Whether you own a small and simple community-oriented board or a heavy-loaded forum with hundreds of posts a day, I bet you can benefit from using Cloudflare.
Cloudflare is a service with many features. DDoS Protection, Content Delivery Network, Site Speed Optimization or Firewall just to mention the most useful of them. It offers a free tier (with many features already available!) as well as very reasonable price model for additional features. Big majority of phpBB boards are good with free plan though. Let's set it up and go through the list of features one by one.
First off, you need to register on cloudflare.com. Just follow the instructions, they are very clear and simple. Enable everything they ask you about (or leave it be as you can change the settings later). The most difficult part is changing the NS records. Contact your server admin if you are unsure.
In the end, you will land on the Cloudflare's dasboard. You can see multiple icons up in the menu. They may seem overwhelming, especially if you have no idea what the labels mean. No worry, let me guide you through them one by one.
There are four parts I would like to focus on:
Cloudflare has a huge amount of settings to fine-tune the experience for your users. Many of them aren't available in free plan, so I will skip those for the times' sake.
Click on the SSL/TLS icon. Let me quickly explain what SSL/TLS is. It is a security protocol that ensures that data sent from your server to your user won't be visible to anyone else on the way. Reason why you maybe never heard of it is that it is a hidden layer under HTTPS. So to make it simpler - we talk about HTTPS.
Now this is very important to get right. Your board MUST use HTTPS. Today a certificate needed to support HTTPS can be obtained for free. Ask your server admin to set it up for you. If they refuse to do so or ask money for that, I advise you to change your provider. With certificate successfully installed, let's get full use of it in Cloudflare:
You may think of your local computer's firewall when seeing this, and you are right - they are quite the same thing. However, instead of protecting your PC, this firewall protects your board. By default, it works very well, so I advise you don't touch the settings unless someone does something really awful. In that case you can create Firewall rules - disallow access to anyone who matches your filters (e.g. Country, IP address, User Agent). This can be very powerful spambot countermeasure! I still encourage you to enable at least one Anti-Spam extension though.
Oh yes, you probably started to investigate more about Cloudflare primarily because of this feature. And rightly so, it can make your board much faster with a click of a button. To see the potential, Cloudflare offers an Overview screen that will calculate how faster your board can be with optimizations enabled. Maybe you will be surprised with the results and won't believe it. But let me assure you, it will speed up your board.
Let's head over to the Optimizations tab:
Various crazy abbreviations that will make your board faster by enabling advanced transport protocols. Such protocols don't change anything on your site, but rather change a route to it. Think of old dirt road remade to a highway.
That's it! You just ideally configured Cloudflare for phpBB. Let me remind you, that Cloudflare can also provide powerful analytics.
The Analytics tab is a nice source of information. You can see how many unique visitors your board hosted, what their country is and how much Cloudflare helped them access your board with speed. You can also see how Cloudflare protected you from various threats. Don't hesitate to dig into the data!
In the Speed -> Browser Insights, go to Configurations, enable Browser Insights and wait for a day. You will see how your board performs. This information has also impact on SEO, so pay attention.
Sometimes you change a setting in the Cloudflare dashboard and don't want to wait until it propagates automatically. You have two options, based on the scenario:
phpBB can be attacked in many ways. DDoS is a simple task for Cloudflare, but it doesn't automatically detect phpBB-specific threats such as massive registration or spamming. If you happen to see such attack in action, quickly enable Under Attack Mode. This will show a challenge (similar to reCAPTCHA) to every visitor. I know it isn't convenient, but usually it discourages the attackers within few minutes and you can safely disable the attack mode. Or it at least gives you precious minutes to discover attacker's IP address and block it in the Firewall.
This may look like a difficult question to answer, but in fact it isn't. I know many appreciate phpBB because it is free. phpBB has helped build thousands of communities thanks to this. On the other hand, phpBB is also used by many companies because of its A-grade security, willing to spend extra money on security, privacy and performance. So if your board is non-commercial, you are probably fine with free tier. If you can afford to spend 20 (or more) bucks a month without harming your business, I encourage you to upgrade especially because of these features:
Now that Cloudflare protects and speeds up your board, it's time to mention some tips and issues on the phpBB side of things.
Cloudflare works like an extra layer between your servers and your users. This makes your server think everyone comes from the same IP address (while actually it is always Cloudflare). This can cause problems with banning/tracking your users in phpBB's moderation panel. Thankfully, this is a quick fix. Just install CloudFlare IP extension and it will automatically transform IP addresses back to the original ones. If you have bought FLATBOOTS or BBOOTS styles, you are eligible for an improved version which allows you to set the development mode and purge cache directly from your ACP - very convenient!
If, for some reason after you updated your phpBB or installed a new extension, your site looks wrong, it is probably an outdated CSS problem. phpBB already does assets versioning, but some (usually unapproved) extensions can load CSS in old manner. Cloudflare doesn't know it has changed, so you need to tell it manually - purge the Cloudflare cache and you are done.
In case you are changing the CSS yourself and need more attempts to get it right (although I strongly discourage you to develop directly on a live board), turn on a Development mode, do your work and then turn it off and purge the cache.
Sometimes Cloudflare does too much optimizations on pages where it isn't necessary. Great example can be Administration Control Panel. If some ACP page doesn't function correctly, exclude it from Cloudflare:
As you can see, even though phpBB is already super-optimized, Cloudflare can give it another kick both in security and performance frontlines. Your users (and Google Bot) will appreciate the speed improvements, while automatic DDoS protection, HTTPS enforcement, Firewall and Analytics will give you even more confidence in administering your board. Give it try now and I bet you won't go back.