Roots Discourse

Disable Cloudflare for remote proivsion SSL cert creation task

One repetitive task that a lot of us have to do before deploying our remote server with ssl: letsencrypt enabled is disabling the Cloudflare proxying for our site DNS and subdomains and then re-enabling after deployment is complete.

I’m wondering how to go about creating an ansible task that uses a Cloudflare API token and secret stored in group_vars/all/vault.yml to automatically toggle Cloudflare during and after deploy to save having to manually do it through the Cloudflare UI.

Maybe someone has already figured this out?

Figured out a graceful solution thanks to cloudflare-cli from npm https://www.npmjs.com/package/cloudflare-cli.

Now it’s as easy as cfcli -d yoursite.com devmode off prior to deploying to remotes.

Edit: It wasn’t that easy. Simply enabling devmode won’t expose your site to the internet without the Cloudflare proxy.

I had to write a couple of bash scripts to make it happen.

#!/bin/bash
declare -a domains=("www" "yoursubdomain" "yoursite.com" "subdomain2")
for domain in "${domains[@]}"
do
    cfcli disableproxy "$domain" -q type:A
    cfcli disableproxy "$domain" -q type:AAAA
done

add your relevant A or AAAA record name values to the $domains array. Save it to a file called proxyDisable.sh and do chmod +x proxyDisable.sh. Optionally, you could create a separate bash script that enables proxying called proxyEnable.sh and switch out the disableproxy command for enableproxy. You’ll need to make sure that you install the cli with npm i -g cloudflare-cli. Hope this helps someone.

1 Like

Why not just use Cloudflare’s SSL cert instead?

1 Like

Oh, this is fantastic. I had no idea this utility existed. I’ll give it a shot as it allows for wildcard subdomains where Let’s Encrypt, through Trellis, does not yet. I have a multisite network and that would be far more convenient for my purposes. Thank you!

This topic was automatically closed after 42 days. New replies are no longer allowed.