# Configure Cloudflare Cloudflare is the largest DNS routing service on the planet. We use their free service tier to provide Changemaker users with a fast, secure, and reliable way to get online that blocks 99% of surface level attacks and has built in user authenticaion (if you so choose to use it) ## Credentials The `config.sh` and `start-production.sh` scripts require the following Cloudflare credentials to function properly: ### 1. **Cloudflare API Token** - **Purpose**: Used to authenticate API requests to Cloudflare for managing DNS records, tunnels, and access policies. - **Required Permissions**: - `Zone.DNS` (Read/Write) - `Account.Cloudflare Tunnel` (Read/Write) - **How to Obtain**: - Log in to your Cloudflare account. - Go to **My Profile** > **API Tokens** > **Create Token**. - Use the **Edit zone DNS** template and add **Cloudflare Tunnel** permissions. ### 2. **Cloudflare Zone ID** - **Purpose**: Identifies the specific DNS zone (domain) in Cloudflare where DNS records will be created. - **How to Obtain**: - Log in to your Cloudflare account. - Select the domain you want to use. - The Zone ID is displayed in the **Overview** section under **API**. ### 3. **Cloudflare Account ID** - **Purpose**: Identifies your Cloudflare account for tunnel creation and management. - **How to Obtain**: - Log in to your Cloudflare account. - Go to **My Profile** > **API Tokens**. - The Account ID is displayed at the top of the page. ### 4. **Cloudflare Tunnel ID** (Optional in config.sh, Required in start-production.sh) - **Purpose**: Identifies the specific Cloudflare Tunnel that will be used to route traffic to your services. - **How to Obtain**: - This is automatically generated when you create a tunnel using `cloudflared tunnel create` or via the Cloudflare dashboard. - The start-production.sh script will create this for you if it doesn't exist. ### Summary of Required Credentials: ```bash # In .env file CF_API_TOKEN=your_cloudflare_api_token CF_ZONE_ID=your_cloudflare_zone_id CF_ACCOUNT_ID=your_cloudflare_account_id CF_TUNNEL_ID=will_be_set_by_start_production # This will be set by start-production.sh ``` ### Notes: - The config.sh script will prompt you for these credentials during setup. - The start-production.sh script will verify these credentials and use them to configure DNS records, create tunnels, and set up access policies. - Ensure that the API token has the correct permissions, or the scripts will fail to configure Cloudflare services.