What's new
PGBlitz.com

Register Now! Find useful tips, Interact /w Community Members and join the part the Best Community on the Internet!

Discussion How to setup Traefik on cloudflare like an absolute unit

hooper

Legendary Member
Staff
Donor
using cnames or A records makes no difference. setting up with cnames is easier since you just use @ for the hostname.

@nocturne1 are you using the correct API for cloudflare? You have to use your "Global API Key", you get to that by clicking on the "Get your API key" link on the Overview page. Then scroll down and select "Global API Key".

Also, what happens when you nslookup one of your cnames when you are using the orange cloud? Do you get a different IP address than the "real" IP address of your server? If so, then things are working.
 
M

MrDoob

Guest
If you use A or CNAMES .
You see always the CF IP.
/offtopic

Back to TOPIC
 

nocturne1

Full Member
Donor
Ok, so I think I just got everything working properly. It still didn't work even with all A records until I added the @dillonsflix rules, then all was well. Then I added PG Shield and was still ok.

So then I took a few more steps, and removed the * entry, and changed all others to cnames. Still working. So then I took a look at the rules to compare to what I had in the Crypto settings of CloudFlare. That was set to relaxed (default?). I changed it to Full, then disabled the rules. Now everything seems to be working great....for now. :)
 

timekills

Legendary Member
Staff
Donor
You don't need CNAMES. Here is how I set mine up and it works great.

View attachment 3001

You want to make an A record with the wildcard that points to your static IP. This will send all sub-domains to Traefik. Subdomains that are routed this way will not use the CDN and will expose your IP address.

Then you make an A record for your TLD and point it to your static IP. Since the cloud is orange all traffic following this route will go through the CDN and your public IP will be protected.

You can then create A records for all subdomains you want to go through the CDN and point them to your static IP address. I created an A record for every subdomain I have running.

I would not worry about PGGuard just yet. Get everything working with PGShield and Traefik first. Once that is all working them use PGGuard if you like.
Strongly, STRONGLY disagree.
You should do some research on what A records and CNAMEs are for.
Every one of those A records should be a CNAME pointing to the "@" (for a shortcut) or the domain name is its an alias of.

There are a lot of ways to get this to work. The one below will work.
 
Last edited:

UncleBuck

Senior Member
Staff
Strongly, STRONGLY disagree.
You should do some research on what A records and CNAMEs are for.
Every one of those A records should be a CNAME pointing to the "@" (for a shortcut) or the domain name is its an alias of.

There are a lot of ways to get this to work. The one below will work.
I have been managing networks for 20 plus years and I know how A records and cnames work. I said cnames are not needed but I never said they won't work. In this case it is really a matter of personal preference as they both point to the same IP address in the end.
 

timekills

Legendary Member
Staff
Donor
I agree they will both work, which is what I wrote in the original post and the wiki.
Some believe that A records are actually faster as in theory a CNAME requires two lookups - one for the A record, and another for the IP from the A record. Of course, since the majority of users have them all on the same machine with the same DNS server, that's moot. If that really concerns you, one could use ALIAS records (assuming your DNS provider accepts them) - although that could defeat the purpose of a CDN as using an ALIAS record loses the geo info. I'd prefer to have the best route to the client rather than save a few ms on the IP resolving.

But since many here are just learning Linux, not to mention DNS rules, may as well understand the point of each, and the advantage of using them for their intended purpose. Including allowing you to change the IP of the A record and all the CNAMES automatically continue to work. Not to mention you could have multiple TLDs, as some do, and point the one to another (CNAME mydomain.net -> mydomain. com, CNAME mydomain.org -> mydomain.com, A Record mydomain.com -> 123.123.123.123 and then plex.mydomain.net and plex.mydomain.org and plex.mydomain.com all go to the same location.)

Granted, these are also situations most here won't need, but it still benefits to at least know the BBP even if you choose to not follow it.

You may understand that, but I'll wager here many don't.
 
Last edited:

bigdork

Junior Member
I'm going insane trying to set this up for the first time. What am I doing wrong?
Namecheap domain w/Cloudflare DNS.

scr 2019-08-25 at 24.01.11.pngscr 2019-08-24 at 23.53.58.png
 

Admin9705

Administrator
Project Manager
DISREGARD. Came back the next day and it was working fine. *SHRUG*
Haha lol. Sometimes it takes time for things to filter down. Thanks for the feedback.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.


Top NZB NewsGroups!

Members - Up To a 58% Discount!

Development Donations

 

Online statistics

Members online
9
Guests online
106
Total visitors
115
Top