Cloudflare, Inc.1 is an American technology company headquartered in San Francisco, California, that provides a range of internet services, including content delivery network (CDN) services, cloud cybersecurity, DDoS mitigation, and ICANN-accredited domain registration.[3] The company’s services act primarily as a reverse proxy between website visitors and a customer’s hosting provider, improving performance and protecting against malicious traffic.
All that being said, we only use
- Domain registration for
- cornillaud.com
- cornillaud.net
- cornillaud.org2
- DNS for cornillaud.com — Cloudflare is the authoritative name server
- The web hosting service for this documentation
Managing our Cloudflare account
The Cloudflare dashboard for our account is at this link. Credentials for signing in are in 1Password and can be viewed at this link, assuming you have the 1Password desktop application installed and running, that you are logged in, and that you have at least read access to the vault named Lab.
DNS — cornillaud.com
Cloudflare is the authoritative DNS provider for cornillaud.com. Records are
managed in the DNS dashboard.
All records are DNS only (grey cloud, not proxied through Cloudflare’s CDN). This is required for Caddy’s HTTP-01 certificate challenge and for non-HTTP protocols to reach the home network directly.
Current records
| Name | Type | Value | Purpose |
|---|---|---|---|
www | A | WAN IP (DDNS-maintained) | Primary entry point; updated automatically by UDM Pro SE |
n8n | CNAME | www.cornillaud.com | Routes to n8n UI via Caddy |
home | CNAME | www.cornillaud.com | Routes to Home Assistant via Caddy |
CNAME records point to www.cornillaud.com rather than directly to the WAN IP.
Only the www A record is maintained by DDNS; all CNAMEs follow it automatically
when the WAN IP changes.
All records use a 1-minute TTL.
DDNS
The home WAN IP is dynamic. The UDM Pro SE’s built-in DDNS client keeps the www
A record current.
Configuration (UniFi Network → Settings → Internet → WAN → Dynamic DNS):
| Field | Value |
|---|---|
| Service | Cloudflare |
| Hostname | www |
| Domain | cornillaud.com |
| Username | Cloudflare account email |
| Password | Cloudflare API token (see below) |
API tokens
Scoped API tokens (not the global API key) are used to limit access. Created at My Profile → API Tokens.
| Token name | Permissions | Scope | Stored in | Used by |
|---|---|---|---|---|
| Edit zone DNS | Zone → DNS → Edit | cornillaud.com only | 1Password — Lab vault, Cloudflare item | UDM Pro SE DDNS client |
Footnotes
-
Taken from the article for Cloudflare on Wikipedia. ↩
-
Domain cornillaud.org is not used. I intend to delete it. By the time you read this, that might have been done. ↩