Cloudflare is a global content delivery network (CDN) and security platform that sits between your visitors and your SakuraHost server. It caches your website's static content across 300+ data centers worldwide, protects against DDoS attacks and malicious traffic, and can significantly improve your website's loading speed — especially for visitors in regions far from your server. Best of all, Cloudflare offers a generous free plan that provides substantial benefits.
What Cloudflare Provides
CDN (Content Delivery Network): Caches static assets (images, CSS, JavaScript, fonts) at edge servers closest to your visitors, reducing latency and server load.
DDoS Protection: Automatically detects and mitigates distributed denial-of-service attacks, keeping your website online during attack events.
Free SSL: Provides free Universal SSL certificates with flexible encryption modes. This works alongside your SakuraHost AutoSSL certificate for end-to-end encryption.
Firewall & Bot Management: Filters malicious traffic, blocks known threat actors, and challenges suspicious requests before they reach your server.
Performance Optimization: Minifies HTML, CSS, and JavaScript; enables Brotli compression; and provides image optimization (on paid plans) to reduce page size and improve load times.
Setting Up Cloudflare: Step by Step
Step 1: Create a Cloudflare Account
Step 2: Review DNS Records
Cloudflare automatically scans your current DNS records and imports them. This is a critical step — carefully review every record to ensure nothing was missed.
www points to your root domain.Each record will show a proxy status icon (orange cloud = proxied through Cloudflare, grey cloud = DNS only). For web traffic records (A and CNAME for your website), leave the orange cloud enabled. For email-related records (MX, mail subdomain) and records that need direct connectivity, set them to DNS only (grey cloud).
mail.yourdomain.co.tz, make sure it is set to DNS only (grey cloud). Failure to do this will break email delivery.
Step 3: Change Your Nameservers
Cloudflare will provide you with two nameservers (e.g., ada.ns.cloudflare.com and bob.ns.cloudflare.com). You need to update your domain's nameservers to these Cloudflare nameservers.
Nameserver changes take time to propagate. For .co.tz domains, this typically takes 1-24 hours (see our guide on Understanding DNS Propagation and Why Changes Take Time). Cloudflare will send you an email once it detects your nameservers have been updated and your site is active on their network.
Configuring SSL/TLS Settings
Proper SSL configuration is essential to avoid redirect loops and mixed content issues. In the Cloudflare dashboard, go to SSL/TLS and select the appropriate encryption mode:
Full (Strict): This is the recommended setting for SakuraHost users. It encrypts traffic between visitors and Cloudflare, and between Cloudflare and your server, requiring a valid SSL certificate on your origin server. Since SakuraHost provides AutoSSL certificates, Full (Strict) works perfectly.
Recommended Cloudflare Settings
Performance Settings
Navigate to Speed → Optimization and enable:
- Auto Minify: Enable for JavaScript, CSS, and HTML to reduce file sizes
- Brotli Compression: Enable for superior compression (better than gzip)
- Early Hints: Enable to preload assets before the HTML document is fully received
- HTTP/2 and HTTP/3: Both should be enabled for modern protocol support
Security Settings
Navigate to Security → Settings:
- Security Level: Set to "Medium" for most websites. Increase to "High" if you experience attacks
- Challenge Passage: 30 minutes is a good default
- Browser Integrity Check: Enable to block requests with suspicious HTTP headers
Caching Settings
Navigate to Caching → Configuration:
- Caching Level: Standard
- Browser Cache TTL: Respect Existing Headers (lets your server control browser caching)
- Always Online: Enable to serve cached versions of your site if your server goes down
WordPress-Specific Configuration
If you run WordPress, install the official Cloudflare plugin from the WordPress plugin repository. It automatically configures optimal settings for WordPress, handles cache purging when you publish or update content, and provides real visitor IP addresses in your WordPress logs and comments.
Additionally, create a Page Rule to bypass cache for your WordPress admin area:
Setting: Cache Level → Bypass
Verifying Cloudflare is Working
After setup, verify Cloudflare is active by checking the response headers. Open your browser's developer tools (F12), visit your website, and look at the response headers for the main page request. You should see headers like:
cf-cache-status: HIT
server: cloudflare
The cf-ray header confirms the request was processed by Cloudflare. The three-letter code at the end (e.g., NBO for Nairobi) indicates which Cloudflare data center served the request. cf-cache-status: HIT means the content was served from Cloudflare's cache, providing maximum performance.
Troubleshooting Common Issues
Redirect Loop (ERR_TOO_MANY_REDIRECTS)
This almost always means your SSL/TLS mode is set to "Flexible" while your server forces HTTPS. Change the SSL mode to Full (Strict) in the Cloudflare dashboard.
Real IP Address Not Showing
Because Cloudflare proxies traffic, your server logs will show Cloudflare's IP addresses instead of real visitor IPs. Install the mod_remoteip Apache module (typically pre-configured on SakuraHost servers) or use Cloudflare's CF-Connecting-IP header to restore real visitor IPs.
Email Not Working After Setup
Ensure your mail-related DNS records (MX records, mail subdomain A record) are set to DNS only (grey cloud) in the Cloudflare DNS dashboard.
For comprehensive Cloudflare documentation, visit the Cloudflare Developer Docs. For SakuraHost-specific assistance, contact our support team at billing.sakurahost.co.tz/submitticket.php.