Sign-in to roast.io web UI (here) and configure your site's "custom domain"
Configure your DNS (read below)
A record (for the apex domain) to 188.8.131.52
CNAME (for www or whatever subdomain you're using) record to YOUR_ROAST_SUBDOMAIN.roast.io
note: if you choose a roast.io custom domain of www.example.com, and you point the DNS records of the apex (example.com) to 184.108.40.206, we'll 301 redirect traffic to the apex to www (and vice versa)
We recommend configuring roast.io (here) with a www domain
then creating a DNS CNAME record aliasing that www record to your roast.io generated subdomain (YOUR_ROAST_SUBDOMAIN.roast.io).
finally, optionally create a DNS A record for the apex of your domain pointing to 220.127.116.11. Roast.io will redirect requests to the apex to whatever domain you have configured here on Roast.
run these commands in your terminal/console to see:
dig www.roast.io CNAME +short
dig roast.io A +short
Everything (gray cloud, orange cloud, CNAME flattening, flexible SSL, full SSL) with Cloudflare "just works" except "Full strict" SSL. If you want to use "Full Strict", start with "Full" SSL and after ~15 minutes, switch to strict. You only need to do this once. The 15 minutes under "Full" allows Roast to provision and validate its own certificate.
If just in DNS mode (gray cloud), then it's merely a DNS provider and you're not using any of Cloudflare's value-adds, so in this case the question is irrelevant.
The SSL/TLS/HTTPS are redundant and unecessary and just add an additional network hop.
CNAME flattening allows you to use your apex domain, but you can do this by pointing your A record to our IP address listed above. In both cases you lose the benefits of geographic routing. (so you should strive to use a www subdomain and CNAME)
The DDOS protection has potential to be useful. Roast.io is on AWS which has some basic DDOS protection but probably not as powerful as Cloudflare
CDN/Caching will reduce bandwidth and thus Roast.io costs