Cloudflare DNS Setup Guide

Prerequisites

• You have successfully created a Cloudflare account.
• You have added both thephenom.app and the-phenom.app as sites in your Cloudflare account.
• You have updated the nameservers for both domains at their respective registrars to point to Cloudflare.
• You have initiated the AWS WorkMail setup and have the required DNS verification records (TXT/CNAME) and MX records provided by AWS. (See the AWS WorkMail Setup Guide).

Accessing DNS Settings in Cloudflare

1. Log in to your Cloudflare dashboard.
2. Select the domain you want to configure (e.g., thephenom.app) from the dropdown menu or the main dashboard.
3. Click on the “DNS” icon in the left-hand sidebar. This will take you to the DNS records management page for the selected domain.
4. You will need to repeat the relevant steps below for both thephenom.app and the-phenom.app where applicable (specifically for WorkMail).

0. Redirect the-phenom.app to thephenom.app

Before configuring specific services, set up the-phenom.app to redirect all traffic to thephenom.app. This ensures users always land on the primary domain.

A. Configure DNS for the-phenom.app:

1. Log in to Cloudflare and select the the-phenom.app domain.
2. Go to the “DNS” section.
3. Ensure you have at least one proxied DNS record for the root domain (@) and the www subdomain. This is necessary for Cloudflare redirect rules to work correctly. If you don’t have a real server for this domain, you can use dummy records:
   • Click “+ Add record”.
     • Type: AAAA
     • Name: @
     • IPv6 address: 2001:db8::1 (This is an address reserved for documentation)
     • Proxy status: Proxied (orange cloud)
     • Click “Save”.
   • Click “+ Add record”.
     • Type: AAAA
     • Name: www
     • IPv6 address: 2001:db8::1
     • Proxy status: Proxied (orange cloud)
     • Click “Save”.
   • (Note: If you already have A/AAAA/CNAME records for @ and www pointing elsewhere, ensure they are set to “Proxied”)

B. Create Redirect Rule for the-phenom.app:

1. While still managing the-phenom.app in Cloudflare, go to “Rules” > “Redirect Rules” in the left sidebar.
2. Click “Create rule”.
3. Rule name: Enter something descriptive, like Redirect all to thephenom.app.
4. When incoming requests match…
   • Select Field: Hostname
   • Select Operator: equals
   • Value: the-phenom.app
   • Click “Or”.
   • Select Field: Hostname
   • Select Operator: equals
   • Value: www.the-phenom.app
5. Then…
   • Type: Select Dynamic.
   • Expression: concat("https://thephenom.app", http.request.uri.path)
   • Status code: Select 301 (Permanent Redirect).
   • Check Preserve query string.
6. Click “Deploy”.

This rule will now catch any request to http(s)://the-phenom.app/* or http(s)://www.the-phenom.app/* and redirect it to https://thephenom.app/*, keeping the original path.

2. AWS WorkMail DNS Records

These records are essential for verifying domain ownership with AWS and directing email flow to WorkMail servers. You must obtain the specific values for these records from your AWS WorkMail console during the domain setup process.

For thephenom.app (Repeat for the-phenom.app):

1. Domain Verification Record (TXT or CNAME):
   • Click “+ Add record”.
   • Type: Select TXT or CNAME as specified by AWS WorkMail.
   • Name: Enter the hostname specified by AWS (often @ for the root domain, or a specific subdomain like _domainkey).
   • Content/Target: Paste the exact value provided by AWS WorkMail (e.g., a long string for TXT, or a target hostname for CNAME).
   • TTL: Leave as “Auto”.
   • Proxy status: Ensure this is set to “DNS only” (grey cloud) for verification records unless AWS specifies otherwise.
   • Click “Save”.
2. MX (Mail Exchanger) Records:
   • Important: Delete any pre-existing MX records if WorkMail will be the sole email provider for this domain.
   • Click “+ Add record”.
   • Type: Select MX.
   • Name: Enter @ (represents the root domain thephenom.app).
   • Mail server: Enter the mail server hostname provided by AWS WorkMail (e.g., inbound-smtp.us-east-1.amazonaws.com).
   • Priority: Enter the priority number specified by AWS (e.g., 10).
   • TTL: Leave as “Auto”.
   • Click “Save”.
   • Repeat if AWS provides a second MX record with a different priority.
3. Autodiscover Record (CNAME - Recommended): WorkMail often uses an autodiscover record to help email clients configure automatically.
   • Click “+ Add record”.
   • Type: Select CNAME.
   • Name: Enter autodiscover.
   • Target: Enter the autodiscover hostname provided by AWS (e.g., autodiscover.us-east-1.amazonaws.com).
   • TTL: Leave as “Auto”.
   • Proxy status: Set to “DNS only” (grey cloud).
   • Click “Save”.

Remember to add these records for BOTH thephenom.app AND the-phenom.app in their respective Cloudflare DNS zones.

3. Marketing Page (www.thephenom.app)

Assuming this will be hosted on Cloudflare Pages:

1. Navigate to the DNS settings for thephenom.app.
2. Click “+ Add record”.
3. Type: Select CNAME.
4. Name: Enter www.
5. Target: Enter the target provided by Cloudflare Pages (e.g., your unique *.pages.dev URL) OR the root domain (thephenom.app) if you want www to point to the same place as the root. Alternatively, if Cloudflare Pages manages this automatically, this record might already exist or be managed elsewhere in the Cloudflare dashboard. Consult Cloudflare Pages documentation if unsure.
6. Proxy status: Ensure this is “Proxied” (orange cloud) to benefit from Cloudflare’s features.
7. Click “Save”.

4. Documentation (ext-docs.thephenom.app)

1. Navigate to the DNS settings for thephenom.app.
2. Click “+ Add record”.
3. Type: Select CNAME (if pointing to another hostname) or A (if pointing directly to an IP address).
4. Name: Enter ext-docs.
5. Target/Content: Enter the hostname or IP address where the documentation site is hosted. Replace YOUR_DOCS_HOSTING_TARGET with the actual value.
   • Example CNAME Target: some-hosting-service.com
   • Example A Record Content: 192.0.2.1
6. Proxy status: Usually “Proxied” (orange cloud) is recommended.
7. Click “Save”.

5. User Guide (docs.thephenom.app)

1. Navigate to the DNS settings for thephenom.app.
2. Click “+ Add record”.
3. Type: CNAME or A.
4. Name: Enter docs.
5. Target/Content: Enter the hostname or IP address where the user guide site is hosted. Replace YOUR_USERGUIDE_HOSTING_TARGET with the actual value.
6. Proxy status: Usually “Proxied” (orange cloud).
7. Click “Save”.

6. Admin Interface (nest.thephenom.app)

1. Navigate to the DNS settings for thephenom.app.
2. Click “+ Add record”.
3. Type: CNAME or A.
4. Name: Enter nest.
5. Target/Content: Enter the hostname or IP address where the admin interface is hosted. Replace YOUR_ADMIN_HOSTING_TARGET with the actual value.
6. Proxy status: Decide based on security needs. “Proxied” (orange cloud) adds Cloudflare protection, but ensure your application supports it. “DNS only” might be needed in some cases.
7. Click “Save”.

7. Backend Service (barn.thephenom.app)

1. Navigate to the DNS settings for thephenom.app.
2. Click “+ Add record”.
3. Type: CNAME or A.
4. Name: Enter barn.
5. Target/Content: Enter the hostname or IP address where the backend service is hosted. Replace YOUR_BACKEND_HOSTING_TARGET with the actual value.
6. Proxy status: Often set to “DNS only” (grey cloud) for backend APIs/services to avoid potential issues with Cloudflare’s proxy, unless you specifically need Cloudflare features like WAF or caching for the API endpoint. Consult your backend requirements.
7. Click “Save”.

Final Notes

• Placeholders: Remember to replace placeholders like YOUR_DOCS_HOSTING_TARGET with the actual IP addresses or hostnames provided by your hosting services or infrastructure setup.
• Propagation: DNS changes can take time to propagate globally, although Cloudflare updates are typically very fast (often within minutes).
• Proxy Status: The orange cloud (Proxied) routes traffic through Cloudflare, offering security and performance benefits. The grey cloud (DNS Only) bypasses Cloudflare’s proxy. Choose appropriately based on the service type. Verification records (TXT, some CNAMEs, MX) should always be “DNS Only”.