miracles_in_motion/docs/deployment/CLOUDFLARE_AUTOMATION_COMPLETE.md

✅ Cloudflare Automation - Ready to Execute

Status: Script created and ready to run with your tested credentials

---

🚀 Quick Start

Since your Cloudflare credentials are in .env and fully tested, you can run the automated setup:

# The script will automatically load credentials from .env files
bash scripts/setup-cloudflare-auto.sh

Or if credentials are already exported:

export CLOUDFLARE_API_TOKEN="your-token"
export CLOUDFLARE_ZONE_ID="your-zone-id"
bash scripts/setup-cloudflare-auto.sh

---

📋 What the Script Does

The automated script (scripts/setup-cloudflare-auto.sh) will:

1. ✅ Load Credentials - Automatically reads from .env or .env.production
2. ✅ Verify API Access - Tests Cloudflare API authentication
3. ✅ Configure DNS Records:
   • Creates/updates www.mim4u.org → lemon-water-015cb3010.3.azurestaticapps.net (Proxied)
   • Creates/updates mim4u.org → lemon-water-015cb3010.3.azurestaticapps.net (Proxied)
4. ✅ Configure SSL/TLS:
   • Sets SSL mode to "Full"
   • Enables "Always Use HTTPS"
5. ✅ Configure Security:
   • Sets security level to "Medium"
   • Enables Browser Integrity Check
6. ✅ Configure Performance:
   • Enables minification (JS, CSS, HTML)
   • Enables Brotli compression
7. ✅ Add Custom Domain to Azure:
   • Adds mim4u.org to Static Web App
   • Adds www.mim4u.org to Static Web App

---

🔧 Manual Execution (If Needed)

If you prefer to run commands manually or the script needs adjustment:

1. Set Environment Variables

export CLOUDFLARE_API_TOKEN="your-api-token"
export CLOUDFLARE_ZONE_ID="your-zone-id"
export DOMAIN="mim4u.org"
export STATIC_WEB_APP_URL="lemon-water-015cb3010.3.azurestaticapps.net"

2. Create DNS Records

# www subdomain
curl -X POST "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records" \
  -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
  -H "Content-Type: application/json" \
  --data '{
    "type": "CNAME",
    "name": "www",
    "content": "'$STATIC_WEB_APP_URL'",
    "proxied": true,
    "ttl": 1
  }'

# Apex domain
curl -X POST "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records" \
  -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
  -H "Content-Type: application/json" \
  --data '{
    "type": "CNAME",
    "name": "@",
    "content": "'$STATIC_WEB_APP_URL'",
    "proxied": true,
    "ttl": 1
  }'

3. Configure SSL/TLS

# Set SSL mode to Full
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/ssl" \
  -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
  -H "Content-Type: application/json" \
  --data '{"value":"full"}'

# Enable Always Use HTTPS
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/always_use_https" \
  -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
  -H "Content-Type: application/json" \
  --data '{"value":"on"}'

4. Configure Security

# Set security level
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/security_level" \
  -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
  -H "Content-Type: application/json" \
  --data '{"value":"medium"}'

# Enable browser check
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/browser_check" \
  -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
  -H "Content-Type: application/json" \
  --data '{"value":"on"}'

5. Configure Performance

# Enable minification
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/minify" \
  -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
  -H "Content-Type: application/json" \
  --data '{"value":{"css":"on","html":"on","js":"on"}}'

# Enable Brotli
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/brotli" \
  -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
  -H "Content-Type: application/json" \
  --data '{"value":"on"}'

6. Add Custom Domain to Azure

az staticwebapp hostname set \
  --name mim-prod-igiay4-web \
  --resource-group rg-miraclesinmotion-prod \
  --hostname "mim4u.org"

az staticwebapp hostname set \
  --name mim-prod-igiay4-web \
  --resource-group rg-miraclesinmotion-prod \
  --hostname "www.mim4u.org"

---

✅ Verification

After running the script, verify the configuration:

# Check DNS records
curl -X GET "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records" \
  -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
  -H "Content-Type: application/json" | jq '.result[] | select(.name | contains("mim4u"))'

# Check SSL settings
curl -X GET "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/settings/ssl" \
  -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
  -H "Content-Type: application/json" | jq '.result.value'

# Test DNS resolution
dig mim4u.org
dig www.mim4u.org

---

📝 Expected Results

After successful execution:

• ✅ DNS records created/updated in Cloudflare
• ✅ SSL/TLS configured (Full mode, Always HTTPS)
• ✅ Security settings configured (Medium level, Browser check)
• ✅ Performance optimizations enabled (Minification, Brotli)
• ✅ Custom domains added to Azure Static Web App
• ✅ Ready for DNS propagation (5-30 minutes)
• ✅ SSL certificates will be provisioned automatically (1-24 hours)

---

🎯 Next Steps

1. Run the script:

   bash scripts/setup-cloudflare-auto.sh
   

2. Wait for DNS propagation (usually 5-30 minutes)

3. Verify SSL certificates (Azure will provision automatically, 1-24 hours)

4. Test the website:

   curl -I https://mim4u.org
   curl -I https://www.mim4u.org
   

5. Monitor Cloudflare analytics in the dashboard

---

📚 Related Documentation

• CLOUDFLARE_SETUP.md - Comprehensive manual setup guide
• CUSTOM_DOMAIN_SETUP.md - Custom domain configuration details
• scripts/setup-cloudflare-auto.sh - Automated setup script

---

✅ Script is ready! Run it with your tested credentials to complete Cloudflare automation.