2.1 KiB
2.1 KiB
title, description, tags, category, created, updated
| title | description | tags | category | created | updated | |||
|---|---|---|---|---|---|---|---|---|
| Cloudflare | Tool overview for Cloudflare as a DNS, edge, and access platform in self-hosted environments |
|
tools | 2026-03-14 | 2026-03-14 |
Cloudflare
Summary
Cloudflare is an edge platform commonly used for DNS hosting, proxying, TLS, tunnels, and access control. In self-hosted environments, it is often the public-facing layer in front of privately managed infrastructure.
Why it matters
Cloudflare can reduce operational burden for public DNS, certificates, and internet exposure. It becomes especially useful when services need a controlled edge while the underlying infrastructure remains private or partially private.
Core concepts
- Authoritative DNS hosting
- Proxy mode for HTTP and selected proxied traffic
- Zero Trust and Access controls
- Tunnels for publishing services without opening inbound ports directly
- CDN and caching features for web workloads
Practical usage
Cloudflare commonly fits into infrastructure like this:
Client -> Cloudflare edge -> reverse proxy or tunnel -> application
Typical uses:
- Public DNS for domains and subdomains
- Cloudflare Tunnel for selected internal apps
- Access policies in front of sensitive web services
Best practices
- Keep public DNS records documented and intentional
- Use tunnels or private access controls for admin-facing services when appropriate
- Understand which services are proxied and which are DNS-only
- Review TLS mode and origin certificate behavior carefully
Pitfalls
- Assuming proxy mode works identically for every protocol
- Forgetting that Cloudflare becomes part of the trust and availability path
- Mixing internal admin services with public publishing defaults
- Losing track of which records are authoritative in Cloudflare versus internal DNS