Salesforce Commerce Cloud (SFCC)
Cloudflare partners with Salesforce Commerce Cloud to provide Salesforce Commerce Cloud customers’ websites with Cloudflare’s performance and security benefits.
If you use Salesforce Commerce Cloud and also have a Cloudflare plan, you can use your own Cloudflare zone to proxy web traffic to your zone first, then Salesforce Commerce Cloud’s (the SaaS Provider) zone second. This configuration option is called Orange-to-Orange (O2O).
Benefits
O2O’s benefits include applying your own Cloudflare zone’s services and settings - such as WAF, Bot Management, Waiting Room, and more - on the traffic destined for your Salesforce Commerce Cloud environment. How it works
For additional detail about how traffic routes when O2O is enabled, refer to How O2O works.
Enable
To enable O2O requires the following:
- Your SFCC environment must be configured as an “SFCC Proxy Zone”. If you currently have an “SFCC Legacy Zone”, you cannot enable O2O. More details on the different types of SFCC configurations can be found here.
- Your own Cloudflare zone on an Enterprise plan.
If you meet the above requirements, O2O can then be enabled per hostname. To enable O2O for a specific hostname within your Cloudflare zone, create a Proxied CNAME
DNS record with a target of the CNAME
provided by SFCC Business Manager, which is the dashboard used by SFCC customers to configure their storefront environment.
The CNAME
provided by SFCC Business Manager will resemble commcloud.prod-abcd-example-com.cc-ecdn.net
and contains 3 distinct parts. For each hostname routing traffic to SFCC, be sure to update each part of the example CNAME
to match your SFCC environment:
- Environment:
prod
should be changed toprod
ordev
orstg
. - Realm:
abcd
should be changed to the Realm ID assigned to you by SFCC. - Domain Name:
example-com
should be changed to match your domain name in a hyphenated format.
Type | Name | Target | Proxy status |
---|---|---|---|
CNAME | <YOUR_HOSTNAME> | commcloud.prod-abcd-example-com.cc-ecdn.net | Proxied |
Product compatibility
When a hostname within your Cloudflare zone has O2O enabled, you assume additional responsibility for the traffic on that hostname because you can now configure various Cloudflare products to affect that traffic. Some of the Cloudflare products compatible with O2O are:
For a full list of compatible products and potential limitations, refer to Product compatibility.
Additional support
If you are a Salesforce Commerce Cloud customer and have set up your own Cloudflare zone with O2O enabled on specific hostnames, contact your Cloudflare Account Team or Cloudflare Support for help resolving issues in your own zone.
Cloudflare will turn to Salesforce Commerce Cloud if there are technical issues that Cloudflare cannot resolve.
Resolving SSL errors using Cloudflare Managed Certificates
If you encounter SSL errors when attempting to activate a Cloudflare Managed Certificate, verify if you have a CAA
record on your domain name with command dig +short example.com CAA
.
If you do have a CAA
record, verify that it permits SSL certificates to be issued by the certificate authorities supported by Cloudflare.