While we generally recommend Kinsta customers take advantage of our Cloudflare integration, we understand that some sites may need to use an external proxy or CDN. We’ve tested several notable CDN and proxy services for compatibility, which we’ve documented in the articles below:
This article doesn’t focus on a specific service, but rather, it’ll provide you with guidelines on how to check for compatibility of an external proxy or CDN provider with Kinsta’s Cloudflare integration.
Preliminary Proxy and CDN Checklist
1. Does the Service Allow for Cloudflare Ip Addresses to Be Used for the Origin/Backend Host?
This is how the service will connect to your Kinsta site. In rare cases, a service may disallow certain IPs from being added.
If you can add your site IP in the proxy service’s origin/backend host configuration, you can move on to the next thing to check. If the proxy service shows an error and blocks the addition of your site IP, you’ll need to try
hosting.kinsta.cloud as the hostname instead.
2. Does the Proxy Service Support Sending Server Name Indication (Sni) or Host Header Details?
Modern browsers support Server Name Indication (SNI), which should be supported by your proxy or CDN provider. The service should also allow sending a proper host header in any requests to your origin to match the domain you use at Kinsta.
For instance, if you’re using example.com with your third-party service, but production-site.com is the primary domain of the site at Kinsta, your proxy will need to allow you to customize/override the host header to be production-site.com.
With that properly set, your origin server understands that the service is looking for production-site.com and can properly respond with the correct SSL certificate and requested content.
If you’re unsure where to find this setting, you can ask your proxy or CDN provider’s support team.
Advanced Proxy and CDN Checks
If your service passes the preliminary checks above, you can move on to checking for individual service features for your specific needs.
We can’t cover all scenarios here, but below are some features to consider when checking for compatibility:
If the service provides caching, keep this extra layer of cache in mind when making site changes. This redundant layer of caching will also need to be cleared anytime you need to clear cache.
If you’re having trouble seeing changes on your site, or a plugin isn’t behaving as expected after installing or reinstalling, be sure you clear cache at all layers, including:
- Plugins (if applicable)
- Themes (if applicable)
- Site/server cache at Kinsta (from either MyKinsta or the Kinsta MU plugin)
- Caching at your proxy or CDN
- Browser cache
SSL, HTTPS, and TLS
Kinsta supports TLS versions 1.2 and above, and the proxy or CDN service should too.
You can use SSL between your proxy service and Kinsta, but it’s important to not set conflicting settings. For example, if you force HTTPS at Kinsta, you may not be able to force HTTPS at your service too. If you try to force HTTP in one place and HTTPS in another, it will undoubtedly cause a redirect loop.
Firewall, WAF, DDoS Mitigation, and Bot Detection
You can use a combination of these at your proxy or CDN service in addition to what Kinsta’s Cloudflare integration provides, but do so with caution. If you need to troubleshoot any IP blocks caused by false positives, you’ll first need to check with your proxy or CDN service to see if they’re blocking the IP address in question. If they aren’t, you’ll also need to check with our Support team to see if the IP is blocked at Kinsta.
If your proxy service sends a proper X-Forwarded-For or similar header containing the original visitor IP address, analytics should continue to work as expected through both your proxy service and Kinsta.
This feature can be used at your CDN or proxy service, or with a WordPress plugin. To avoid unexpected results, you shouldn’t use multiple image optimization tools.
Now that you have a checklist for your third-party CDN or proxy service compatibility, you can use it to determine if your service is likely to be compatible with Kinsta’s Cloudflare integration.
If things aren’t working as expected at your service, we recommend checking settings and contacting your CDN or proxy service support team for help with troubleshooting and resolving any conflicts. If anything on the server-side needs to be checked or fixed, our Support team is available to assist you 24/7 via chat.