215 lines
6.1 KiB
Markdown
215 lines
6.1 KiB
Markdown
|
# ✅ Cloudflare Automation - Ready to Execute
|
||
|
|
|
||
|
|
**Status:** Script created and ready to run with your tested credentials
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 🚀 Quick Start
|
||
|
|
|
||
|
|
Since your Cloudflare credentials are in `.env` and fully tested, you can run the automated setup:
|
||
|
|
|
||
|
|
```bash
|
||
|
|
# The script will automatically load credentials from .env files
|
||
|
|
bash scripts/setup-cloudflare-auto.sh
|
||
|
|
```
|
||
|
|
|
||
|
|
Or if credentials are already exported:
|
||
|
|
```bash
|
||
|
|
export CLOUDFLARE_API_TOKEN="your-token"
|
||
|
|
export CLOUDFLARE_ZONE_ID="your-zone-id"
|
||
|
|
bash scripts/setup-cloudflare-auto.sh
|
||
|
|
```
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 📋 What the Script Does
|
||
|
|
|
||
|
|
The automated script (`scripts/setup-cloudflare-auto.sh`) will:
|
||
|
|
|
||
|
|
1. ✅ **Load Credentials** - Automatically reads from `.env` or `.env.production`
|
||
|
|
2. ✅ **Verify API Access** - Tests Cloudflare API authentication
|
||
|
|
3. ✅ **Configure DNS Records**:
|
||
|
|
- Creates/updates `www.mim4u.org` → `lemon-water-015cb3010.3.azurestaticapps.net` (Proxied)
|
||
|
|
- Creates/updates `mim4u.org` → `lemon-water-015cb3010.3.azurestaticapps.net` (Proxied)
|
||
|
|
4. ✅ **Configure SSL/TLS**:
|
||
|
|
- Sets SSL mode to "Full"
|
||
|
|
- Enables "Always Use HTTPS"
|
||
|
|
5. ✅ **Configure Security**:
|
||
|
|
- Sets security level to "Medium"
|
||
|
|
- Enables Browser Integrity Check
|
||
|
|
6. ✅ **Configure Performance**:
|
||
|
|
- Enables minification (JS, CSS, HTML)
|
||
|
|
- Enables Brotli compression
|
||
|
|
7. ✅ **Add Custom Domain to Azure**:
|
||
|
|
- Adds `mim4u.org` to Static Web App
|
||
|
|
- Adds `www.mim4u.org` to Static Web App
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 🔧 Manual Execution (If Needed)
|
||
|
|
|
||
|
|
If you prefer to run commands manually or the script needs adjustment:
|
||
|
|
|
||
|
|
### 1. Set Environment Variables
|
||
|
|
```bash
|
||
|
|
export CLOUDFLARE_API_TOKEN="your-api-token"
|
||
|
|
export CLOUDFLARE_ZONE_ID="your-zone-id"
|
||
|
|
export DOMAIN="mim4u.org"
|
||
|
|
export STATIC_WEB_APP_URL="lemon-water-015cb3010.3.azurestaticapps.net"
|
||
|
|
```
|
||
|
|
|
||
|
|
### 2. Create DNS Records
|
||
|
|
```bash
|
||
|
|
# www subdomain
|
||
|
|
curl -X POST "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records" \
|
||
|
|
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
|
||
|
|
-H "Content-Type: application/json" \
|
||
|
|
--data '{
|
||
|
|
"type": "CNAME",
|
||
|
|
"name": "www",
|
||
|
|
"content": "'$STATIC_WEB_APP_URL'",
|
||
|
|
"proxied": true,
|
||
|
|
"ttl": 1
|
||
|
|
}'
|
||
|
|
|
||
|
|
# Apex domain
|
||
|
|
curl -X POST "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records" \
|
||
|
|
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
|
||
|
|
-H "Content-Type: application/json" \
|
||
|
|
--data '{
|
||
|
|
"type": "CNAME",
|
||
|
|
"name": "@",
|
||
|
|
"content": "'$STATIC_WEB_APP_URL'",
|
||
|
|
"proxied": true,
|
||
|
|
"ttl": 1
|
||
|
|
}'
|
||
|
|
```
|
||
|
|
|
||
|
|
### 3. Configure SSL/TLS
|
||
|
|
```bash
|
||
|
|
# Set SSL mode to Full
|
||
|
|
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/ssl" \
|
||
|
|
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
|
||
|
|
-H "Content-Type: application/json" \
|
||
|
|
--data '{"value":"full"}'
|
||
|
|
|
||
|
|
# Enable Always Use HTTPS
|
||
|
|
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/always_use_https" \
|
||
|
|
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
|
||
|
|
-H "Content-Type: application/json" \
|
||
|
|
--data '{"value":"on"}'
|
||
|
|
```
|
||
|
|
|
||
|
|
### 4. Configure Security
|
||
|
|
```bash
|
||
|
|
# Set security level
|
||
|
|
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/security_level" \
|
||
|
|
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
|
||
|
|
-H "Content-Type: application/json" \
|
||
|
|
--data '{"value":"medium"}'
|
||
|
|
|
||
|
|
# Enable browser check
|
||
|
|
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/browser_check" \
|
||
|
|
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
|
||
|
|
-H "Content-Type: application/json" \
|
||
|
|
--data '{"value":"on"}'
|
||
|
|
```
|
||
|
|
|
||
|
|
### 5. Configure Performance
|
||
|
|
```bash
|
||
|
|
# Enable minification
|
||
|
|
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/minify" \
|
||
|
|
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
|
||
|
|
-H "Content-Type: application/json" \
|
||
|
|
--data '{"value":{"css":"on","html":"on","js":"on"}}'
|
||
|
|
|
||
|
|
# Enable Brotli
|
||
|
|
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/brotli" \
|
||
|
|
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
|
||
|
|
-H "Content-Type: application/json" \
|
||
|
|
--data '{"value":"on"}'
|
||
|
|
```
|
||
|
|
|
||
|
|
### 6. Add Custom Domain to Azure
|
||
|
|
```bash
|
||
|
|
az staticwebapp hostname set \
|
||
|
|
--name mim-prod-igiay4-web \
|
||
|
|
--resource-group rg-miraclesinmotion-prod \
|
||
|
|
--hostname "mim4u.org"
|
||
|
|
|
||
|
|
az staticwebapp hostname set \
|
||
|
|
--name mim-prod-igiay4-web \
|
||
|
|
--resource-group rg-miraclesinmotion-prod \
|
||
|
|
--hostname "www.mim4u.org"
|
||
|
|
```
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## ✅ Verification
|
||
|
|
|
||
|
|
After running the script, verify the configuration:
|
||
|
|
|
||
|
|
```bash
|
||
|
|
# Check DNS records
|
||
|
|
curl -X GET "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records" \
|
||
|
|
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
|
||
|
|
-H "Content-Type: application/json" | jq '.result[] | select(.name | contains("mim4u"))'
|
||
|
|
|
||
|
|
# Check SSL settings
|
||
|
|
curl -X GET "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/ssl" \
|
||
|
|
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
|
||
|
|
-H "Content-Type: application/json" | jq '.result.value'
|
||
|
|
|
||
|
|
# Test DNS resolution
|
||
|
|
dig mim4u.org
|
||
|
|
dig www.mim4u.org
|
||
|
|
```
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 📝 Expected Results
|
||
|
|
|
||
|
|
After successful execution:
|
||
|
|
|
||
|
|
- ✅ DNS records created/updated in Cloudflare
|
||
|
|
- ✅ SSL/TLS configured (Full mode, Always HTTPS)
|
||
|
|
- ✅ Security settings configured (Medium level, Browser check)
|
||
|
|
- ✅ Performance optimizations enabled (Minification, Brotli)
|
||
|
|
- ✅ Custom domains added to Azure Static Web App
|
||
|
|
- ✅ Ready for DNS propagation (5-30 minutes)
|
||
|
|
- ✅ SSL certificates will be provisioned automatically (1-24 hours)
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 🎯 Next Steps
|
||
|
|
|
||
|
|
1. **Run the script:**
|
||
|
|
```bash
|
||
|
|
bash scripts/setup-cloudflare-auto.sh
|
||
|
|
```
|
||
|
|
|
||
|
|
2. **Wait for DNS propagation** (usually 5-30 minutes)
|
||
|
|
|
||
|
|
3. **Verify SSL certificates** (Azure will provision automatically, 1-24 hours)
|
||
|
|
|
||
|
|
4. **Test the website:**
|
||
|
|
```bash
|
||
|
|
curl -I https://mim4u.org
|
||
|
|
curl -I https://www.mim4u.org
|
||
|
|
```
|
||
|
|
|
||
|
|
5. **Monitor Cloudflare analytics** in the dashboard
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 📚 Related Documentation
|
||
|
|
|
||
|
|
- `CLOUDFLARE_SETUP.md` - Comprehensive manual setup guide
|
||
|
|
- `CUSTOM_DOMAIN_SETUP.md` - Custom domain configuration details
|
||
|
|
- `scripts/setup-cloudflare-auto.sh` - Automated setup script
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
**✅ Script is ready! Run it with your tested credentials to complete Cloudflare automation.**
|
||
|
|
|