Cloudflare DNSEdit

Context

In May 2022 I switched to using Cloudflare Registrar for my domain registrations (from Namecheap) because they offer domain renewals at fair prices. Basically, they run the registry "at cost" as a kind of loss-leader for their other offerings. I don’t know how long they will keep this up, but their registrar went public in 2018, so it’s 4 years so far at the time of writing. Back in the day, Namecheap used to offer reasonably fair renewal prices too — that’s why I ran into their warm embrace, fleeing from an abusive relationship with GoDaddy, pausing in an intermediate rebound relationship with Joker along the way — but unfortunately, it wasn’t to last…

Anyway, Cloudflare also hosts the DNS for free, allowing me to save a few pennies by switching that away too (from Amazon Route 53). All of this follows on from another cost-saving measure I undertook in 2021, which was moving some static pages from Amazon EC2 (paid) to GitHub Pages (free). Speaking of free, I stopped paying for SSL certificates once Let’s Encrypt took off; any time I need an SSL certificate for a site I run, I use that, and for sites I don’t run (eg. GitHub Pages, Cloudflare URL forwarding etc) the corresponding providers deal with the SSL for free. Overall, having a simple, static presence online has gotten a lot cheaper since the early days.

Static hosting on GitHub Pages with redirects

Case study #1: greg.hurrell.net

GitHub set-up
Cloudflare set-up
  • DNS for hurrell.net:
    • CNAME gregwincent.github.io
    • CNAME @ (root) → github.hurrell.net (proxied); used for a redirect — see "Page Rules" below.
    • CNAME wwwgithub.hurrell.net (proxied); used for a redirect — see "Page Rules" below.
  • Page Rules for hurrell.net:
    • hurrell.net/* via Forwarding URL (301 — Permanent Redirect) → https://greg.hurrell.net/$1
    • www.hurrell.net/* via Forwarding URL (301 — Permanent Redirect) → https://greg.hurrell.net/$1
  • DNS for greghurrell.net (and a couple of other similar domains that I have):
    • CNAME @ (root) → github.greghurrell.net (proxied); used for a redirect — see "Page Rules" below.
    • CNAME wwwgithub.greghurrell.net (proxied); used for a redirect — see "Page Rules" below.
  • Page Rules for greghurrell.net:
    • greghurrell.net/* via Forwarding URL (301 — Permanent Redirect) → https://greg.hurrell.net/$1
    • www.greghurrell.net/* via Forwarding URL (301 — Permanent Redirect) → https://greg.hurrell.net/$1

The net effect of the above on requests is:

Note that all the redirects are a single "hop", which you can see with a command like curl -L -i http://www.hurrell.net/cv-full.en.html; it shows an immediate 301 redirect to the HTTPS URL on the GitHub Pages site.

Credit for the Page Rules configuration goes to this Stack Overflow answer and comment. Conveniently Cloudflare gives you three Page Rules for free with every site.

Case study #2: hex.wincent.com

GitHub set-up
Cloudflare set-up
  • DNS for wincent.com:
    • CNAME hexwincent.github.io
    • A zillion other A and CNAME records for various things hosted elsewhere, like:
      • A record for git.wincent.com pointing at an EC2 Elastic IP.
      • A record for wincent.com root pointing at another Elastic IP.
      • CAA record wincent.com saying that letsencrypt.org is allowed to issue certificates; this works because GitHub Pages uses Let’s Encrypt to create the certificate for hex.wincent.com and I also use Let’s Encrypt to generate the other certificates for wincent.com, git.wincent.com (etc) domains on EC2. If GitHub Pages ever switches to a different Certificate Authority, I’ll have to add another CAA record.
  • Page Rules for wincent.com: none.