How to add cloud flare's ips to Oracle cloud infrastructure whitelist

Question

I purchased a domain from namecheap, and I'm gonna to use cloudflare to DNS my domain, but it says Error 521. I created an free instance on Oracle. Cloudflare suggest me to add their ips to oracle, but I have no idea where to add these ips.

Answer 1

We're from the Solutions Architecture team over at Oracle Cloud Infrastructure and wanted to give you a few pointers to help you out.

What this error indicates, is Cloudflare is having problems accessing your website. Most likely this is because you have not yet configured your website to be accessible from the internet. While we didn't write this, it appears the community has a set of instructions here on how to expose your site to the internet:

https://dev.to/yoursunny/how-to-host-a-website-in-oracle-cloud-free-tier-5hca

Here's another online class for doing the same with wordpress: https://www.udemy.com/course/wordpress-website-built-on-oracle-cloud-always-free-tier/

Once done, you'll want to test your website by IP address in a web browser to make sure you can at least load your web page.

What Cloudflare is suggesting is you should actually only open access to your website from the specific IP addresses of the Cloudflare network. This increases the security of your website by preventing people from bypassing Cloudflare if they know your site's IP address. To do so, instead of adding 0.0.0.0/0 as the allowed CIDR you add an individual entry for each CIDR listed here: https://www.cloudflare.com/ips/

For testing though, just use 0.0.0.0/0 until you have it working. Then you can change it.

Finally, don't forget to check host firewall rules (see iptables --list). Not having a entry for port 80/443 is a common error.

Let us know if it works for you.

Answer 2

I have a similar setup where cloudflare is fronting my app. However, in my case I am just using a public load balancer in OCI. Bought a domainname pointing to the public IP of load balancer. This way first I tested my site without the domain name and just hitting load balancer IP. If that works fine, then in the Cloudflare you just need to proxy the domain to the public IP of LoadBalancer.