This page documents the initial deployment of the cloud instance and the configuration of the external network layer using Cloudflare.
The primary compute instance is hosted on OCI using an Ampere A1 (ARM) or AMD instance with Ubuntu Server.
Key Steps in OCI Console:
Internal Firewall Adjustment: Since Ubuntu on OCI comes with pre-configured iptables rules, they were updated to allow web traffic:
# Allow HTTP and HTTPS through the local iptables sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 443 -j ACCEPT # Save the rules persistent sudo netfilter-persistent save
Cloudflare is used as the DNS provider and as a security proxy to hide the origin server's IP address.
DNS Configuration:
SSL/TLS Settings:
Once the DNS propagation was complete, the connection was verified using the terminal to ensure the Cloudflare IP is being returned instead of the real server IP.
# Check DNS resolution nslookup your-domain.com # Verify that the web server is responding via Cloudflare curl -I https://your-domain.com
By using this hybrid setup:
1. **IP Masking:** Attackers cannot see the real IP of the Oracle instance. 2. **DDoS Protection:** Cloudflare automatically mitigates volumetric attacks before they reach the server. 3. **WAF:** Basic firewall rules at the edge block common malicious patterns.