Cloudflare Architecture
Cloudflare DNS
Cloudflare DNS hosts the authoritative dlongglobal.org zone and routes named subdomains to managed runtimes.
Key characteristics: - explicit host records (no wildcard dependency) - proxied edge traffic where applicable - custom-domain mapping for Pages-backed hosts
Cloudflare Pages
Cloudflare Pages serves the static MkDocs surfaces:
- dlongglobal-docs-site -> docs.dlongglobal.org
- dlongglobal-knowledge-site -> knowledge.dlongglobal.org
Pages provides build/deploy execution and edge delivery for documentation content.
Cloudflare Workers
Cloudflare Workers is reserved for backend/API workloads and control-plane logic.
Current architectural role: - isolate API and automation logic from static documentation surfaces - keep privileged runtime behavior out of browser-only deployments
Cloudflare Access (Zero Trust)
Both documentation surfaces are Access-protected with application-level policies.
Policy model:
- explicit ALLOW for approved identity (tim@dlongglobal.com)
- explicit DENY for everyone else
- unauthenticated users are challenged before origin/site content is reachable
Internal Surface Protection Model
Protection is layered: 1. DNS and proxy routing at Cloudflare edge 2. Access identity gate on each protected hostname 3. minimal static surface exposure in Pages 4. backend logic isolated to worker-controlled paths
This keeps operational and knowledge surfaces internal-only by default.
Version History
| Version | Date | Change | Author |
|---|---|---|---|
| 1.0 | 2026-03-06 | Initial Cloudflare architecture document | Codex |