kenpat/kitestacks-homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
kitestacks-homelab/homelab-mastery/build-guide/with-ai/02-dns-and-cloudflare.md
kenpat 1e8319ee75 docs: comprehensive homelab-mastery rewrite with full build guides 
Complete documentation suite for KiteStacks covering all 11 services across
2-host active-active architecture. Includes beginner track (with AI, 8 files)
and advanced track (without AI, 7 files) with time estimates, real troubleshooting
cases, and command-by-command explanations. Updates certifications roadmap to
reflect July 7 2026 A+ Core 2 exam goal.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19 01:08:43 -05:00

4.9 KiB
Raw Blame History

Step 2 — DNS and Cloudflare Setup

Track: With AI (Beginner)
Time for this step: 12 hours

In this step you will set up Cloudflare so your domain points to Cloudflare's servers, and you will create the Cloudflare Tunnel that allows the internet to reach your home computer without exposing your home IP address.

What Is Happening Here?

When someone types www.kitestacks.com into a browser, their computer asks a system called DNS: "What is the IP address for kitestacks.com?"

Normally, that answer would be your home IP address. But we do NOT want that — your home IP could change, could be targeted by attackers, or could be blocked by your ISP.

Instead, the DNS answer will be Cloudflare's IP address. Traffic goes to Cloudflare, Cloudflare sends it to your computer through a tunnel, and your home IP is never involved.

Ask your AI: "Can you explain in simple terms how Cloudflare Tunnel works?"

Step 2A — Add Your Domain to Cloudflare

If you bought your domain from Cloudflare Registrar, skip to Step 2B.

If you bought it elsewhere (Namecheap, GoDaddy, etc.):

  1. Log in to Cloudflare at cloudflare.com
  2. Click "Add a site"
  3. Enter your domain name
  4. Choose the Free plan
  5. Cloudflare will give you two nameserver addresses (like vera.ns.cloudflare.com)
  6. Go to your domain registrar's website and replace the nameservers with Cloudflare's

Ask your AI: "How do I change nameservers on [your registrar]?"

It can take up to 24 hours for nameserver changes to propagate worldwide, but usually it happens within an hour.

Step 2B — Create Your Cloudflare Tunnel

A Cloudflare Tunnel is the invisible connection between your home computer and Cloudflare. Your home computer reaches out to Cloudflare (outbound connection). Cloudflare holds that connection open. When someone visits your website, Cloudflare sends the request back through that existing connection. Your home router never needs to be configured.

To create a tunnel:

  1. In your Cloudflare dashboard, go to: Zero Trust → Networks → Tunnels
  2. Click "Create a tunnel"
  3. Choose "Cloudflared" as the connector type
  4. Name your tunnel (e.g., kitestacks-tunnel)
  5. Cloudflare will show you a token — a long string of characters starting with eyJ
  6. Save this token somewhere safe — you will need it in Step 3

Step 2C — Add Public Hostnames to the Tunnel

A public hostname tells Cloudflare: "When someone visits this URL, send the traffic to this container on my home computer."

You will set up hostnames for all eleven of your services. For each one:

  1. In the tunnel settings, click "Public Hostnames"
  2. Click "Add a public hostname"

Add all of these (you will complete the services in later steps, but adding the hostnames now means they are ready):

Subdomain Domain Service URL
www yourdomain.com http://homepage:3000 www.yourdomain.com
auth yourdomain.com http://authentik:9000 auth.yourdomain.com
gitforge yourdomain.com http://forgejo:3000 gitforge.yourdomain.com
ai yourdomain.com http://kite-openwebui:8080 ai.yourdomain.com
links yourdomain.com http://karakeep:3000 links.yourdomain.com
kavita yourdomain.com http://kavita:5000 kavita.yourdomain.com
grafana yourdomain.com http://grafana:3000 grafana.yourdomain.com
status yourdomain.com http://uptime-kuma:3001 status.yourdomain.com
wiki yourdomain.com http://bookstack:80 wiki.yourdomain.com
tasks yourdomain.com http://osticket-app:80 tasks.yourdomain.com
portainer yourdomain.com https://portainer:9443 portainer.yourdomain.com

For the portainer entry, enable "No TLS Verify" (Portainer uses its own self-signed certificate internally).

Replace yourdomain.com with your actual domain throughout.

Ask your AI: "What does the 'service' field in a Cloudflare Tunnel hostname mean? Why do I use http://homepage:3000 instead of an IP address?"

Step 2D — Create the Docker Network

Everything in this homelab runs in Docker (covered in the next step), and all the containers need to be able to talk to each other and to the Cloudflare connector. They do this by being on the same Docker network.

On your home computer, run:

docker network create kitestacks

You will also do this on your cloud VPS in a later step.

Ask your AI: "What is a Docker network and why do all containers need to be on the same one?"

Checkpoint

Before moving to Step 3, make sure:

  • Your domain is on Cloudflare (nameservers changed or bought from Cloudflare)
  • You created a Cloudflare Tunnel and saved the tunnel token
  • You added all 11 public hostnames to the tunnel
  • You ran docker network create kitestacks on your home computer

Next: Step 3 — Installing Docker