Contents
Preface
Actually, from the title of the demand, it seems not very meaningful now, because if you only use cloudflare, there are too many ways to quickly access domestic sites from abroad (tunnel, custom host). I considered this issue at the time because in order to solve the filing problem, I had already spent more than 20 yuan per month to buy Tencent Cloud's high-end lightweight servers. Although many applications (uptime-kuma, bind9, redis, cryptgeon, komga, shlink server, bark, tailscale relay server) were already running on it, the resources were still not fully utilized:
I always feel that the 20 yuan is a waste, so I always want to find something to do with the cloud host. However, the cloud host I registered has a legitimate HTTPS port 443, which cannot be wasted, so I decided to do this (if you don’t have a ready-made registered domain name, this method is not recommended, refer to my other article:A series of tricks to use cloudflare to build a website quickly using home broadband without public IP (general purpose)).
Preparation
Prepare a new or idle domain name and complete the record, assuming it is example1212.com. This is because the free version of cloudflare does not support adding subdomains:
Therefore, the authoritative DNS corresponding to the entire example1212.com must be pointed to Cloudflare (there is also a way to "customize the hostname", but that is more complicated, and I will talk about it in a separate article later).
In fact, you don’t necessarily need a brand new (or idle) domain name here. You can use an existing one. The configured records can actually be imported into cloudflare. However, many hosts under the domain name I use use Tencent Cloud’s CDN, so I don’t want to bother with CNAME. Secondly, I am also worried that if I put them all on cloudflare, in case China performs negative optimization on cloudflare, it will affect normal access. So I just use a new domain name for the experiment. (Additional note: After a period of tossing, I think the best solution is to have two domain names, one registered for domestic access, and one unregistered, which is used for foreign access and as a backup when there is a problem with the domestic domain name. It is best to transfer the unregistered domain name directly to cloudflare and not put it under the management of a domestic domain name agency).
In fact, there is a compromise method, which is to point the authoritative DNS of the domain name in use to cloudflare in the DNS service provided by your domestic domain name provider (for example: Tencent Cloud's dnspod or Alibaba Cloud DNS resolution), and cloudflare uses NS records to delegate specific subdomains to your domestic domain name provider for resolution. In this way, through advance planning, cloudflare and domestic domain name providers can each be responsible for their own resolution. This method is supported by the free version of the DNS solutions of the two domestic domain name providers mentioned above. This method requires adding txt records on CF according to the information provided by the domestic domain name provider and then passing the verification of the domestic domain name provider, as well as adding NS records on CF according to the dns server provided by the domestic domain name provider after verification. I will use an article to talk about this separately later.
Have a cloudflare account, if not, register one.
Have a cloud host with a public network address and a registered domain name.
Add domain name on CF
Log in to Cloudflare, then click "Add Site" in the red box at the top, or "Site" - "Add Site", as shown in the image below:
Enter your domain name example1212.com in the red box below and click Continue below:
Select the Free plan in the red box below (rich people can choose as they like) and click Continue:
The following page appears:
To add records uniformly later, just click Continue below and the following interface will appear:
Click OK and the following interface will appear:
The part in the red box is the authoritative DNS of CF that we need to point to at the domestic domain name provider in the next section
Address, and finally click Done in the interface below. At this time, you can already see the domain name we just added on the website.
Modify the authoritative DNS address pointed to by the registered domain name
Log in to the DNS management panel provided by a domestic domain name (taking Tencent DNSPod free version as an example), search for "domain registration" in "Console" - "Product Management" and press Enter:
Click "My Domains" in the red box, then select "More" from the rightmost drop-down menu for the domain you want to work with, and then select "Modify DNS Servers," as shown in the image below:
Enter the following interface:
In the image above, select "Custom DNS", then enter the CF authoritative DNS server address given on the last page of the CF configuration section in the box below, and finally click "Submit" in the red box below.
Note: After submission, it will take effect within 24-48 hours. After it takes effect, the red box below example1212.com in the cloudflare website section will show the prompt
It will change to the word "Valid", as follows:
Configure CF to proxy domestic cloud hosts
From "Website" - "example1212.com" - "DNS" - "Records", click "Add Record", as shown in the image below:
Fill in the name (e.g. blog), the IPv4 public network address of the domestic cloud host (e.g. 43.44.45.46), and the proxy enable status as shown in the red box below, and finally click Save below:
This enables access to the host domain blog.example1212.com, and points the source host to port 443 of the cloud host corresponding to the public IP 43.44.45.46. Note: CDN is not enabled by default in the free version of Cloudlfare, and needs to be configured through page rules. I will have the opportunity to write a separate article about this later.
Cloud host configuration
In this example, the cloud host needs to add the blog.example1212.com site through the WEB server software (nginx, apache installed by Baota Linux Panel, or separate nginx and apache, depending on what you are used to). There are several subdivisions here:
1. If the site is originally built on the cloud host and the domain name is originally this, then you don’t need to do anything, it’s already done
2. If the site is originally built on the cloud server, but the domain name is not this (as mentioned at the beginning of this article, use a brand new domain name), you need to create a site for this brand new domain name, which is blog.example1212.com in this article, and then configure the reverse proxy to point to the correct source site address (either the local address or the domain name).
3. If the site is not on the cloud host (for example, my source site is in the home data center and published through Tencent Cloud CDN), and the domain name is not this, then you need to configure the reverse proxy in the same way as in 2 (in this case, the reverse proxy can point to the CDN domain name, or to the domain name and port of the source site in the home data center).
Finally, a friendly reminder to configure the SSL/TLS type properly and choose the method that suits you:
Because I used Let's Encrypt to automatically apply for and update certificates for the website corresponding to the domain name (blog.example1212.com in this article) on the cloud server, which is accessible from overseas, meaning it has a valid SSL certificate, I chose the "Full" option. You need to choose the appropriate method according to your own situation; otherwise, access will result in an error.