how to connect your home server to a domain with cloudflare
this tutorial is very extend for has various points:
- Add site
- Auto update your dynamic ip
- Add sub-domains to domain
- Select to type of encryption
- Configuration encryption pem and key with nginx
well cloudflare is a server dns that allows you to manage our dns for free for the domains we use and create sub-domains, although it has more cloudflare tools, we will use some of them
after you register:
1. Add the site
select plan to use:
when you finalize the purchase for 0$ you can see that:
press to button continue
now you must change dns nameserver in your domain
for example in my domain https://my.freenom.com/
change to Name-servers
to
check the name-servers is working
2. Auto update your dynamic ip
if you have a dynamic ip, you need send the new ip to cloudflare for this use a small script bash for run with crontab in Gnu/Linux the best system :)
well for this we looking 3 elements
a) api key
b) id zone dns (for domain)
c) id domain in zone dns
now we use curl and api for get the id domain
https://api.cloudflare.com/
list dns records
https://api.cloudflare.com/#dns-records-for-a-zone-list-dns-records
get the attribute id and use after dns_record at url
Terminal:
curl -X GET "https://api.cloudflare.com/client/v4/zones/YOUR_ZONE_ID/dns_records?type=A&name=YOUR_DOMAIN" -H "X-Auth-Email: YOUR_EMAIL" -H "X-Auth-Key: YOUR_API_KEY" -H "Content-Type: application/json"
you remember get the id of your domain example ramdontest.ml, the others are sub-domain and we interest update only the domain because the sub-domain has the same ip, because use dns type CNAME
update the ip
Terminal:
curl -X PUT "https://api.cloudflare.com/client/v4/zones/YOUR_ZONE_ID/dns_records/YOUR_ID_DOMAIN" \ -H "X-Auth-Email: user@example.com" \ -H "X-Auth-Key: YOUR_API_KEY" \ -H "Content-Type: application/json" \ --data '{"type":"A","name":"example.com","content":"127.0.0.1","ttl":1,"proxied":false}'the word or number with red is because you change 1 to 120 or true - false, for balance with cloudflare or without balance
script bash
Terminal:
#!/bin/sh ipNow=$(/sbin/ifconfig enp2s0 | grep -i 'Direc. inet' | cut -d ":" -f 2 | cut -d " " -f 1) ipOld="" UBICATION_LOGS="/opt/logs/" ejecutarCodigo() { { echo "From: Server Update IP <server@YOUR-DOMAIN.COM>" echo "Sender: YOUR-MAIL@GMAIL.COM" echo "To: YOUR-MAIL@GMAIL.COM" echo "Subject: The server change ip" echo echo "The server change ip "$ipOld" to "$ipNow } | /usr/sbin/ssmtp YOUR-MAIL@gmail.com #enviar email } while read line; do ipOld=$line done <$UBICATION_LOGS"ipOld.js" echo $ipOld" - "$ipNow if [ $ipOld != $ipNow ]; then #loadwebs.tk curl -X PUT "https://api.cloudflare.com/client/v4/zones/YOUR_ID_ZONE/dns_records/YOUR_ID_DOMAIN" \ -H "X-Auth-Email: YOUR-MAIL@gmail.com" \ -H "X-Auth-Key: YOUR_API_KEY" \ -H "Content-Type: application/json" \ --data '{"type":"A","name":"YOUR_DOMAIN","content":'\"$ipNow\"',"ttl":1,"proxied":false}' ejecutarCodigo else echo "NO" fi
3. Add sub-domains to domain
this is very important, change the domain to dns only, this is you can connect for ssh with domain or you can a sub-domain change to dns only and connect to ssh
Example:
4. Select to type of encryption
These options are listed from least (Off) to most secure (Full SSL (Strict)). All options are available in all customer plans.
Off: No secure connection between your visitor and Cloudflare, and no secure connection between Cloudflare and your web server either. This means that visitors can only view your website over HTTP, and any visitor attempting to connect via HTTPS will receive a HTTP 301 Redirect to the plain HTTP version of your website.
Flexible SSL: A Secure connection between your visitor and Cloudflare, but no secure connection between Cloudflare and your web server. You don't need to have an SSL certificate on your web server, but your visitors still see the site as being HTTPS enabled. This option is not recommended if you have any sensitive information on your website. This setting will only work for port 443->80, not for the other ports we support like 2053. It should only be used as a last resort if you are not able to setup SSL on your own web server. Be aware it can cause issues when you decide to switch away from it: How do I fix the infinite redirect loop...
Full SSL: A secure connection between your visitor and Cloudflare, plus a secure connection (but not authenticated) between Cloudflare and your web server. You will need to have your server configured to answer HTTPS connections, with at least a self-signed certificate. The authenticity of the certificate is not verified: from Cloudflare’s point of view (when we connect to your origin web server), it’s the equivalent of bypassing this error message. But as long as the address of your origin web server is correct in your DNS settings, you know that we’re connecting to your web server, and not someone else’s.
Full SSL (Strict): A secure connection between your visitor and Cloudflare, plus a secure and authenticated connection between Cloudflare and your web server. You will need to have your server configured to answer HTTPS connections, with a valid SSL certificate. This certificate must be signed by a certificate authority that is trusted by Cloudflare, have an expiration date in the future, and respond for the request domain name (hostname). If you've added a CNAME record for the hostname on Cloudflare, the certificate's Common Name or SAN may also match the CNAME target.
Strict (SSL-Only Origin Pull): Enterprise only This mode has the same certificate requirements as Full (Strict) and will also upgrade all connections between Cloudflare and the origin from HTTP to HTTPS, even if the original content requested is over HTTP.
Origin CA certificates, generated by Cloudflare, can be used with either the Full or Full(strict) options as they are trusted by Cloudflare. You can find more information about Origin CA certificates below:
if you want use Flexible SSL dont need config more, whole is ready.
now configuration with full mode
select to full mode
create certificate
copy the code pem and code key and paste in your server
you should have this
5. Configuration encryption pem and key with nginx
Terminal:
server { listen 443 ssl; server_name first.ramdontest.ml; root /var/www; index index.php index.html index.htm index.nginx-debian.html; ssl_certificate /opt/ssl/ramdontest.pem; ssl_certificate_key /opt/ssl/ramdontest.key; access_log /opt/logs/ramdontest.ml.access_log.js; error_log /opt/logs/ramdontest.ml.error_log.js; rewrite_log on; location / { proxy_pass http://localhost:3202; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; } }
links: https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-SSL-options-mean-
virtualbox manjaro error /sbin/vboxconfig solved kernel 4.14
first check to version kernel
Terminal:
uname -a
my kernel is 4.14.* for this, i install
Terminal:
sudo pacman -S linux414-virtualbox-host-modules
now activate modprobe
Terminal:
sudo modprobe vboxdrv
Terminal:
sudo adduser your_home_user vboxusers
Terminal:
sudo usermod -aG vboxusers your_home_user
that's all |
Suscribirse a:
Entradas
(
Atom
)
0 comentarios :