MQL5-Google-Onedrive/docs/CLOUDFLARE_GUIDE.md

# Cloudflare Management & Tunnel Guide

This guide explains how to manage your Cloudflare settings and set up a secure tunnel for `lengkundee01.org`.
## Nameservers

If you are using Cloudflare to manage your DNS, ensure your domain nameservers are set to:
- `daisy.ns.cloudflare.com`
- `rocco.ns.cloudflare.com`


## Prerequisite: API Token

1.  Log in to the [Cloudflare Dashboard](https://dash.cloudflare.com/).
2.  Go to **My Profile** -> **API Tokens**.
3.  Create a token with the following permissions:
    *   **Zone - Zone Settings - Edit** (for changing security levels)
    *   **Zone - DNS - Edit** (for tunnel DNS routing)
    *   **Account - Cloudflare Tunnel - Edit** (for managing tunnels)
4.  Copy the token.
5.  Edit `config/vault.json` and paste your token:
    ```json
    "api_token": "YOUR_ACTUAL_TOKEN_HERE"
    ```

## Managing Security Level

You can check or change the "Under Attack Mode" or security level using the provided script.

**Check Status:**
```bash
python scripts/manage_cloudflare.py --status
```

**Set Security Level:**
Available levels: `off`, `essentially_off`, `low`, `medium`, `high`, `under_attack`.

```bash
# Enable Under Attack Mode
python scripts/manage_cloudflare.py --set under_attack

# Set to Medium
python scripts/manage_cloudflare.py --set medium
```

## Setting up Cloudflare Tunnel (1.1.1.1 / WARP)

To securely expose your local service or connect to your private network:

1.  **Install `cloudflared`**:
    ```bash
    sudo ./scripts/setup_cloudflare_tunnel.sh
    ```

2.  **Login**:
    ```bash
    cloudflared tunnel login
    ```

3.  **Create a Tunnel**:
    ```bash
    cloudflared tunnel create genx_tunnel
    ```
    *Copy the Tunnel ID provided in the output.*

4.  **Configure Tunnel**:
    Create a file named `config.yml` (or `~/.cloudflared/config.yml`):
    ```yaml
    tunnel: <Tunnel-UUID>
    credentials-file: /root/.cloudflared/<Tunnel-UUID>.json

    ingress:
      - hostname: lengkundee01.org
        service: http://localhost:8080
      - service: http_status:404
    ```

5.  **Route DNS**:
    ```bash
    cloudflared tunnel route dns genx_tunnel lengkundee01.org
    ```

6.  **Run the Tunnel**:
    ```bash
    cloudflared tunnel run genx_tunnel
    ```

## 1.1.1.1 WARP Connection

To use the 1.1.1.1 WARP client to access private resources:
1.  Ensure "Zero Trust" is configured in your Cloudflare Dashboard.
2.  Enroll your device in your Zero Trust organization.
3.  Connect via the WARP client.

## DNS Configuration
For a detailed guide on how to configure your DNS records for `lengkundee01.org`, including cleaning up conflicts and pointing to various hosting methods, see [DNS Configuration Recommendation](DNS_CONFIG_RECOMMENDATION.md).
Add Cloudflare management scripts and tunnel setup - Created `scripts/manage_cloudflare.py` to get/set security levels via API. - Created `scripts/setup_cloudflare_tunnel.sh` to install `cloudflared`. - Created `config/vault.json` with user-provided Zone/Account IDs for `lengkundee01.org`. - Created `docs/CLOUDFLARE_GUIDE.md` with usage instructions. - Updated `requirements.txt` to include `requests` as a core dependency. 2026-01-25 02:59:06 +00:00			`# Cloudflare Management & Tunnel Guide`

			This guide explains how to manage your Cloudflare settings and set up a secure tunnel for `lengkundee01.org`.
docs: update Cloudflare nameservers and unify domain name - Added daisy.ns.cloudflare.com and rocco.ns.cloudflare.com to Cloudflare guide. - Unified domain name to lengkundee01.org in CNAME and PWA guide. - Verified active domain using dig. - Updated sentinel journal with documentation learnings. 2026-02-13 04:11:32 +00:00			`## Nameservers`

			`If you are using Cloudflare to manage your DNS, ensure your domain nameservers are set to:`
			- `daisy.ns.cloudflare.com`
			- `rocco.ns.cloudflare.com`

Add Cloudflare management scripts and tunnel setup - Created `scripts/manage_cloudflare.py` to get/set security levels via API. - Created `scripts/setup_cloudflare_tunnel.sh` to install `cloudflared`. - Created `config/vault.json` with user-provided Zone/Account IDs for `lengkundee01.org`. - Created `docs/CLOUDFLARE_GUIDE.md` with usage instructions. - Updated `requirements.txt` to include `requests` as a core dependency. 2026-01-25 02:59:06 +00:00
			`## Prerequisite: API Token`

			`1. Log in to the [Cloudflare Dashboard](https://dash.cloudflare.com/).`
			`2. Go to My Profile -> API Tokens.`
			`3. Create a token with the following permissions:`
			`* Zone - Zone Settings - Edit (for changing security levels)`
			`* Zone - DNS - Edit (for tunnel DNS routing)`
			`* Account - Cloudflare Tunnel - Edit (for managing tunnels)`
			`4. Copy the token.`
			5. Edit `config/vault.json` and paste your token:
			```json
			`"api_token": "YOUR_ACTUAL_TOKEN_HERE"`
			```

			`## Managing Security Level`

			`You can check or change the "Under Attack Mode" or security level using the provided script.`

			`Check Status:`
			```bash
			`python scripts/manage_cloudflare.py --status`
			```

			`Set Security Level:`
			Available levels: `off`, `essentially_off`, `low`, `medium`, `high`, `under_attack`.

			```bash
			`# Enable Under Attack Mode`
			`python scripts/manage_cloudflare.py --set under_attack`

			`# Set to Medium`
			`python scripts/manage_cloudflare.py --set medium`
			```

			`## Setting up Cloudflare Tunnel (1.1.1.1 / WARP)`

			`To securely expose your local service or connect to your private network:`

			1. Install `cloudflared`:
			```bash
			`sudo ./scripts/setup_cloudflare_tunnel.sh`
			```

			`2. Login:`
			```bash
			`cloudflared tunnel login`
			```

			`3. Create a Tunnel:`
			```bash
			`cloudflared tunnel create genx_tunnel`
			```
			`Copy the Tunnel ID provided in the output.`

			`4. Configure Tunnel:`
			Create a file named `config.yml` (or `~/.cloudflared/config.yml`):
			```yaml
			`tunnel: <Tunnel-UUID>`
			`credentials-file: /root/.cloudflared/<Tunnel-UUID>.json`

			`ingress:`
			`- hostname: lengkundee01.org`
			`service: http://localhost:8080`
			`- service: http_status:404`
			```

			`5. Route DNS:`
			```bash
			`cloudflared tunnel route dns genx_tunnel lengkundee01.org`
			```

			`6. Run the Tunnel:`
			```bash
			`cloudflared tunnel run genx_tunnel`
			```

			`## 1.1.1.1 WARP Connection`

			`To use the 1.1.1.1 WARP client to access private resources:`
			`1. Ensure "Zero Trust" is configured in your Cloudflare Dashboard.`
			`2. Enroll your device in your Zero Trust organization.`
			`3. Connect via the WARP client.`
docs: add DNS configuration recommendation for lengkundee01.org 2026-02-13 03:21:34 +00:00
			`## DNS Configuration`
			For a detailed guide on how to configure your DNS records for `lengkundee01.org`, including cleaning up conflicts and pointing to various hosting methods, see [DNS Configuration Recommendation](DNS_CONFIG_RECOMMENDATION.md).