61 lines
2.7 KiB
Markdown
61 lines
2.7 KiB
Markdown
# Configure Cloudflare
|
|
|
|
Cloudflare is the largest DNS routing service on the planet. We use their free service tier to provide Changemaker users with a fast, secure, and reliable way to get online that blocks 99% of surface level attacks and has built in user authenticaion (if you so choose to use it)
|
|
|
|
## Credentials
|
|
|
|
The `config.sh` and `start-production.sh` scripts require the following Cloudflare credentials to function properly:
|
|
|
|
### 1. **Cloudflare API Token**
|
|
|
|
- **Purpose**: Used to authenticate API requests to Cloudflare for managing DNS records, tunnels, and access policies.
|
|
- **Required Permissions**:
|
|
- `Zone.DNS` (Read/Write)
|
|
- `Account.Cloudflare Tunnel` (Read/Write)
|
|
- `Access` (Read/Write)
|
|
- **How to Obtain**:
|
|
- Log in to your Cloudflare account.
|
|
- Go to **My Profile** > **API Tokens** > **Create Token**.
|
|
- Use the **Edit zone DNS** template and add **Cloudflare Tunnel** permissions.
|
|
|
|
### 2. **Cloudflare Zone ID**
|
|
|
|
- **Purpose**: Identifies the specific DNS zone (domain) in Cloudflare where DNS records will be created.
|
|
- **How to Obtain**:
|
|
- Log in to your Cloudflare account.
|
|
- Select the domain you want to use.
|
|
- The Zone ID is displayed in the **Overview** section under **API**.
|
|
|
|
### 3. **Cloudflare Account ID**
|
|
|
|
- **Purpose**: Identifies your Cloudflare account for tunnel creation and management.
|
|
- **How to Obtain**:
|
|
- Log in to your Cloudflare account.
|
|
- Go to **My Profile** > **API Tokens**.
|
|
- The Account ID is displayed at the top of the page.
|
|
|
|
### 4. **Cloudflare Tunnel ID** (Optional in config.sh, Required in start-production.sh)
|
|
|
|
!!! note "Automatic Configuration of Tunnel"
|
|
The `start-production.sh` script will automatically create a tunnel and system service for Cloudflare.
|
|
|
|
- **Purpose**: Identifies the specific Cloudflare Tunnel that will be used to route traffic to your services.
|
|
- **How to Obtain**:
|
|
- This is automatically generated when you create a tunnel using `cloudflared tunnel create` or via the Cloudflare dashboard.
|
|
- The start-production.sh script will create this for you if it doesn't exist.
|
|
|
|
### Summary of Required Credentials:
|
|
|
|
```bash
|
|
# In .env file
|
|
CF_API_TOKEN=your_cloudflare_api_token
|
|
CF_ZONE_ID=your_cloudflare_zone_id
|
|
CF_ACCOUNT_ID=your_cloudflare_account_id
|
|
CF_TUNNEL_ID=will_be_set_by_start_production # This will be set by start-production.sh
|
|
```
|
|
|
|
### Notes:
|
|
|
|
- The config.sh script will prompt you for these credentials during setup.
|
|
- The start-production.sh script will verify these credentials and use them to configure DNS records, create tunnels, and set up access policies.
|
|
- Ensure that the API token has the correct permissions, or the scripts will fail to configure Cloudflare services. |