Cloudflare

Summary

Cloudflare is an edge platform commonly used for DNS hosting, proxying, TLS, tunnels, and access control. In self-hosted environments, it is often the public-facing layer in front of privately managed infrastructure.

Why it matters

Cloudflare can reduce operational burden for public DNS, certificates, and internet exposure. It becomes especially useful when services need a controlled edge while the underlying infrastructure remains private or partially private.

Core concepts

• Authoritative DNS hosting
• Proxy mode for HTTP and selected proxied traffic
• Zero Trust and Access controls
• Tunnels for publishing services without opening inbound ports directly
• CDN and caching features for web workloads

Practical usage

Cloudflare commonly fits into infrastructure like this:

Client -> Cloudflare edge -> reverse proxy or tunnel -> application

Typical uses:

• Public DNS for domains and subdomains
• Cloudflare Tunnel for selected internal apps
• Access policies in front of sensitive web services

Best practices

• Keep public DNS records documented and intentional
• Use tunnels or private access controls for admin-facing services when appropriate
• Understand which services are proxied and which are DNS-only
• Review TLS mode and origin certificate behavior carefully

Pitfalls

• Assuming proxy mode works identically for every protocol
• Forgetting that Cloudflare becomes part of the trust and availability path
• Mixing internal admin services with public publishing defaults
• Losing track of which records are authoritative in Cloudflare versus internal DNS

References

• Cloudflare Docs
• Cloudflare Learning Center: What is DNS?
• Cloudflare Zero Trust documentation