One repetitive task that a lot of us have to do before deploying our remote server with ssl: letsencrypt enabled is disabling the Cloudflare proxying for our site DNS and subdomains and then re-enabling after deployment is complete.
I’m wondering how to go about creating an ansible task that uses a Cloudflare API token and secret stored in group_vars/all/vault.yml to automatically toggle Cloudflare during and after deploy to save having to manually do it through the Cloudflare UI.
Now it’s as easy as cfcli -d yoursite.com devmode off prior to deploying to remotes.
Edit: It wasn’t that easy. Simply enabling devmode won’t expose your site to the internet without the Cloudflare proxy.
I had to write a couple of bash scripts to make it happen.
#!/bin/bash
declare -a domains=("www" "yoursubdomain" "yoursite.com" "subdomain2")
for domain in "${domains[@]}"
do
cfcli disableproxy "$domain" -q type:A
cfcli disableproxy "$domain" -q type:AAAA
done
add your relevant A or AAAA record name values to the $domains array. Save it to a file called proxyDisable.sh and do chmod +x proxyDisable.sh. Optionally, you could create a separate bash script that enables proxying called proxyEnable.sh and switch out the disableproxy command for enableproxy. You’ll need to make sure that you install the cli with npm i -g cloudflare-cli. Hope this helps someone.
Oh, this is fantastic. I had no idea this utility existed. I’ll give it a shot as it allows for wildcard subdomains where Let’s Encrypt, through Trellis, does not yet. I have a multisite network and that would be far more convenient for my purposes. Thank you!