How to Setup Domain, CloudFlare, Amazon Certificate Manager (ACM), and CloudFront

Note: This is a best practice, but also requires intermediate technical knowledge.

  1. Buy your domain, e.g. at QWords
  2. Signup at CloudFlare
  3. Add your domain to CloudFlare
  4. Go to your Domain Registrar and change the NS servers to point to CloudFlare’s
  5. Wait several minutes/hours (up to 24 hours) until CloudFlare detected that it is the chosen nameserver
  6. Go to AWS Certificate Manager (ACM) and request certificate for both your_domain.tld and *.your_domain.tld. When prompted for verification method, use domain.
  7. Go to CloudFlare and add the required CNAME records.

Setup CloudFront

You may want to set up CloudFront and origin first, as it takes some time to propagate. Requirement: You already have the CNAME record for the origin server.

  1. Go to AWS CloudFront
  2. Create distribution (note: you can only choose one ACM certificate per distribution)
  3. Enter the origin hostname (usually a CNAME to Elastic IP, or specific Load Balancer).
  4. Choose the ACM certificate.
  5. Cache policy “WordPress”. See reference CloudFront configuration documentation by About Lovia.
  6. Origin request policy: Managed-AllViewer.
  7. Note the CloudFront distribution’s hostname.
  8. Go to CloudFlare
  9. Add/Edit the CNAME record for root domain, to point to CloudFront distribution’s hostname.
  10. Go to Page Rules > Add Page Rule. For pattern www.your_domain.tld/*, set Forwarding URL, Permanent Redirect, to https://your_domain.tld/$1 .

Now you can create WordPress using WordOps.