search

Cloudflare

To make DDNS, Dockflare and Cloudflared work we need some data from Cloudflare

hashtag
Before continuing, please follow

  1. Configure Domain and

  2. Cloudflare Zero Trust

triangle-exclamation

Please ensure you set the Set up Wildcard application - if you do not, external parties will be able to access and modify your Dockflare settings - this is a major security risk - as well as your database contents if you enable the Adminer proxy link

hashtag
Generate your API key

This API key will be used for Dockflare, Dynamic DNS and Crowdsec

  1. Navigate to https://dash.cloudflare.com/profile/api-tokensarrow-up-right

  2. Click Create Token > Custom Token

  3. Name your token Pelican, and set the below

    1. permissions

      Account

      Cloudflare Tunnel

      Edit

      Account

      Account Filter Lists

      Edit

      Account

      Firewall Access Rules

      Edit

      Account

      Account Settings

      Read

      Account

      Access: Apps and Policies

      Edit

      User

      User Details

      Read

      Zone

      DNS

      Read

      Zone

      Firewall Services

      Edit

      Zone

      Zone

      Edit

    2. Account Resources

      Field
      Data

      Include

      All Account

    3. Zone Resources You can have additional domains

      Include

      Specific Zone

      Your Domain

    4. Click on Continue to Summary

  4. Save your API key to your notepad, CF_APITOKEN=

hashtag
Get your Account ID

  1. Browse to https://dash.cloudflare.com/arrow-up-right

  2. Next to your name, click on the 3 dots and select Copy Account ID

  3. Save to your notepad, CF_ACCOUNTID=

hashtag
Get your Zone ID

  1. Browse to https://dash.cloudflare.com/?to=/:account/home/domainsarrow-up-right

  2. Click manage next to your domain

  3. Scroll down and locate "API" on the right

  4. Save your Zone ID to your notepad, CF_ZONE_ID=

hashtag
Security rules

Configure some security rules to reduce the risk of malicious actors accessing your domain

  1. Navigate to https://dash.cloudflare.com/arrow-up-right

  2. Select your domain

  3. On the left, click expand Security and select rules

  4. Click on create rule > custom rule

    1. Next to Expression Preview, click on 'edit expression' to get the free text field

  5. Create a rule for each of the below

hashtag
Block bots

This policy will show a Captcha challenge to any IPs suspected of botting

Field
Data

Rule Name

Block Bots

Expression

(cf.client.bot)

Choose action

Managed Challenge

Place at

First

hashtag
Challenge Threat Score

These IPs are potentially malicious. These addresses will be prompted for Captcha

Field
Data

Rule Name

Challenge Threat Score

Expression

(cf.threat_score gt 10)

Choose action

Managed Challenge

Place at

Custom - after 'Block Bots'

hashtag
Block Threat Score

These IPs are very likely to be malicious. These addresses will be blocked

Field
Data

Rule Name

Challenge Threat Score

Expression

(cf.threat_score gt 50)

Choose action

Block

Place at

Custom - after 'Challenge Threat Score'

circle-info

An additional rule will be created by the Crowdsec CF Bouncer container after the Compose file is ran

PreviousPelicanNextCrowdsec key

Last updated