Edge-cache your NodeBB forum on Cloudflare — serve anonymous visitors from cache, keep logged-in users dynamic, and warm pages automatically from your sitemap.
Cloudflare Cache deploys a safe, ordered set of Cloudflare Cache Rules tuned for NodeBB and includes a sitemap-driven cache warmer — all from the admin control panel, no wrangler or dashboard rule-wrangling required.
The result: guest page views are served from Cloudflare's edge instead of hitting your Node.js process, dramatically cutting origin load and time-to-first-byte for the anonymous traffic that makes up most forum reads — while logged-in members always get fresh, dynamic pages.
📦 Available on npm: nodebb-plugin-cloudflare-cache
npm install nodebb-plugin-cloudflare-cache- 🚀 Guest HTML edge caching — anonymous page views served from Cloudflare; logged-in/session traffic bypasses cache automatically (detected by session cookie).
- 🛡️ Safe by default — API, Socket.IO, admin, and auth routes (
/login,/register,/reset,/compose, …) are never cached. - 🗂️ Static asset caching — long-TTL edge + browser caching for
/assets/, plugin static files, uploads, and icons. - ⚙️ One-click deploy from the ACP — verify your token, auto-detect your Zone ID, preview the generated rules, then deploy.
- 🤝 Non-destructive — updates only the rules this plugin manages and preserves any existing custom cache rules in your zone.
- 🔥 Built-in cache warmer — crawls your sitemap as an anonymous guest to pre-warm the edge, on demand, on startup, or on a schedule.
- 🔒 Admin-only API — every management endpoint is guarded by NodeBB admin privileges.
- ✅ Tested — ships with a unit test suite (
npm test).
The plugin writes three ordered rules into Cloudflare's http_request_cache_settings phase. Cloudflare evaluates them top-down:
| Order | Rule | Behavior |
|---|---|---|
| 1 | Bypass | API, Socket.IO, admin, and auth routes are never cached. |
| 2 | Static assets | /assets/, plugin static files, uploads, and icons cached for a long TTL (default 30 days). |
| 3 | Guest HTML | HTML pages cached at the edge only when no session cookie is present (default 1 hour edge TTL). |
Because the bypass rule comes first, dynamic and authenticated traffic is protected before the guest-HTML rule can ever match.
- NodeBB 3.2 or newer
- Node.js 18 or newer
- A Cloudflare-proxied (orange-cloud) DNS record for the forum
- Cloudflare SSL/TLS mode set to Full or stricter when your origin uses TLS
- Cloudflare WebSockets enabled (for NodeBB Socket.IO)
- A Cloudflare API token with:
Zone → Cache Rules → EditZone → Zone Settings → ReadZone → Zone → Read(optional — enables zone auto-detection)
Install the npm package from your NodeBB root:
npm install nodebb-plugin-cloudflare-cache
./nodebb build
./nodebb restartThen activate Cloudflare Cache in the NodeBB admin control panel.
You can also install it straight from the ACP: Admin → Extend → Plugins → Find Plugins, search for Cloudflare Cache, then install and activate.
Open Admin → Plugins → Cloudflare Cache and set:
- API Token — a token scoped to the forum's Cloudflare zone.
- Zone ID — the Cloudflare zone serving the forum domain (use Detect to auto-fill).
- Public Forum URL — the Cloudflare-facing URL the warmer crawls. If blank, the plugin uses NodeBB's configured
url. - Session Cookie Name(s) — defaults to
express.sid, NodeBB's standard session cookie. - Guest Page Edge TTL — default 1 hour.
- Guest Page Browser TTL — default
0so browsers re-check Cloudflare instead of holding stale HTML. - Static Asset TTLs — default 30 days.
- Bypass Path Prefixes — leave blank for the safe NodeBB defaults.
Then click Verify Token and Zone → Preview Generated Rules → Deploy Cache Rules.
The warmer pre-loads the edge so visitors hit a warm cache instead of a cold MISS. It:
- Fetches
{Public Forum URL}/sitemap.xmland follows sitemap indexes (e.g./sitemap/1.xml). - Requests discovered URLs through Cloudflare as a guest with no cookies.
- Logs
cf-cache-statusbuckets so you can see how many pages were already cached. - Runs manually, 30s after startup, or on a recurring interval.
Tunable from the ACP:
| Setting | What it does | Default |
|---|---|---|
| Warm Interval | How often to auto-warm (Disabled / 30m / 1h / 4h) | Disabled |
| Concurrency | Pages warmed in parallel | 5 |
| Delay Between Requests | Throttle between fetches | 100ms |
| Maximum URLs | Cap on pages per run | 250 |
Start conservative — 5 concurrency, 100ms delay, 250 max URLs is a good baseline for a small-to-medium forum.
After deploying, test from a machine that reaches the forum through Cloudflare:
# Guest page: first MISS, then HIT
curl -sI 'https://yourforum.com/' -b '' | grep -i cf-cache-status
curl -sI 'https://yourforum.com/' -b '' | grep -i cf-cache-status
# Logged-in/session traffic bypasses the guest HTML rule
curl -sI 'https://yourforum.com/' -H 'Cookie: express.sid=anything' | grep -i cf-cache-status
# API and static assets
curl -sI 'https://yourforum.com/api/config' | grep -i cf-cache-status
curl -sI 'https://yourforum.com/assets/nodebb.min.js' | grep -i cf-cache-statusExpected:
- Guest pages — first request
MISS, subsequent requestsHIT. - Session traffic — bypasses the guest HTML rule (stays dynamic).
- API / Socket.IO —
BYPASS/ not cached. - Static assets — cached at edge and browser for the configured TTL.
npm test