Skip to content

Cloudflare Overview, DNS, and Pages

VIDEO TRANSCRIPT | Recorded: 2025-12-16 | Verify against current system state

Abstract

This session covers the first half of Cloudflare administration, focusing on organizational setup, billing management, DNS record configuration, and Cloudflare Pages deployment. Jeff demonstrates how to log in as IT support for administrative access, manage subscription plans across domains, configure SPF records for email deliverability, set up email routing for testing environments, and deploy static websites using Cloudflare Pages connected to GitHub repositories.

Key Procedures

  • Log into Cloudflare as IT support account (credentials in 1Password) for full organizational access including billing
  • Check billable usage notifications weekly: Organization level → Billing → Billable Usage to monitor usage spikes
  • Domain subscription tiers: Free (not shown in billing), Pro (\(), Business (\)$) - amp.org is on Business plan, ampqa.com is on Pro
  • Configure IP lists: Organization → Configurations → Lists - create reusable IP lists (Plusify IPs, Office IPs, Mighty Citizen IPs) for Zero Trust rules
  • Add DNS records with Orange Cloud (proxy) enabled for DDoS protection and page rules - some services require proxy disabled (e.g., store.amp.org)
  • Use comments and tags on DNS entries to document purpose and group related entries (e.g., tag "Salesforce" for all SF-related records)
  • SPF record management: Maintain history in GitHub repository (AMPIT → SPF repository) - commit changes with explanations
  • SPF 10-include limit workaround: Use nested includes where each can have up to 10 entries
  • CNAME records for email: Set up vendor CNAMEs (SendGrid, RhythmQ) to delegate SPF handling to third parties
  • Email routing for UAT: Email → Email Routing → Catch-all rule forwards all @ampuat.com to qatesting@amp.org
  • Cloudflare Pages deployment: Organization → Storage, Compute and AI → Workers and Pages → Connect GitHub repository
  • Pages custom domains: Configure both production (rise.amp.org) and preview (rise.ampqa.com) environments
  • Cache purge: Domain → Configure Caching → Custom Purge by URL or hostname (avoid "Purge Everything" which clears all subdomains)
  • Browser cache TTL set to 8 days for static content

Notable Statements

  • 0:00:23 "Cloudflare has a lot of features and functionality that we have come to rely on day to day. Initially it started out as a way to have all of our DNS entries in one place."
  • 0:07:04 "We own a lot of domains... they live on GoDaddy for the most part. The ones where we have active applications are listed here [in Cloudflare]."
  • 0:15:01 "If you have more than 10 includes or 10 entries in this main SPF list, it's going to start ignoring them."
  • 0:16:50 "This is so important that I keep a GitHub repository of all the SPF changes... if something starts going wrong, I can look back through these commits."
  • 0:23:40 "Cloudflare Pages allows you to create static websites... you're not deploying it to one of our Aptify Cloud servers or Azure servers."
  • 0:31:04 "Sometimes when you push these sites to production... you need to go in and clear the cache in Cloudflare or else the cache is pretty sticky."

Systems & Configurations

Systems Mentioned

  • Cloudflare (CDN, DNS, Pages, Email Routing)
  • GitHub (repository hosting, Cloudflare Pages integration)
  • 1Password (credential storage)
  • GoDaddy / Network Solutions (domain registration)
  • SendGrid (email delivery)
  • RhythmQ (email delivery)
  • CraftCMS (website)
  • Google Analytics
  • Facebook Pixel

Specific Configurations

Item Value/Setting Timestamp Notes
Browser Cache TTL 8 days 0:35:24 Could be up to 1 year
amp.org plan Business 0:04:20 Highest tier with full features
ampqa.com plan Pro 0:04:10 Mid-tier plan
SPF include limit 10 entries 0:15:01 Use nested includes to exceed
UAT email catch-all qatesting@amp.org 0:21:04 All @ampuat.com forwards here
RISE production domain rise.amp.org 0:33:44 Static HTML learning tool
RISE QA domain rise.ampqa.com 0:33:44 Preview environment

Credentials/Access Mentioned

  • IT Support Cloudflare account (1Password - dev team list)
  • IT Support account required for organizational-level settings (billing, member management)
  • Individual accounts have limited visibility compared to IT Support
  • Passkey configured for IT Support account (also in 1Password)

Errors & Troubleshooting

  • Issue: Orange Cloud proxy causes problems for certain services
  • Cause: Some third-party integrations don't work with Cloudflare proxy
  • Resolution: Disable proxy (gray cloud) for affected subdomains like store.amp.org

  • Timestamp: 0:12:40

  • Issue: SPF record failures causing email spam classification

  • Cause: Incorrect SPF syntax, spacing errors, or exceeding 10-include limit
  • Resolution: Review SPF record carefully, use GitHub history to track changes, use nested includes

  • Timestamp: 0:16:11

  • Issue: Static site changes not visible after deployment

  • Cause: CDN cache not refreshed
  • Resolution: Cloudflare → Configure Caching → Custom Purge by hostname or URL
  • Timestamp: 0:34:11

Transcript Gaps & Quality Notes

  • Recording is from a live Teams meeting with multiple participants
  • Some visual references to Cloudflare UI that require watching video to follow along
  • Part 1 of 2 - security features, Zero Trust, and R2 storage covered in Part 2
  • Presenter: Jeff Sikes with questions from Erin Korstad, Sreeni Reddy, Matt Mackowski, Wil Gist, Sushmita Sharma
  • Duration: ~39 minutes
  • Audio quality: Good, clear speaker identification