e4d91aadf9
- Full Obsidian vault content - Host configs (ice, grizzley, ubuntu, proxmox, truenas, panda, hyte) - Media stack documentation - Traefik HA setup - Automation scripts - Bachelor party planning
1.6 KiB
1.6 KiB
title, created, updated, type, tags, sources, confidence
| title | created | updated | type | tags | sources | confidence | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cloudflare | 2026-05-24 | 2026-05-24 | entity |
|
|
high |
Cloudflare
Overview
DNS provider and reverse proxy layer for all *.tophermayor.com domains. Handles TLS certificate issuance via DNS challenge on grizzley and ubuntu Traefik instances.
Key Facts
- DNS Zone:
tophermayor.commanaged at Cloudflare - Role: Authoritative DNS for all homelab public-facing services
- Wildcard cert source: grizzley Traefik obtains
*.tophermayor.comcert via Cloudflare DNS challenge - certsync: TLS certs synced from grizzley NFS mount (
/mnt/truenas/traefik-certs/grizzley) → ubuntu via NFS or direct sync
Traefik Integration
Both Traefik instances use certresolver=cloudflare:
# ubuntu Traefik dynamic config
tls:
certresolver: cloudflare
domains:
- main: toophermayor.com
sans:
- "*.tophermayor.com"
grizzley is the primary ACME source; ubuntu obtains certs from the shared NFS mount or via grizzley → ubuntu cert sync pipeline.
DNS Records
| Record | Type | Target | Purpose |
|---|---|---|---|
*.tophermayor.com |
A/CNAME | Traefik ingress | Wildcard for all services |
@.tophermayor.com |
A | Home IP | Bare domain |
traefik.tophermayor.com |
A | 192.168.50.84 | Grizzley edge ingress direct |
Related
- grizzley — runs primary ACME Traefik instance
- traefik — TLS certificate management
- docker-traefik-stack — Traefik configuration patterns