# Cloudflare Launch Steps For Mapex

This guide is written for your current PHP + MySQL app hosted on an origin server (VPS/shared hosting) with Cloudflare in front.

## 1. Domain ownership decision
- If you own mapexstore.uk:
  - Use this domain directly.
- If you do not own mapexstore.uk:
  - Register a new domain first (example: mapexstore.com), then use this same guide.

## 2. Add domain to Cloudflare
- Log in to Cloudflare dashboard.
- Click Add a site.
- Enter your domain.
- Choose a plan (Free is fine to start).
- Cloudflare will scan existing DNS records.

## 3. Set required DNS records
Use only these core records first:
- Type: A
  - Name: @
  - IPv4 address: YOUR_SERVER_PUBLIC_IP
  - Proxy status: Proxied (orange cloud ON)
  - TTL: Auto
- Type: A
  - Name: www
  - IPv4 address: YOUR_SERVER_PUBLIC_IP
  - Proxy status: Proxied (orange cloud ON)
  - TTL: Auto

Optional if IPv6 exists:
- Type: AAAA
  - Name: @
  - IPv6 address: YOUR_SERVER_IPV6
  - Proxy status: Proxied
  - TTL: Auto
- Type: AAAA
  - Name: www
  - IPv6 address: YOUR_SERVER_IPV6
  - Proxy status: Proxied
  - TTL: Auto

Mail records if you use email on same domain:
- Keep existing MX, SPF TXT, DKIM TXT records exactly as provided by your email provider.

## 4. Change nameservers at registrar
- Cloudflare will provide two nameservers.
- Go to your registrar panel for the domain.
- Replace old nameservers with Cloudflare nameservers.
- Save changes.
- DNS propagation can take from minutes up to 24 hours.

## 5. Configure SSL/TLS in Cloudflare
In SSL/TLS settings:
- Encryption mode: Full (strict)
- Always Use HTTPS: ON
- Automatic HTTPS Rewrites: ON
- Minimum TLS Version: 1.2

## 6. Install SSL on origin server
You must have a valid cert on your web server for Full (strict):
- Option A: Let’s Encrypt certificate for your domain.
- Option B: Cloudflare Origin Certificate installed on your server.

## 7. Recommended Cloudflare security settings
- Security Level: Medium
- Bot Fight Mode: ON (if available)
- Browser Integrity Check: ON
- WAF Managed Rules: ON (if available on your plan)
- Rate Limiting: add for login and admin login endpoints if your plan supports it.

## 8. Cache and performance defaults
- Caching Level: Standard
- Browser Cache TTL: 4 hours (or more)
- Auto Minify: CSS ON, JS ON, HTML ON
- Brotli: ON

## 9. App-specific endpoints to test after cutover
Open each URL in browser and confirm status 200/expected behavior:
- https://mapexstore.uk/home.php
- https://mapexstore.uk/collection.php
- https://mapexstore.uk/cart.php
- https://mapexstore.uk/payment/payment.php
- https://mapexstore.uk/track_order.php
- https://mapexstore.uk/Admin/login.php

## 10. Security deny checks after cutover
These should be blocked or denied:
- https://mapexstore.uk/smtp-test.php
- https://mapexstore.uk/uploads/test.php
- https://mapexstore.uk/userimg/test.php
- https://mapexstore.uk/run_import_from_img.php
- https://mapexstore.uk/run_standardize_categories.php

## 11. Flutterwave live domain update
In Flutterwave dashboard:
- Ensure your live callback/redirect domain matches your final production domain.
- Confirm public and secret live keys are set in server environment variables.

## 12. Go-live confirmation checklist
- HTTPS works and HTTP redirects to HTTPS.
- Login/signup/cart/checkout/admin/tracking flows pass.
- No new critical errors in PHP/web logs.
- Payment callback creates only one order for a single payment reference.
