227f4df62b
- Integrated additional Zod validation schemas for improved input validation across various API routes. - Updated existing services to utilize the new validation middleware, ensuring better request integrity. - Improved error handling mechanisms in key services to provide clearer feedback on request failures. - Conducted code cleanup to enhance readability and maintainability of the API services.
7.8 KiB
7.8 KiB
Cloudflare DNS Configuration for d-bis.org
Complete DNS entries for all eMoney Token Factory API services.
DNS Records Summary
Production Services
| Type | Name | Value | TTL | Proxy | Notes |
|---|---|---|---|---|---|
| A | api.d-bis.org |
192.0.2.1 |
Auto | ✅ | Main REST API |
| AAAA | api.d-bis.org |
2001:db8::1 |
Auto | ✅ | Main REST API (IPv6) |
| A | mappings.api.d-bis.org |
192.0.2.2 |
Auto | ✅ | Mapping Service |
| AAAA | mappings.api.d-bis.org |
2001:db8::2 |
Auto | ✅ | Mapping Service (IPv6) |
| A | webhooks.api.d-bis.org |
192.0.2.3 |
Auto | ✅ | Webhook Service |
| AAAA | webhooks.api.d-bis.org |
2001:db8::3 |
Auto | ✅ | Webhook Service (IPv6) |
| A | orchestrator.api.d-bis.org |
192.0.2.4 |
Auto | ✅ | Orchestrator Service |
| AAAA | orchestrator.api.d-bis.org |
2001:db8::4 |
Auto | ✅ | Orchestrator Service (IPv6) |
| A | packets.api.d-bis.org |
192.0.2.5 |
Auto | ✅ | Packet Service |
| AAAA | packets.api.d-bis.org |
2001:db8::5 |
Auto | ✅ | Packet Service (IPv6) |
Staging Services
| Type | Name | Value | TTL | Proxy | Notes |
|---|---|---|---|---|---|
| A | api-staging.d-bis.org |
192.0.2.10 |
Auto | ✅ | Staging REST API |
| AAAA | api-staging.d-bis.org |
2001:db8::10 |
Auto | ✅ | Staging REST API (IPv6) |
| A | mappings.api-staging.d-bis.org |
192.0.2.11 |
Auto | ✅ | Staging Mapping Service |
| AAAA | mappings.api-staging.d-bis.org |
2001:db8::11 |
Auto | ✅ | Staging Mapping Service (IPv6) |
| A | webhooks.api-staging.d-bis.org |
192.0.2.12 |
Auto | ✅ | Staging Webhook Service |
| AAAA | webhooks.api-staging.d-bis.org |
2001:db8::12 |
Auto | ✅ | Staging Webhook Service (IPv6) |
| A | orchestrator.api-staging.d-bis.org |
192.0.2.13 |
Auto | ✅ | Staging Orchestrator Service |
| AAAA | orchestrator.api-staging.d-bis.org |
2001:db8::13 |
Auto | ✅ | Staging Orchestrator Service (IPv6) |
| A | packets.api-staging.d-bis.org |
192.0.2.14 |
Auto | ✅ | Staging Packet Service |
| AAAA | packets.api-staging.d-bis.org |
2001:db8::14 |
Auto | ✅ | Staging Packet Service (IPv6) |
Cloudflare-Specific Configuration
SSL/TLS Settings
- SSL/TLS encryption mode: Full (strict)
- Minimum TLS Version: TLS 1.2
- Always Use HTTPS: Enabled
- Automatic HTTPS Rewrites: Enabled
- Opportunistic Encryption: Enabled
Security Settings
- Security Level: Medium
- Challenge Passage: 30 minutes
- Browser Integrity Check: Enabled
- Privacy Pass Support: Enabled
Speed Settings
- Auto Minify: JavaScript, CSS, HTML
- Brotli: Enabled
- HTTP/2: Enabled
- HTTP/3 (with QUIC): Enabled
- 0-RTT Connection Resumption: Enabled
Caching
- Caching Level: Standard
- Browser Cache TTL: Respect Existing Headers
- Always Online: Enabled
- Development Mode: Disabled (enable only for testing)
Page Rules
Production API - Force HTTPS
- URL Pattern:
*api.d-bis.org/* - Settings:
- Always Use HTTPS: On
- SSL: Full (strict)
- Cache Level: Bypass
Staging API - Force HTTPS
- URL Pattern:
*api-staging.d-bis.org/* - Settings:
- Always Use HTTPS: On
- SSL: Full (strict)
- Cache Level: Bypass
API - No Cache
- URL Pattern:
*api.d-bis.org/v1/* - Settings:
- Cache Level: Bypass
- Disable Apps: On
- Disable Performance: Off
Firewall Rules
Block Non-API Paths
- Rule Name: Block non-API paths
- Expression:
(http.request.uri.path ne "/v1/" and http.request.uri.path ne "/health") - Action: Block
Rate Limiting
- Rule Name: API Rate Limit
- Expression:
(http.request.uri.path contains "/v1/") - Action: Challenge
- Rate: 100 requests per minute per IP
Geo-Blocking (if needed)
- Rule Name: Block specific countries
- Expression:
(ip.geoip.country eq "XX") - Action: Block
- Note: Replace "XX" with country code to block
Load Balancer Configuration (if using Cloudflare Load Balancer)
Production Pool
- Name:
api-production-pool - Health Check: HTTP GET
/health - Health Check Interval: 60 seconds
- Health Check Timeout: 5 seconds
- Health Check Retries: 2
- Expected Response: 200 OK
Staging Pool
- Name:
api-staging-pool - Health Check: HTTP GET
/health - Health Check Interval: 60 seconds
- Health Check Timeout: 5 seconds
- Health Check Retries: 2
- Expected Response: 200 OK
Workers Routes (if using Cloudflare Workers)
API Gateway Worker
- Route:
api.d-bis.org/v1/* - Worker:
api-gateway-worker - Zone:
d-bis.org
DNS Records in Cloudflare Dashboard Format
Production Records
Type: A
Name: api
Content: 192.0.2.1
TTL: Auto
Proxy status: Proxied
Type: AAAA
Name: api
Content: 2001:db8::1
TTL: Auto
Proxy status: Proxied
Type: A
Name: mappings.api
Content: 192.0.2.2
TTL: Auto
Proxy status: Proxied
Type: AAAA
Name: mappings.api
Content: 2001:db8::2
TTL: Auto
Proxy status: Proxied
Type: A
Name: webhooks.api
Content: 192.0.2.3
TTL: Auto
Proxy status: Proxied
Type: AAAA
Name: webhooks.api
Content: 2001:db8::3
TTL: Auto
Proxy status: Proxied
Type: A
Name: orchestrator.api
Content: 192.0.2.4
TTL: Auto
Proxy status: Proxied
Type: AAAA
Name: orchestrator.api
Content: 2001:db8::4
TTL: Auto
Proxy status: Proxied
Type: A
Name: packets.api
Content: 192.0.2.5
TTL: Auto
Proxy status: Proxied
Type: AAAA
Name: packets.api
Content: 2001:db8::5
TTL: Auto
Proxy status: Proxied
Staging Records
Type: A
Name: api-staging
Content: 192.0.2.10
TTL: Auto
Proxy status: Proxied
Type: AAAA
Name: api-staging
Content: 2001:db8::10
TTL: Auto
Proxy status: Proxied
Type: A
Name: mappings.api-staging
Content: 192.0.2.11
TTL: Auto
Proxy status: Proxied
Type: AAAA
Name: mappings.api-staging
Content: 2001:db8::11
TTL: Auto
Proxy status: Proxied
Type: A
Name: webhooks.api-staging
Content: 192.0.2.12
TTL: Auto
Proxy status: Proxied
Type: AAAA
Name: webhooks.api-staging
Content: 2001:db8::12
TTL: Auto
Proxy status: Proxied
Type: A
Name: orchestrator.api-staging
Content: 192.0.2.13
TTL: Auto
Proxy status: Proxied
Type: AAAA
Name: orchestrator.api-staging
Content: 2001:db8::13
TTL: Auto
Proxy status: Proxied
Type: A
Name: packets.api-staging
Content: 192.0.2.14
TTL: Auto
Proxy status: Proxied
Type: AAAA
Name: packets.api-staging
Content: 2001:db8::14
TTL: Auto
Proxy status: Proxied
Import Instructions
Using Cloudflare Dashboard
- Log in to Cloudflare Dashboard
- Select the
d-bis.orgzone - Go to DNS → Records
- Click Add record for each entry above
- Fill in the details as specified
- Ensure Proxy status is set to Proxied (orange cloud) for all A/AAAA records
Using Cloudflare API
You can use the Cloudflare API to bulk import DNS records. See cloudflare-dns-import.sh for a script.
Using Terraform
See cloudflare-dns.tf for Terraform configuration.
Notes
- IP Addresses: Replace all placeholder IP addresses (
192.0.2.xand2001:db8::x) with actual production IP addresses - TTL: Set to "Auto" to allow Cloudflare to manage TTL dynamically
- Proxy: Enable proxy (orange cloud) for DDoS protection and CDN benefits
- IPv6: Include AAAA records for IPv6 support
- Health Checks: Configure health checks if using Cloudflare Load Balancer
- SSL Certificates: Cloudflare will automatically provision SSL certificates for proxied records
Verification
After adding DNS records, verify with:
# Check DNS resolution
dig api.d-bis.org
dig mappings.api.d-bis.org
dig webhooks.api.d-bis.org
dig orchestrator.api.d-bis.org
dig packets.api.d-bis.org
# Check IPv6 resolution
dig AAAA api.d-bis.org
dig AAAA mappings.api.d-bis.org
# Check staging
dig api-staging.d-bis.org
dig mappings.api-staging.d-bis.org
Support
For DNS issues, contact: infrastructure@d-bis.org