blackroad-os/blackroad-operating-system
9
0
Fork 0
mirror of https://github.com/blackboxprogramming/BlackRoad-Operating-System.git synced 2026-03-17 07:57:19 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
a97ada4e3d2f9db56cd79b92a4fc6ee6e6522087
blackroad-operating-system/infra/cloudflare/migrate_to_cloudflare.md
Claude 2a8f12d5cb chore: phase 1 infrastructure implementation 
Implement Phase 1 infrastructure from master orchestration plan.
This commit delivers production-ready deployment infrastructure,
comprehensive documentation, and workflow automation.

**Cloudflare DNS Infrastructure:**
- Add records.yaml with complete DNS config for all domains
- Add migrate_to_cloudflare.md with step-by-step migration guide
- Add cloudflare_dns_sync.py for automated DNS synchronization
- Update CLOUDFLARE_DNS_BLUEPRINT.md with implementation references

**Environment Variable Documentation:**
- Add ENV_VARS.md with comprehensive variable reference
- Document all services: Railway, GitHub Actions, Cloudflare, local
- Include security best practices and validation scripts
- Add troubleshooting guides and quick-start templates

**GitHub Actions Workflows:**
- Add railway-deploy-template.yml for Railway deployments
- Add frontend-deploy-template.yml for static site deployments
- Add codeql-analysis-template.yml for security scanning
- Add comprehensive-ci-template.yml for complete CI pipeline
- Add .github/dependabot.yml for automated dependency updates

**Frontend Infrastructure:**
- Add infra/frontend/LANDING_PAGE_PLAN.md with detailed implementation plan
- Include page structure, design system, content guidelines
- Document deployment options (GitHub Pages, Railway, Cloudflare Pages)

**Master Orchestration Updates:**
- Update MASTER_ORCHESTRATION_PLAN.md with implementation file references
- Add Phase 1 implementation checklist
- Document immediate, short-term, and medium-term next steps

**Impact:**
This implementation enables:
- Automated DNS management across 10+ domains
- Secure, documented deployment workflows
- Consistent environment configuration
- Automated security scanning and dependency updates
- Clear path to production for landing page

**Next Steps for Operator:**
1. Migrate DNS to Cloudflare using migrate_to_cloudflare.md
2. Configure GitHub and Railway secrets
3. Deploy backend with custom domains
4. Implement landing page using LANDING_PAGE_PLAN.md

Refs: #55 (Master Orchestration Prompt)
2025-11-18 02:51:52 +00:00

579 lines
16 KiB
Markdown
Raw Blame History

# Migrate DNS to Cloudflare - Step-by-Step Guide
**Version:** 1.0
**Date:** 2025-11-18
**For:** Alexa Louise Amundson (Cadillac)
**Time Required:** 30-60 minutes per domain
**Difficulty:** Beginner-friendly
---
## Overview
This guide will walk you through migrating DNS management from GoDaddy to Cloudflare for all BlackRoad domains. This migration will give you:
-**Free SSL certificates** (automatic)
-**CDN** (content delivery network for faster loading)
-**DDoS protection** (automatic security)
-**Better performance** (global anycast network)
-**Advanced features** (Workers, Zero Trust, analytics)
**Important**: You'll keep your domain registered with GoDaddy. We're only moving the DNS management to Cloudflare.
---
## Prerequisites
Before you start, make sure you have:
- [x] Access to your **GoDaddy account** (where domains are registered)
- [x] A **Cloudflare account** (create free at https://cloudflare.com if you don't have one)
- [x] Access to your **Railway account** (to get your app URLs)
- [x] About **30-60 minutes** per domain (can do one at a time)
- [x] Your **iPhone** or computer (both work fine)
---
## Part 1: Get Your Railway App URLs
Before configuring DNS, you need to know your Railway app URLs.
### Step 1.1: Log into Railway
1. Go to https://railway.app
2. Log in with your account
3. Select your **BlackRoad-Operating-System** project
### Step 1.2: Find Your Production Backend URL
1. Click on your **backend** service
2. Click **Settings****Networking**
3. Look for **Public Networking** section
4. You'll see a URL like: `blackroad-os-production.up.railway.app`
5. **Copy this URL** - you'll need it later
**Write it down here:**
```
Production Backend URL: _________________________________
```
### Step 1.3: Find Your Staging Backend URL (if exists)
If you have a staging environment:
1. Select your staging service
2. Repeat the same steps
3. Copy the staging URL
**Write it down here:**
```
Staging Backend URL: _________________________________
```
---
## Part 2: Add Your First Domain to Cloudflare
We'll start with **blackroad.systems** (the main domain). Once you understand the process, you can repeat for other domains.
### Step 2.1: Add Site to Cloudflare
1. Log into **Cloudflare** (https://dash.cloudflare.com)
2. Click **"Add a site"** (big blue button on the right)
3. Enter your domain: `blackroad.systems`
4. Click **"Add site"**
### Step 2.2: Select Free Plan
1. Cloudflare shows you plan options
2. Select **"Free"** plan ($0/month)
3. Click **"Continue"**
### Step 2.3: Review DNS Records
1. Cloudflare automatically **scans** your existing DNS records from GoDaddy
2. You'll see a list of records it found
3. Review them - **don't worry if it doesn't look perfect** yet
4. Click **"Continue"** at the bottom
**Note:** We'll configure the correct DNS records later using `records.yaml`.
### Step 2.4: Get Your Cloudflare Nameservers
This is the most important step!
1. Cloudflare will show you **2 nameservers** like:
```
aaaa.ns.cloudflare.com
bbbb.ns.cloudflare.com
```
(The actual names will be different - they're unique to your account)
2. **Write them down carefully:**
```
Nameserver 1: _________________________________
Nameserver 2: _________________________________
```
3. **Keep this tab open** - you'll come back to it!
---
## Part 3: Update Nameservers at GoDaddy
Now we'll tell GoDaddy to use Cloudflare's nameservers instead of its own.
### Step 3.1: Log into GoDaddy
1. Open a **new tab** (keep Cloudflare tab open)
2. Go to https://godaddy.com
3. Log in with your account
4. Click **"My Domains"** (or go to https://dcc.godaddy.com/manage/domains)
### Step 3.2: Manage Domain Settings
1. Find **blackroad.systems** in your domain list
2. Click the **three dots** (•••) next to it
3. Click **"Manage DNS"**
### Step 3.3: Change Nameservers
1. Scroll down to the **"Nameservers"** section
2. Click **"Change"** button
3. Select **"I'll use my own nameservers"** (or "Custom")
4. You'll see text boxes for nameservers
5. **Enter your Cloudflare nameservers:**
- Nameserver 1: (paste the first Cloudflare nameserver)
- Nameserver 2: (paste the second Cloudflare nameserver)
6. Click **"Save"**
7. GoDaddy will show a warning: *"Changing nameservers will affect your DNS..."*
- This is normal - click **"Continue"** or **"Yes, I'm sure"**
**Important:** DNS propagation can take 5-60 minutes. Usually it's faster (5-15 minutes).
---
## Part 4: Verify DNS is Active in Cloudflare
Now we wait for DNS propagation and verify everything works.
### Step 4.1: Return to Cloudflare Tab
1. Go back to your **Cloudflare tab**
2. After changing nameservers, click **"Done, check nameservers"**
3. Cloudflare will start checking (this can take 5-60 minutes)
### Step 4.2: Wait for "Active" Status
**Option A: Wait for Email**
- Cloudflare will email you when the domain is active
- Subject: "Your site is now active on a Cloudflare Free plan"
**Option B: Check Dashboard**
1. Go to Cloudflare dashboard → Your site
2. Look at the status at the top
3. Wait for it to change from **"Pending"** to **"Active"**
**While you wait:** This is a good time to grab coffee ☕ or work on something else for 15-30 minutes.
### Step 4.3: Verify with DNS Checker
Once Cloudflare shows "Active", verify DNS is working:
1. Go to https://dnschecker.org
2. Enter your domain: `blackroad.systems`
3. Select record type: **CNAME** (or A)
4. Click **"Search"**
5. You should see Cloudflare IPs across different locations
**Green checkmarks** = DNS has propagated in that region 🎉
---
## Part 5: Configure DNS Records
Now that Cloudflare is managing your DNS, let's set up the correct records.
### Step 5.1: Get Your Zone ID
1. In Cloudflare dashboard, select **blackroad.systems**
2. Scroll down on the **Overview** page
3. On the right sidebar, find **"Zone ID"**
4. Click to **copy** it
**Write it down:**
```
Zone ID for blackroad.systems: _________________________________
```
### Step 5.2: Update records.yaml
1. Open `infra/cloudflare/records.yaml` in your code editor
2. Find the `blackroad.systems` section
3. Replace `REPLACE_WITH_ZONE_ID_FROM_CLOUDFLARE` with your actual Zone ID
4. Replace `blackroad-os-production.up.railway.app` with your actual Railway URL (from Part 1)
5. **Save the file**
### Step 5.3: Configure Records Manually (Option A - Browser)
**For each record in `records.yaml`:**
1. Go to Cloudflare → **DNS** → **Records**
2. Click **"Add record"**
3. Fill in:
- **Type**: (e.g., CNAME)
- **Name**: (e.g., @ for root, www for www subdomain)
- **Target**: (e.g., your Railway URL)
- **Proxy status**: Click the cloud icon to make it **orange** (proxied) ✅
- **TTL**: Select **Auto**
4. Click **"Save"**
5. Repeat for all records
**Pro tip:** Delete any old records Cloudflare imported from GoDaddy that you don't need.
### Step 5.4: Configure Records Automatically (Option B - Script)
If you're comfortable with command line:
```bash
# Set your Cloudflare credentials
export CF_API_TOKEN="your-cloudflare-api-token"
export CF_ZONE_ID="your-zone-id"
# Run the sync script
python infra/cloudflare/cloudflare_dns_sync.py
```
See `cloudflare_dns_sync.py` documentation for details.
---
## Part 6: Configure SSL/TLS
Cloudflare provides free SSL certificates, but we need to configure the encryption mode.
### Step 6.1: Set SSL/TLS Mode
1. In Cloudflare dashboard, go to **SSL/TLS** (left menu)
2. Under **Overview**, set encryption mode to:
- **"Full (strict)"** ✅
**Why?** This ensures end-to-end encryption:
- User → Cloudflare: Encrypted with Cloudflare cert
- Cloudflare → Railway: Encrypted with Railway cert
3. Cloudflare saves this automatically
### Step 6.2: Enable Always Use HTTPS
1. Go to **SSL/TLS** → **Edge Certificates**
2. Turn on **"Always Use HTTPS"** ✅
- This redirects all HTTP traffic to HTTPS automatically
3. Turn on **"Automatic HTTPS Rewrites"** ✅
- This fixes mixed content warnings
4. Turn on **"Certificate Transparency Monitoring"** ✅
- This monitors your SSL certificate health
### Step 6.3: Enable HSTS (Optional but Recommended)
1. Scroll down to **"HTTP Strict Transport Security (HSTS)"**
2. Click **"Enable HSTS"**
3. Read the warning, then configure:
- **Max Age**: 6 months (15768000 seconds)
- **Include subdomains**: ✅ Yes
- **Preload**: ❌ No (enable this later when stable)
4. Click **"Next"** → **"I understand"**
**Warning:** HSTS is a security feature that forces browsers to only use HTTPS. Don't enable "Preload" until you're 100% sure SSL is working perfectly.
---
## Part 7: Optimize Performance
Let's configure caching and performance features.
### Step 7.1: Enable Auto Minify
1. Go to **Speed** → **Optimization** (left menu)
2. Under **Auto Minify**, check:
- ✅ JavaScript
- ✅ CSS
- ✅ HTML
3. Cloudflare saves automatically
### Step 7.2: Enable Brotli Compression
1. In the same **Speed** → **Optimization** page
2. Turn on **"Brotli"** ✅
- This compresses your files even more than gzip
### Step 7.3: Set Caching Level
1. Go to **Caching** → **Configuration**
2. Set **Caching Level** to **"Standard"**
3. Set **Browser Cache TTL** to **"Respect Existing Headers"**
- This lets your backend control cache timing
---
## Part 8: Add Custom Domain to Railway
Now we need to tell Railway about your custom domain.
### Step 8.1: Add Custom Domain in Railway
1. Go to **Railway dashboard**
2. Select your **backend** service
3. Go to **Settings** → **Networking**
4. Under **Custom Domains**, click **"Add Domain"**
5. Enter: `os.blackroad.systems`
6. Click **"Add"**
**Railway will:**
- Automatically provision an SSL certificate (via Let's Encrypt)
- Show a green checkmark when ready (usually takes 1-2 minutes)
### Step 8.2: Repeat for Other Subdomains
Add these custom domains to Railway:
- `api.blackroad.systems`
- `prism.blackroad.systems`
**Note:** Each subdomain that points to Railway needs to be added in Railway's custom domains.
---
## Part 9: Test Everything
Let's verify everything is working!
### Step 9.1: Test HTTPS
Open these URLs in your browser (or on your iPhone):
1. https://blackroad.systems
2. https://www.blackroad.systems (should redirect to above)
3. https://os.blackroad.systems
4. https://api.blackroad.systems/health
5. https://docs.blackroad.systems
**Check for:**
- ✅ Green padlock in browser (🔒)
- ✅ Page loads correctly
- ✅ No certificate warnings
### Step 9.2: Test HTTP → HTTPS Redirect
Try loading without HTTPS:
1. http://blackroad.systems (should redirect to https://)
**Should automatically redirect** to HTTPS version.
### Step 9.3: Test DNS Propagation
Use these tools to verify DNS is working globally:
1. **DNS Checker**: https://dnschecker.org
- Enter: `blackroad.systems`
- Should show Cloudflare IPs
2. **Cloudflare DNS Lookup**: https://1.1.1.1/dns/
- Enter: `os.blackroad.systems`
- Should resolve correctly
### Step 9.4: Check Cloudflare Analytics
1. Go to Cloudflare → **Analytics & Logs** → **Traffic**
2. You should start seeing traffic data within a few minutes
3. This confirms traffic is flowing through Cloudflare
---
## Part 10: Repeat for Other Domains
Now that you've done `blackroad.systems`, repeat the same process for:
**Phase 1 Domains** (do these now):
- [ ] `blackroad.ai`
- [ ] `blackroad.network`
- [ ] `blackroad.me`
**Phase 2 Domains** (do these later):
- [ ] `lucidia.earth`
- [ ] `aliceqi.com`
- [ ] `blackroadqi.com`
- [ ] `roadwallet.com`
- [ ] `aliceos.io`
- [ ] `blackroadquantum.com`
**For each domain, follow the same steps:**
1. Part 2: Add domain to Cloudflare
2. Part 3: Update nameservers at GoDaddy
3. Part 4: Wait for "Active" status
4. Part 5: Configure DNS records
5. Part 6: Configure SSL/TLS
6. Part 7: Optimize performance
7. Part 8: Add custom domains to Railway (if needed)
8. Part 9: Test
**Pro tip:** You can start the process for multiple domains in parallel (add them all to Cloudflare and change nameservers), then configure them one at a time while DNS propagates.
---
## Troubleshooting
### DNS Not Resolving
**Problem:** Domain doesn't load after changing nameservers
**Solutions:**
1. **Wait longer** - DNS can take up to 48 hours (usually 5-60 minutes)
2. **Clear your browser cache** - Hard refresh (Cmd+Shift+R on Mac, Ctrl+Shift+R on PC)
3. **Check nameservers** - Go to https://www.whatsmydns.net and enter your domain
4. **Verify at GoDaddy** - Make sure nameservers are saved correctly
### SSL Certificate Error
**Problem:** Browser shows "Not Secure" or certificate warning
**Solutions:**
1. **Check SSL/TLS mode** - Should be "Full (strict)" in Cloudflare
2. **Wait for Railway SSL** - Check Railway dashboard for green checkmark
3. **Check custom domain** - Make sure domain is added in Railway settings
4. **Try incognito mode** - Sometimes browser cache causes issues
### Site Not Loading
**Problem:** Domain resolves but site doesn't load (blank page, 502 error)
**Solutions:**
1. **Check Railway app** - Make sure backend is deployed and healthy
2. **Check Railway logs** - Look for errors: Railway dashboard → Logs
3. **Test Railway URL directly** - Try `your-app.up.railway.app` to isolate issue
4. **Check DNS records** - Make sure CNAME points to correct Railway URL
### Mixed Content Warnings
**Problem:** Page loads but some assets show as insecure (broken padlock)
**Solutions:**
1. **Enable "Automatic HTTPS Rewrites"** - In Cloudflare SSL/TLS settings
2. **Check your code** - Make sure no hard-coded `http://` URLs
3. **Use relative URLs** - In your HTML/JS, use `/api/...` instead of full URLs
### Email Stopped Working
**Problem:** Can't send/receive emails after DNS migration
**Solutions:**
1. **Check MX records** - Make sure they're configured in Cloudflare DNS
2. **MX records must be DNS-only** - Turn OFF proxy (grey cloud) for MX records
3. **Verify SPF/DKIM** - Make sure TXT records for email are present
---
## Getting Help
If you run into issues:
1. **Cloudflare Community**: https://community.cloudflare.com
2. **Railway Discord**: https://discord.gg/railway
3. **Check Cloudflare Status**: https://www.cloudflarestatus.com
4. **Check Railway Status**: https://status.railway.app
**For BlackRoad-specific issues:**
- Open an issue in the repo
- Check `CLAUDE.md` for developer docs
- Review `MASTER_ORCHESTRATION_PLAN.md`
---
## Next Steps
After DNS migration is complete:
- [ ] Set up **Page Rules** for WWW redirects (see Part 11 below)
- [ ] Enable **Web Analytics** in Cloudflare
- [ ] Set up **Firewall Rules** (optional)
- [ ] Configure **Workers** for edge functions (Phase 2)
- [ ] Set up **Cloudflare Access** for zero-trust security (Phase 2)
---
## Part 11: Set Up Page Rules (Optional but Recommended)
Page Rules let you configure special behaviors for specific URLs.
### Step 11.1: Create WWW Redirect Rule
1. Go to Cloudflare → **Rules** → **Page Rules**
2. Click **"Create Page Rule"**
3. Enter URL: `www.blackroad.systems/*`
4. Click **"Add a Setting"** → **"Forwarding URL"**
5. Select **"301 - Permanent Redirect"**
6. Enter destination: `https://blackroad.systems/$1`
7. Click **"Save and Deploy"**
**What this does:** Redirects www.blackroad.systems to blackroad.systems (keeps the path)
### Step 11.2: Bypass API Caching
Create a rule to prevent API responses from being cached:
1. Click **"Create Page Rule"**
2. Enter URL: `*blackroad.systems/api/*`
3. Add settings:
- **Cache Level** → Bypass
- **Disable Performance** (optional)
4. Click **"Save and Deploy"**
**What this does:** Ensures API calls always hit your backend (no stale cached data)
---
## Checklist: Migration Complete
Mark these when done:
- [ ] Domain added to Cloudflare
- [ ] Nameservers updated at GoDaddy
- [ ] DNS status shows "Active" in Cloudflare
- [ ] DNS records configured (from records.yaml)
- [ ] SSL/TLS set to "Full (strict)"
- [ ] "Always Use HTTPS" enabled
- [ ] Auto Minify enabled
- [ ] Brotli compression enabled
- [ ] Custom domains added to Railway
- [ ] HTTPS works (green padlock 🔒)
- [ ] HTTP → HTTPS redirect works
- [ ] WWW → apex redirect works
- [ ] API endpoint responding
- [ ] Docs subdomain works
- [ ] No console errors in browser
- [ ] Cloudflare Analytics showing traffic
---
## Success! 🎉
You've successfully migrated DNS to Cloudflare! Your domains now benefit from:
- ✅ Free SSL certificates
- ✅ CDN (faster loading worldwide)
- ✅ DDoS protection
- ✅ Better security
- ✅ Advanced features ready for Phase 2
**What's next?**
- Move on to Phase 1 infrastructure tasks
- Set up GitHub Actions secrets
- Configure Railway environment variables
- Deploy your first updates through the new infrastructure
**Where AI meets the open road.** 🛣️
Reference in New Issue View Git Blame Copy Permalink