours, occasionally up to 48. Cloudflare emails you once it detects the switch and activates the zone.
Step 4: Set the Correct SSL/TLS Mode
This is where most Cloudflare-related outages actually come from, and it deserves its own step rather than a footnote. In the Cloudflare dashboard, go to SSL/TLS → Overview and pick one:
- Full (strict) - use this. Cloudflare talks to your origin over HTTPS and validates the certificate. Requires a working SSL cert on the Getwebup side (AutoSSL handles this automatically).
- Full - encrypts Cloudflare-to-origin traffic but doesn't validate the certificate. Works with a self-signed cert, but skip this if AutoSSL is already issuing you a real one.
- Flexible - encrypts the browser-to-Cloudflare leg only; Cloudflare talks to your origin over plain HTTP. If your Getwebup site also force-redirects HTTP to HTTPS (most do, via
.htaccessor a WordPress plugin), this setting causes an infinite redirect loop. Avoid it.
If you've already got AutoSSL running (check WHM or cPanel → SSL/TLS Status), Full (strict) is the right call every time. While you're on this screen, also flip on Always Use HTTPS under SSL/TLS → Edge Certificates, then turn off any duplicate HTTPS-redirect rule at the server level so the two aren't fighting each other.
Step 5: Turn Off Cloudflare Long Enough to Confirm the Origin Still Works
Before you fully trust the setup, click into any proxied DNS record and toggle it to grey cloud (DNS only) for a minute, then load the site directly against your server IP:
curl -I --resolve yourdomain.com:443:YOUR.SERVER.IP https://yourdomain.com
You want a 200 or a sane redirect, not a certificate error or connection refused. Confirming the origin is healthy on its own means that if Cloudflare ever has an outage or you need to pause it, your site keeps serving traffic - it's not solely dependent on the proxy layer. Flip proxying back on once you've confirmed it.
Common Mistakes That Break Sites Right After Enabling Cloudflare
- Flexible SSL + forced HTTPS on the origin - the classic redirect loop. Switch to Full (strict).
- Forgetting to copy MX/SPF/DKIM records - email stops arriving silently, often days later once the old DNS TTL finally expires.
- Proxying the mail or cPanel subdomain - webmail and cPanel logins can throw certificate mismatch errors because they're now hitting Cloudflare's edge cert instead of your server's.
- Caching a logged-in area (like WooCommerce cart or wp-admin) - fixed by adding a Page Rule or Cache Rule that sets Cache Level to "Bypass" for
/wp-admin/*and/cart/*style paths. - Not updating firewall rules on the server - if your VPS firewall only allows known IPs on port 80/443, add Cloudflare's published IP ranges so proxied traffic isn't blocked at the origin.
Keeping It Running Smoothly
Once it's stable, there's very little maintenance. Two things worth checking every so often: renew the habit of purging cache after major content or plugin updates (Cloudflare dashboard → Caching → Purge Everything, or a cache-purge plugin if you're on WordPress), and re-check your DNS zone in Cloudflare whenever you add a new mail account, subdomain, or third-party service that needs its own record - those don't sync back from Getwebup automatically once Cloudflare is authoritative for the zone.
The Bottom Line
Cloudflare in front of Getwebup hosting is a same-day, no-cost setup: copy your DNS records accurately, point nameservers, set SSL/TLS to Full (strict), and keep mail-related subdomains off the proxy. Rushing the DNS review is the only step that actually causes outages - everything else is close to foolproof.
Frequently asked questions
Will switching to Cloudflare nameservers cause any downtime?
No, as long as you copy every existing DNS record into Cloudflare before you change the nameservers. The switch itself just changes who answers DNS queries; your site keeps loading from the same server the whole time. Downtime only happens when a record gets missed.
Which SSL/TLS mode should I use with Getwebup hosting?
Full (strict), as long as you have a valid certificate on your hosting account (AutoSSL provides this by default). Flexible mode causes redirect loops if your server also force-redirects HTTP to HTTPS, which most hosting setups do.
Do I need to proxy my mail (MX) records through Cloudflare?
No - MX records can't be proxied and shouldn't be. Leave mail, cPanel, and webmail subdomains set to DNS only (grey cloud) so they connect directly to your server instead of routing through Cloudflare's edge.
Will Cloudflare replace the SSL certificate I already have on Getwebup?
No. Cloudflare issues its own edge certificate for the browser-to-Cloudflare connection, but your origin certificate (from AutoSSL) still handles the Cloudflare-to-server connection in Full or Full (strict) mode. You keep both.
Can I use the free Cloudflare plan for a production site?
Yes. The free plan includes the CDN, a shared SSL certificate, basic DDoS protection, and enough cache and page rules for most small-to-medium sites. Paid plans add things like image optimization and advanced rate limiting, but they're not required to get the setup in this guide working.