Features
Cloud Accounts
Cloudflare

Connect Cloudflare Account

Connect your Cloudflare account to OEC.sh for industry-leading DNS management and cost-effective R2 object storage.

What You'll Get

After connecting your Cloudflare account, OEC.sh can:

CapabilityWhat It Enables
StorageUse Cloudflare R2 (S3-compatible) for backups with zero egress fees
DNSManage DNS records with Cloudflare's global network

Note: Cloudflare doesn't provide compute services. Use another provider for servers.

Prerequisites

Before you begin, ensure you have:

  • Active Cloudflare account (Sign up here (opens in a new tab))
  • At least one domain added to Cloudflare (for DNS)
  • R2 subscription enabled (for storage) - free tier available

Why Cloudflare R2?

Cloudflare R2 is S3-compatible object storage with a game-changing pricing model:

FeatureCloudflare R2AWS S3
Egress fees$0 (forever free)$0.09/GB
Storage$0.015/GB/month$0.023/GB/month
API operations10M free, then $4.50/M$0.005/1000 requests

Perfect for backups because you don't pay to download your own data!

Step-by-Step Connection

Step 1: Access Cloudflare Dashboard

  1. Go to dash.cloudflare.com (opens in a new tab)
  2. Sign in to your account

Step 2: Get Your Account ID

  1. Click on any domain in your account (or go to Manage Account > Account Home)
  2. Scroll down to find your Account ID on the right sidebar
  3. Copy the Account ID (it looks like: 1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p)

Step 3: Create API Token

  1. Click your profile icon (top right)
  2. Click My Profile
  3. Click API Tokens in the left sidebar
  4. Click Create Token

Option A: Use Template (Recommended)

  1. Find Edit zone DNS template and click Use template
  2. Modify permissions to add R2:
PermissionAccess
Zone - DNSEdit
Account - Cloudflare R2 StorageEdit

  1. Under Zone Resources, select:

    • IncludeAll zones (or specific zones)

  2. Click Continue to summaryCreate Token

Option B: Custom Token

  1. Click Create Custom Token
  2. Give it a name: OEC.sh Integration
  3. Add permissions:
ScopePermissionAccess
AccountCloudflare R2 StorageEdit
ZoneDNSEdit

  1. Configure resources:

    • Account Resources: Include → Your account
    • Zone Resources: Include → All zones (or specific)

  2. Click Continue to summaryCreate Token

Step 4: Copy Your Token

IMPORTANT: Copy the token immediately - it's only shown once!

The token looks like: Kq8HNwl3fMoT2c7JzP9xL6dR4yE1wB5sH8mG0vF

Step 5: Add to OEC.sh

  1. Go to app.oec.sh (opens in a new tab) > Settings > Cloud Accounts
  2. Click Add Account
  3. Under API Key Authentication, click Cloudflare
  4. Fill in the form:
FieldValue
Account NameCloudflare Production (or your preferred name)
API TokenPaste your Cloudflare API token
Account IDPaste your Cloudflare Account ID
  1. Click Add Account

Step 6: Verify Connection

  1. Your Cloudflare account should appear in the list
  2. Status should show Active (green badge)
  3. Click the refresh icon to validate
  4. You should see: Storage, DNS capability badges

Using Your Cloudflare Account

For Backup Storage (R2)

  1. Go to Settings > Storage
  2. Click Quick Setup on your Cloudflare account
  3. Select or create an R2 bucket
  4. Configure backup settings

Create R2 Bucket (if needed)

  1. Go to Cloudflare Dashboard > R2
  2. Click Create bucket
  3. Name it (e.g., oec-backups)
  4. Select location hint (closest to your servers)
  5. Click Create bucket

For DNS Management

  1. Go to Settings > DNS Providers
  2. Click Quick Setup on your Cloudflare account
  3. Select a domain from your Cloudflare zones
  4. OEC.sh will manage A records automatically

Note: Cloudflare provides automatic DDoS protection and CDN on all DNS-managed domains.

R2 Location Hints

When creating R2 buckets, you can specify a location hint for optimal performance:

HintRegion
wnamWestern North America
enamEastern North America
weurWestern Europe
eeurEastern Europe
apacAsia Pacific

Note: R2 is automatically replicated globally. Location hint optimizes for primary access location.

API Token Permissions Explained

Minimum Required

ScopePermissionPurpose
Account - R2 StorageEditCreate/manage buckets, upload backups
Zone - DNSEditCreate/update DNS records

Optional Enhancements

ScopePermissionPurpose
Zone - SSL/TLSReadView certificate status
Zone - Page RulesEditConfigure caching rules
Zone - CachePurgeClear CDN cache

Managing Your Connection

Rotate API Token

For security, rotate your token periodically:

  1. Create a new API token in Cloudflare
  2. Update OEC.sh with the new token
  3. Delete the old token in Cloudflare
  4. Recommended: Every 90 days

Verify Token Permissions

  1. Go to Cloudflare > My Profile > API Tokens
  2. Click the token to view its permissions
  3. Ensure R2 and DNS Edit permissions are present

Delete Account

  1. In OEC.sh, click Delete on the account
  2. Optionally, revoke the API token in Cloudflare

Troubleshooting

"Invalid API Token" Error

Cause: Token is incorrect or revoked.

Solution:

  1. Verify the token in Cloudflare > API Tokens
  2. Ensure token hasn't expired (check expiry setting)
  3. Create a new token if needed

"Invalid Account ID" Error

Cause: Account ID is incorrect or doesn't match the token.

Solution:

  1. Find Account ID in Cloudflare Dashboard sidebar
  2. Ensure it's the Account ID (not Zone ID)
  3. Account ID is 32 characters

R2 Operations Fail

Cause: Token lacks R2 permissions.

Solution:

  1. Check token has Cloudflare R2 Storage: Edit permission
  2. Ensure R2 is enabled on your account:
    • Go to Cloudflare Dashboard > R2
    • Complete setup if prompted
  3. Create a new token with correct permissions

"Zone Not Found" Error

Cause: Token doesn't have access to the zone.

Solution:

  1. Verify zone is added to Cloudflare
  2. Check token's Zone Resources:
    • Should include the specific zone or "All zones"
  3. Ensure zone is active (not pending)

DNS Records Not Updating

Cause: Zone in pending state or nameservers not updated.

Solution:

  1. Check zone status in Cloudflare Dashboard
  2. Ensure nameservers are updated at registrar:
    • Check for assigned Cloudflare nameservers (e.g., ada.ns.cloudflare.com)
  3. Wait for DNS propagation (up to 48 hours for new domains)

Best Practices

DNS Configuration

  • Proxy Status: Use proxied (orange cloud) for web traffic
  • SSL Mode: Set to Full (Strict) for end-to-end encryption
  • DNSSEC: Enable for additional security

R2 Configuration

  • Public Access: Keep buckets private for backups
  • Lifecycle Rules: Set up auto-deletion for old backups
  • Bucket Naming: Use descriptive names (e.g., oec-backups-prod)

Security

  • Token Scope: Only grant necessary permissions
  • IP Restrictions: Optional - limit token to OEC.sh IPs
  • Audit Log: Review access in Cloudflare Audit Log

Cost Considerations

Cloudflare R2 pricing:

ComponentCost
Storage$0.015/GB/month
Class A Operations (write)Free first 1M, then $4.50/M
Class B Operations (read)Free first 10M, then $0.36/M
EgressAlways $0

Cloudflare DNS is included free with your account.

Monthly Cost Example

For 100GB of backups with typical operations:

  • Storage: 100GB × 0.015=0.015 = **1.50/month**
  • Operations: Usually covered by free tier
  • Egress: $0

Compare to AWS S3:

  • Storage: 100GB × 0.023=0.023 = 2.30
  • Egress (50GB restore): 50GB × 0.09=0.09 = **4.50**

Cloudflare + Other Providers

Cloudflare works great alongside compute providers:

SetupUse Case
Cloudflare DNS + HetznerCost-effective European hosting
Cloudflare DNS + DigitalOceanSimple cloud with great DNS
Cloudflare R2 + Any ProviderZero-egress backup storage

Recommended Architecture

  1. Compute: DigitalOcean, Vultr, or Hetzner
  2. DNS: Cloudflare (free tier)
  3. Backups: Cloudflare R2 (no egress fees)

Next Steps

Linode (Akamai)Overview