Cloudflare DNS & Security Setup
Configured Cloudflare as the public edge for a self-hosted portfolio site, managing DNS, HTTPS, and traffic proxying to securely expose services running on a home server.
Overview
This project focuses on establishing a secure and reliable public entry point for a self-hosted website using Cloudflare as the DNS provider and edge security layer. The goal was to safely expose a home-hosted service to the internet while reducing direct attack surface on the origin server.
The setup includes domain configuration, DNS record management, HTTPS enforcement, and Cloudflare proxying to route traffic through Cloudflare’s network before reaching the origin. This provides foundational experience with real-world web infrastructure patterns used to protect production systems.
Tech Stack
- DNS
- HTTPS
- SSL/TLS
- Origin Server (Self-Hosted)
Highlights
- Configured Cloudflare as authoritative DNS for a custom domain.
- Managed A and CNAME records to route traffic to a self-hosted origin server.
- Enabled Cloudflare proxying to mask the origin IP and reduce exposure.
- Enforced HTTPS using Cloudflare SSL/TLS with a secure edge-to-origin configuration.
- Used Cloudflare as a protective layer in front of a Dockerized Nginx web server.
- Gained hands-on experience with real DNS propagation, caching, and certificate behavior.
Next Steps
- Tighten origin security by restricting inbound traffic to Cloudflare IP ranges only.
- Add Cloudflare security rules and rate limiting for basic attack mitigation.
- Explore Cloudflare analytics to better understand traffic patterns and edge behavior.
- Document DNS and SSL configuration decisions for repeatable future setups.