Cloudflare: Difference between revisions

From Bitpost wiki
No edit summary
 
(6 intermediate revisions by the same user not shown)
Line 5: Line 5:
ddclient is used to detect IP changes every 5 minutes.  When it sees one, it calls the Cloudflare API to update the IP.  WOW!  ddclient runs as a service on bitpost, see the config file here:
ddclient is used to detect IP changes every 5 minutes.  When it sees one, it calls the Cloudflare API to update the IP.  WOW!  ddclient runs as a service on bitpost, see the config file here:
  /etc/ddclient.conf
  /etc/ddclient.conf
Keep it synced with cloudflare domains, letsencrypt, haproxy, site code.


After updating IP, it seems i have to disable proxy to get it to resolveAfter a while, set it back onNeed to learn more here...
Verbose logging is turned on, and logged to syslog, there.  It is configured to check every 5 minutes.  It includes all domainsKeep it synced with cloudflare domains, letsencrypt, haproxy, site code.
 
Check the log for statusA useful ddclient command that will vet its access to all network interfaces:
ddclient -query


== Email Forwarding ==
== Email Forwarding ==
Line 19: Line 21:
  abettersoftware.com
  abettersoftware.com
  abettertrader.com
  abettertrader.com
== Redirect one domain to another ==
* Set up DNS records as usual (the domain has to resolve)
* Use Bulk Redirects
Stupidly (or not?) you have to create a bulk redirect global list, then rules under it... read on...
* Create bulk redirect list
domain > Rules > Redirect Rules > Bulk Redirects > Create build redirect list
eg:
    name shitcutter_redirect
* Mange Bulk Redirect Rules
domain > Rules > Redirect Rules > Bulk Redirects > Mange Bulk Redirect Rules
eg:
    source willcodeforcoffee.org/
    target https://shitcutter.com
    status: 301
    rule_name: shitcutter_redirect
It's all a bit much, overengineered, but maybe someday will be useful.
== TODO ==
I CANNOT PROXY bitpost.com or it breaks direct SSH!  Perhaps i can get the proxy to forward ssh traffic?  Tbd...
After updating IP, it seems i have to disable proxy to get it to resolve.  After a while, set it back on.  Need to learn more here...
I have never allowed ddclient to do its thing after reboot yet.  There will likely be work to get it to cooperate with stronger_firewall haproxy etc.  See physical notes.

Latest revision as of 19:15, 25 November 2023

Cloudflare seems to do everything I need and more: domain registration, DNS, domain forwarding, email forwarding, etc... and that world-class cloudflare proxying!

IP Change

ddclient is used to detect IP changes every 5 minutes. When it sees one, it calls the Cloudflare API to update the IP. WOW! ddclient runs as a service on bitpost, see the config file here:

/etc/ddclient.conf

Verbose logging is turned on, and logged to syslog, there. It is configured to check every 5 minutes. It includes all domains. Keep it synced with cloudflare domains, letsencrypt, haproxy, site code.

Check the log for status. A useful ddclient command that will vet its access to all network interfaces:

ddclient -query

Email Forwarding

Go to Email, start the "wizard", add an initial routing, and it will suggest adding the basic forwarding DNS records. Add them.

Then you have access to route emails to the domain. Route them to gmail. Use a catch-all until it is a problem (it hasn't been yet).

Email forwarding has been set up for...

thedigitalmachine.com
bitpost.com 
abettersoftware.com
abettertrader.com

Redirect one domain to another

  • Set up DNS records as usual (the domain has to resolve)
  • Use Bulk Redirects

Stupidly (or not?) you have to create a bulk redirect global list, then rules under it... read on...

  • Create bulk redirect list
domain > Rules > Redirect Rules > Bulk Redirects > Create build redirect list
eg:
   name shitcutter_redirect
  • Mange Bulk Redirect Rules
domain > Rules > Redirect Rules > Bulk Redirects > Mange Bulk Redirect Rules
eg:
   source willcodeforcoffee.org/
   target https://shitcutter.com
   status: 301
   rule_name: shitcutter_redirect

It's all a bit much, overengineered, but maybe someday will be useful.

TODO

I CANNOT PROXY bitpost.com or it breaks direct SSH! Perhaps i can get the proxy to forward ssh traffic? Tbd...

After updating IP, it seems i have to disable proxy to get it to resolve. After a while, set it back on. Need to learn more here...

I have never allowed ddclient to do its thing after reboot yet. There will likely be work to get it to cooperate with stronger_firewall haproxy etc. See physical notes.