Cloudflare
Overview
Cloudflare provides DNS management, CDN, DDoS protection, and secure origin connectivity for opshell.dev.
DNS Configuration
| Record | Type | Value |
|---|---|---|
| opshell.dev | A | Cloudflare proxied IP |
| www.opshell.dev | CNAME | opshell.dev |
| * | A | Cloudflare proxied IP |
Cloudflare Tunnels
Secure origin connectivity is established via Cloudflare Tunnels (cloudflared):
- No public IP exposure to origin server
- Tunnel runs as systemd service on the VPS
- Auto-restart on failure via systemd
- Argo Smart Routing disabled (standard tunnels)
Tunnel Setup
cloudflared tunnel create opshell
cloudflared tunnel route dns opshell opshell.dev
cloudflared --config /etc/cloudflared/config.yml run
Security Configuration
| Feature | Status |
|---|---|
| DDoS protection | Enabled |
| WAF rules | Custom rules for admin area protection |
| SSL/TLS | Full (strict) |
| Always Use HTTPS | Enabled |
| HSTS | Enabled (.dev requirement) |
| Bot Fight Mode | Enabled |
Caching
- Static assets cached at edge (CSS, JS, images)
- HTML caching via Cache Rules for anonymous visitors
- Bypass cache for logged-in admin users
- Cache purge on content publish via webhook
Analytics
- Cloudflare Web Analytics for privacy-focused traffic tracking
- Security events monitoring
- Cache hit ratio tracking
- Bandwidth usage monitoring