Discussion How to setup Traefik on cloudflare like an absolute unit

hooper

Blitz Samurai
Staff
Donor
311
112
using cnames or A records makes no difference. setting up with cnames is easier since you just use @ for the hostname.

@nocturne1 are you using the correct API for cloudflare? You have to use your "Global API Key", you get to that by clicking on the "Get your API key" link on the Overview page. Then scroll down and select "Global API Key".

Also, what happens when you nslookup one of your cnames when you are using the orange cloud? Do you get a different IP address than the "real" IP address of your server? If so, then things are working.
 
  • Like
Reactions: nocturne1

MrDoob

Administrator
Project Manager
Donor
1,393
397
If you use A or CNAMES .
You see always the CF IP.
/offtopic

Back to TOPIC
 

nocturne1

Blitz 2nd Class
Donor
27
11
Ok, so I think I just got everything working properly. It still didn't work even with all A records until I added the @dillonsflix rules, then all was well. Then I added PG Shield and was still ok.

So then I took a few more steps, and removed the * entry, and changed all others to cnames. Still working. So then I took a look at the rules to compare to what I had in the Crypto settings of CloudFlare. That was set to relaxed (default?). I changed it to Full, then disabled the rules. Now everything seems to be working great....for now. :)
 

timekills

Blitz General
Staff
Donor
406
173
You don't need CNAMES. Here is how I set mine up and it works great.

View attachment 3001

You want to make an A record with the wildcard that points to your static IP. This will send all sub-domains to Traefik. Subdomains that are routed this way will not use the CDN and will expose your IP address.

Then you make an A record for your TLD and point it to your static IP. Since the cloud is orange all traffic following this route will go through the CDN and your public IP will be protected.

You can then create A records for all subdomains you want to go through the CDN and point them to your static IP address. I created an A record for every subdomain I have running.

I would not worry about PGGuard just yet. Get everything working with PGShield and Traefik first. Once that is all working them use PGGuard if you like.
Strongly, STRONGLY disagree.
You should do some research on what A records and CNAMEs are for.
Every one of those A records should be a CNAME pointing to the "@" (for a shortcut) or the domain name is its an alias of.

There are a lot of ways to get this to work. The one below will work.
 
Last edited:
  • Like
Reactions: nocturne1

UncleBuck

Blitz Sergeant
Staff
148
31
Strongly, STRONGLY disagree.
You should do some research on what A records and CNAMEs are for.
Every one of those A records should be a CNAME pointing to the "@" (for a shortcut) or the domain name is its an alias of.

There are a lot of ways to get this to work. The one below will work.
I have been managing networks for 20 plus years and I know how A records and cnames work. I said cnames are not needed but I never said they won't work. In this case it is really a matter of personal preference as they both point to the same IP address in the end.
 
  • Like
Reactions: timekills
Assists Greatly with Development Costs

timekills

Blitz General
Staff
Donor
406
173
I agree they will both work, which is what I wrote in the original post and the wiki.
Some believe that A records are actually faster as in theory a CNAME requires two lookups - one for the A record, and another for the IP from the A record. Of course, since the majority of users have them all on the same machine with the same DNS server, that's moot. If that really concerns you, one could use ALIAS records (assuming your DNS provider accepts them) - although that could defeat the purpose of a CDN as using an ALIAS record loses the geo info. I'd prefer to have the best route to the client rather than save a few ms on the IP resolving.

But since many here are just learning Linux, not to mention DNS rules, may as well understand the point of each, and the advantage of using them for their intended purpose. Including allowing you to change the IP of the A record and all the CNAMES automatically continue to work. Not to mention you could have multiple TLDs, as some do, and point the one to another (CNAME mydomain.net -> mydomain. com, CNAME mydomain.org -> mydomain.com, A Record mydomain.com -> 123.123.123.123 and then plex.mydomain.net and plex.mydomain.org and plex.mydomain.com all go to the same location.)

Granted, these are also situations most here won't need, but it still benefits to at least know the BBP even if you choose to not follow it.

You may understand that, but I'll wager here many don't.
 
Last edited:

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.


Development Donations

 

Trending