Cloudflare
Cloudflare seems to do everything I need and more: domain registration, DNS, domain forwarding, email forwarding, etc... and that world-class cloudflare proxying!
IP Change
ddclient is used to detect IP changes every 5 minutes. When it sees one, it calls the Cloudflare API to update the IP. WOW! ddclient runs as a service on bitpost, see the config file here:
/etc/ddclient.conf
Verbose logging is turned on, and logged to syslog, there. It is configured to check every 5 minutes. It includes all domains. Keep it synced with cloudflare domains, letsencrypt, haproxy, site code.
Check the log for status. A useful ddclient command that will vet its access to all network interfaces:
ddclient -query
Email Forwarding
Go to Email, start the "wizard", add an initial routing, and it will suggest adding the basic forwarding DNS records. Add them.
Then you have access to route emails to the domain. Route them to gmail. Use a catch-all until it is a problem (it hasn't been yet).
Email forwarding has been set up for...
thedigitalmachine.com bitpost.com abettersoftware.com abettertrader.com
Redirect one domain to another
- Set up DNS records as usual (the domain has to resolve)
- Use Bulk Redirects
Stupidly (or not?) you have to create a bulk redirect global list, then rules under it... read on...
- Create bulk redirect list
domain > Rules > Redirect Rules > Bulk Redirects > Create build redirect list eg: name shitcutter_redirect
- Mange Bulk Redirect Rules
domain > Rules > Redirect Rules > Bulk Redirects > Mange Bulk Redirect Rules eg: source willcodeforcoffee.org/ target https://shitcutter.com status: 301 rule_name: shitcutter_redirect
It's all a bit much, overengineered, but maybe someday will be useful.
TODO
I CANNOT PROXY bitpost.com or it breaks direct SSH! Perhaps i can get the proxy to forward ssh traffic? Tbd...
After updating IP, it seems i have to disable proxy to get it to resolve. After a while, set it back on. Need to learn more here...
I have never allowed ddclient to do its thing after reboot yet. There will likely be work to get it to cooperate with stronger_firewall haproxy etc. See physical notes.