Closed jhult closed 3 months ago
I have created a Cloudflare account.
@trevorbernard, @robinbb, and I all (currently) have this role: Super Administrator - All Privileges. Jeff has been added with the Billing role (in case we need it).
Currently, minasearch.com
is registered at Namecheap with nameservers pointing to AWS Route 53.
Cloudflare does support partial CNAME setup:
A partial (CNAME) setup allows you to use Cloudflare’s reverse proxy while maintaining your primary and authoritative DNS provider.
Use this option to proxy only individual subdomains through Cloudflare’s global network when you cannot change your authoritative DNS provider.
Unfortunately, partial (CNAME) setup is not available on the free plan.
Thus, my current recommendation is to either:
isabel.ns.cloudflare.com
patryk.ns.cloudflare.com
We chose option 1, FYI.
Before we could transfer the domain, we needed to update the nameservers (which @trevorbernard did). We then proceeded to transfer the domain and the transfer has been completed.
I think that this is done.
I ended up creating a (remotely-managed) Cloudflare Tunnel in the Cloudflare Dashboard.
A remotely-managed tunnel only requires the tunnel token to run. Anyone with access to the token will be able to run the tunnel. You can get a tunnel’s token from the dashboard or via the API.
I ran these commands to download the tunnel config (nixos-builder-1
being the tunnel name):
nix-env -iA nixos.cloudflared
cloudflared tunnel login
cloudflared tunnel token --cred-file /root/.cloudflared/tunnel.json nixos-builder-1
I updated machine nixos-builder-1
with this config (file /root/nixos-builder-1-config.nix
):
services.cloudflared = {
enable = true;
user = "root";
tunnels = {
"950210ce-REST-OF-TUNNEL-ID" = {
credentialsFile = "${config.users.users.root.home}/.cloudflared/tunnel.json";
default = "http_status:404";
};
};
};
I also added cloudflared
into environment.systemPackages = with pkgs; [
I then ran: nixos-rebuild switch -I nixos-config=/root/nixos-builder-1-config.nix
Nice! I will update the automation so that the above configuration is preserved whenever new configs are applied.
This is a follow-up to #851.
We now need to connect a DNS entry (
api.minasearch.com
) to the publicly exposed Indexer. We plan to do this using Cloudflare. This will allow us to proxy behind it for CDN purposes and provide a TLS certificate.Utilizing Cloudflare distantly relates to my plan for Granola-Team/mina-block-explorer#44