dbis_core/CLOUDFLARE_DNS_QUICK_REFERENCE.md

# DBIS Core - Cloudflare DNS Quick Reference

## 🚀 Quick Setup

### DNS Records to Create

| Service | Type | Name | Target | Proxy |
|---------|------|------|--------|-------|
| **Frontend** | CNAME | `dbis-admin` | `<tunnel-id>.cfargotunnel.com` | 🟠 Proxied |
| **API Primary** | CNAME | `dbis-api` | `<tunnel-id>.cfargotunnel.com` | 🟠 Proxied |
| **API Secondary** | CNAME | `dbis-api-2` | `<tunnel-id>.cfargotunnel.com` | 🟠 Proxied |

### Tunnel Ingress Rules

```yaml
ingress:
  # Frontend Admin Console
  - hostname: dbis-admin.d-bis.org
    service: http://192.168.11.130:80
  
  # API Primary
  - hostname: dbis-api.d-bis.org
    service: http://192.168.11.150:3000
  
  # API Secondary (HA)
  - hostname: dbis-api-2.d-bis.org
    service: http://192.168.11.151:3000
  
  # Catch-all
  - service: http_status:404
```

## 📋 Container Mapping

| Container | VMID | IP | Port | DNS Entry | Public? |
|-----------|------|-----|------|-----------|---------|
| Frontend | 10130 | 192.168.11.130 | 80, 443 | `dbis-admin.d-bis.org` | ✅ Yes |
| API Primary | 10150 | 192.168.11.150 | 3000 | `dbis-api.d-bis.org` | ✅ Yes |
| API Secondary | 10151 | 192.168.11.151 | 3000 | `dbis-api-2.d-bis.org` | ✅ Yes |
| PostgreSQL | 10100 | 192.168.11.100 | 5432 | ❌ None | ❌ No |
| Redis | 10120 | 192.168.11.120 | 6379 | ❌ None | ❌ No |

## 🔗 Access URLs

- **Frontend**: `https://dbis-admin.d-bis.org`
- **API**: `https://dbis-api.d-bis.org`
- **API Health**: `https://dbis-api.d-bis.org/health`
- **Frontend Health**: `https://dbis-admin.d-bis.org/health`

## ⚠️ Important Notes

1. **Database & Cache**: Never expose publicly - internal network only
2. **Proxy Status**: Always enable proxy (orange cloud) for tunnel-based DNS
3. **SSL/TLS**: Set to "Full (strict)" in Cloudflare SSL/TLS settings
4. **Authentication**: API should have JWT/API key authentication

## 📚 Full Documentation

See `CLOUDFLARE_DNS_CONFIGURATION.md` for complete setup instructions.