Skip to content

Configure Cloudflare

Cloudflare is the largest DNS routing service on the planet. We use their free service tier to provide Changemaker users with a fast, secure, and reliable way to get online that blocks 99% of surface level attacks and has built in user authenticaion (if you so choose to use it)

Credentials

The config.sh and start-production.sh scripts require the following Cloudflare credentials to function properly:

1. Cloudflare API Token

  • Purpose: Used to authenticate API requests to Cloudflare for managing DNS records, tunnels, and access policies.
  • Required Permissions:
    • Zone.DNS (Read/Write)
    • Account.Cloudflare Tunnel (Read/Write)
  • How to Obtain:
    • Log in to your Cloudflare account.
    • Go to My Profile > API Tokens > Create Token.
    • Use the Edit zone DNS template and add Cloudflare Tunnel permissions.

2. Cloudflare Zone ID

  • Purpose: Identifies the specific DNS zone (domain) in Cloudflare where DNS records will be created.
  • How to Obtain:
    • Log in to your Cloudflare account.
    • Select the domain you want to use.
    • The Zone ID is displayed in the Overview section under API.

3. Cloudflare Account ID

  • Purpose: Identifies your Cloudflare account for tunnel creation and management.
  • How to Obtain:
    • Log in to your Cloudflare account.
    • Go to My Profile > API Tokens.
    • The Account ID is displayed at the top of the page.

4. Cloudflare Tunnel ID (Optional in config.sh, Required in start-production.sh)

  • Purpose: Identifies the specific Cloudflare Tunnel that will be used to route traffic to your services.
  • How to Obtain:
    • This is automatically generated when you create a tunnel using cloudflared tunnel create or via the Cloudflare dashboard.
    • The start-production.sh script will create this for you if it doesn't exist.

Summary of Required Credentials:

# In .env file
CF_API_TOKEN=your_cloudflare_api_token
CF_ZONE_ID=your_cloudflare_zone_id
CF_ACCOUNT_ID=your_cloudflare_account_id
CF_TUNNEL_ID=will_be_set_by_start_production  # This will be set by start-production.sh

Notes:

  • The config.sh script will prompt you for these credentials during setup.
  • The start-production.sh script will verify these credentials and use them to configure DNS records, create tunnels, and set up access policies.
  • Ensure that the API token has the correct permissions, or the scripts will fail to configure Cloudflare services.