Skip to main content
Cloudflare sits between your visitor and your site: it provides free SSL (HTTPS) and protection against attacks. Most people don’t need to set anything up — it’s already on for Lumi domains. This page is handy if you want to switch the SSL mode, raise the protection level, set up a redirect, or connect an external domain.
Every Lumi domain is automatically connected to Cloudflare right after registration — SSL and baseline DDoS protection are on with no action needed.
Management: My Domains → domain → Cloudflare settings.

What you can set in the bot

The Cloudflare settings section gives you:
SettingValues
SSL modeOff / Flexible / Full / Full (strict)
DDoS protectionOff / Low / Medium / High / Under Attack
Redirects301/302 to another domain
Purge cacheclear the Cloudflare cache after changes to your site
If the domain’s NS aren’t on Cloudflare, the bot first offers to switch them automatically — without that, SSL, DNS, and redirects won’t work.

SSL modes

The mode determines the encryption on the Cloudflare ↔ your server leg.
ModeWhen you need it
OffHTTPS disabled. Almost never needed.
FlexibleNo certificate on the server. Only as a stopgap.
FullSelf-signed or expired certificate.
Full (strict)Valid certificate on the server. Recommended for production sites.
On Flexible, with an HTTP→HTTPS redirect enabled on the server, you get a “Too many redirects” error. The fix is Full (strict), or removing the redirect on the server side.

DDoS protection

You set the level in Cloudflare settings:
LevelWhen to enable
OffProtection disabled. Not recommended.
Low / Medium / HighBaseline filtering. The higher the level, the stricter the checks on suspicious traffic.
Under AttackDuring an active attack: every visitor sees a short challenge before entering.
Medium is enough for everyday use. Turn on Under Attack only during a real attack — it adds a challenge delay for visitors.

Redirects

Cloudflare settings → Redirects → Add. Target domain with https://, code 301 (permanent, recommended) or 302 (temporary).
1

Make sure there's an A record

A redirect only works if the domain has an A record. For Lumi domains, the bot creates it for you.
2

If there's no server

If the domain is in your own Cloudflare account and there’s no server, create an A record on the root with the address 192.0.2.1 (a documentation IP from RFC 5737 — it leads nowhere, but Cloudflare accepts it as valid).
3

Check the record's settings

The record must be proxied (orange cloud), and the domain’s NS must be Cloudflare.

Connecting an external domain to Cloudflare

Lumi domains are already on Cloudflare. If a domain was bought elsewhere, connect it manually:
1

Add the site

At dash.cloudflare.comAdd a site → enter the domain → choose the Free plan.
2

Copy the NS

Cloudflare gives you two addresses like xxx.ns.cloudflare.com.
3

Change the NS at your registrar

Set these NS at the domain’s current registrar. Propagation usually takes 10–30 minutes, sometimes up to 24 hours.
4

Enable SSL and HTTPS

SSL/TLS → Overview → set mode to Full (strict) (requires a valid certificate on the server). Turn on Always Use HTTPS.
Want to host a static site or landing page? Run it on a VPS or build it in your own Cloudflare Pages account, then point the domain at it via DNS or a redirect. There’s no in-bot site upload.

Fine print

HSTS forces the browser to reach the site over HTTPS only. Enable it only with consistently working HTTPS: if HTTPS later breaks, visitors won’t be able to get in for months, and there’s no quick rollback.
Want end-to-end encryption with your own certificate, no middleman? In DNS settings, turn off proxying on the relevant record — the orange cloud turns grey. You lose the cache, IP hiding, and some of the protection, but you can install your own certificate. How to install it — SSL and Let’s Encrypt.
Advanced settings live in your own account on cloudflare.com. Errors like 521 / 522 / 525 are covered on the Domain not working page.

DNS records

A, CNAME, MX, TXT, and TTL values.

Domain not working

A diagnostic checklist for DNS and Cloudflare errors.