cloudflare
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseCloudflare Management Skill
Cloudflare管理Skill
Created by After Dark Systems, LLC
由After Dark Systems, LLC开发
Overview
概述
This skill provides comprehensive Cloudflare infrastructure management capabilities through the Cloudflare API v4. It enables full control over domains, DNS, security, performance, and serverless deployments.
该Skill通过Cloudflare API v4提供全面的Cloudflare基础设施管理能力,支持对域名、DNS、安全、性能和无服务器部署进行完全控制。
Authentication
身份验证
API credentials are stored at . The file contains:
~/cloudflare_global_key- Global API Key for legacy authentication
- API Token (Bearer token) for modern authentication
Recommended: Use the Bearer token for API calls:
bash
-H "Authorization: Bearer <token>"To verify token validity:
bash
./scripts/cf-api.sh verify-tokenAPI凭据存储在文件中,包含:
~/cloudflare_global_key- 用于传统身份验证的全局API密钥
- 用于现代身份验证的API Token(Bearer令牌)
推荐:使用Bearer令牌进行API调用:
bash
-H "Authorization: Bearer <token>"验证令牌有效性:
bash
./scripts/cf-api.sh verify-tokenAvailable Scripts
可用脚本
All scripts are located in the directory and use the credentials from .
scripts/~/cloudflare_global_key所有脚本位于目录下,使用中的凭据。
scripts/~/cloudflare_global_keyCore API Client
核心API客户端
- cf-api.sh - Base API client with authentication handling
- cf-api.sh - 带有身份验证处理的基础API客户端
Zone Management
区域管理
- zones.sh - List, get, create, and manage zones
- zone-settings.sh - Manage zone-level settings
- zones.sh - 列出、获取、创建和管理区域
- zone-settings.sh - 管理区域级设置
DNS Management
DNS管理
- dns.sh - Full DNS record CRUD operations
- dns-import.sh - Bulk import DNS records
- dns-export.sh - Export DNS records
- dns.sh - 完整的DNS记录增删改查(CRUD)操作
- dns-import.sh - 批量导入DNS记录
- dns-export.sh - 导出DNS记录
Security & Firewall
安全与防火墙
- firewall.sh - Firewall rules management
- waf.sh - Web Application Firewall rules
- rate-limiting.sh - Rate limiting rules
- ip-access.sh - IP access rules (block/allow)
- ssl.sh - SSL/TLS configuration
- firewall.sh - 防火墙规则管理
- waf.sh - Web应用防火墙(WAF)规则
- rate-limiting.sh - 速率限制规则
- ip-access.sh - IP访问规则(阻止/允许)
- ssl.sh - SSL/TLS配置
Performance & Caching
性能与缓存
- cache.sh - Cache purge and settings
- page-rules.sh - Page rules management
- speed.sh - Speed optimizations (minify, polish, etc.)
- cache.sh - 缓存清除与设置
- page-rules.sh - 页面规则管理
- speed.sh - 速度优化(压缩、polish等)
Workers & Pages
Workers与Pages
- workers.sh - Cloudflare Workers management
- pages.sh - Cloudflare Pages projects
- workers.sh - Cloudflare Workers管理
- pages.sh - Cloudflare Pages项目管理
Analytics & Logs
分析与日志
- analytics.sh - Traffic and security analytics
- logs.sh - Enterprise log access
- analytics.sh - 流量与安全分析
- logs.sh - 企业日志访问
Quick Start Examples
快速入门示例
List All Zones
列出所有区域
bash
./scripts/zones.sh listbash
./scripts/zones.sh listGet Zone Details
获取区域详情
bash
./scripts/zones.sh get <zone_id>bash
./scripts/zones.sh get <zone_id>or by domain name
或按域名获取
./scripts/zones.sh get-by-name example.com
undefined./scripts/zones.sh get-by-name example.com
undefinedList DNS Records
列出DNS记录
bash
./scripts/dns.sh list <zone_id>bash
./scripts/dns.sh list <zone_id>Filter by type
按类型筛选
./scripts/dns.sh list <zone_id> --type A
undefined./scripts/dns.sh list <zone_id> --type A
undefinedCreate DNS Record
创建DNS记录
bash
./scripts/dns.sh create <zone_id> \
--type A \
--name subdomain \
--content 192.0.2.1 \
--ttl 3600 \
--proxied truebash
./scripts/dns.sh create <zone_id> \
--type A \
--name subdomain \
--content 192.0.2.1 \
--ttl 3600 \
--proxied trueUpdate DNS Record
更新DNS记录
bash
./scripts/dns.sh update <zone_id> <record_id> \
--content 192.0.2.2 \
--ttl 1800bash
./scripts/dns.sh update <zone_id> <record_id> \
--content 192.0.2.2 \
--ttl 1800Delete DNS Record
删除DNS记录
bash
./scripts/dns.sh delete <zone_id> <record_id>bash
./scripts/dns.sh delete <zone_id> <record_id>Purge Cache
清除缓存
bash
undefinedbash
undefinedPurge everything
清除所有缓存
./scripts/cache.sh purge-all <zone_id>
./scripts/cache.sh purge-all <zone_id>
Purge specific URLs
清除特定URL的缓存
./scripts/cache.sh purge-urls <zone_id> "https://example.com/page1" "https://example.com/page2"
./scripts/cache.sh purge-urls <zone_id> "https://example.com/page1" "https://example.com/page2"
Purge by cache tags
按缓存标签清除
./scripts/cache.sh purge-tags <zone_id> tag1 tag2
undefined./scripts/cache.sh purge-tags <zone_id> tag1 tag2
undefinedSSL/TLS Settings
SSL/TLS设置
bash
undefinedbash
undefinedGet current SSL mode
获取当前SSL模式
./scripts/ssl.sh get-mode <zone_id>
./scripts/ssl.sh get-mode <zone_id>
Set SSL mode (off, flexible, full, strict)
设置SSL模式(off、flexible、full、strict)
./scripts/ssl.sh set-mode <zone_id> strict
undefined./scripts/ssl.sh set-mode <zone_id> strict
undefinedFirewall Rules
防火墙规则
bash
undefinedbash
undefinedList firewall rules
列出防火墙规则
./scripts/firewall.sh list <zone_id>
./scripts/firewall.sh list <zone_id>
Block an IP
阻止某个IP
./scripts/ip-access.sh block <zone_id> 192.0.2.100 "Suspicious activity"
./scripts/ip-access.sh block <zone_id> 192.0.2.100 "可疑活动"
Allow an IP
允许某个IP
./scripts/ip-access.sh allow <zone_id> 192.0.2.50 "Trusted server"
undefined./scripts/ip-access.sh allow <zone_id> 192.0.2.50 "可信服务器"
undefinedWorkers
Workers
bash
undefinedbash
undefinedList workers
列出Workers
./scripts/workers.sh list
./scripts/workers.sh list
Deploy a worker
部署Worker
./scripts/workers.sh deploy <script_name> <script_file>
./scripts/workers.sh deploy <script_name> <script_file>
Delete a worker
删除Worker
./scripts/workers.sh delete <script_name>
undefined./scripts/workers.sh delete <script_name>
undefinedCommon Workflows
常见工作流
Setting Up a New Domain
配置新域名
- Add the zone:
bash
./scripts/zones.sh create example.com- Get the zone ID:
bash
ZONE_ID=$(./scripts/zones.sh get-by-name example.com --id-only)- Add required DNS records:
bash
./scripts/dns.sh create $ZONE_ID --type A --name @ --content 192.0.2.1 --proxied true
./scripts/dns.sh create $ZONE_ID --type CNAME --name www --content example.com --proxied true
./scripts/dns.sh create $ZONE_ID --type MX --name @ --content mail.example.com --priority 10- Configure SSL:
bash
./scripts/ssl.sh set-mode $ZONE_ID strict- 添加区域:
bash
./scripts/zones.sh create example.com- 获取区域ID:
bash
ZONE_ID=$(./scripts/zones.sh get-by-name example.com --id-only)- 添加所需DNS记录:
bash
./scripts/dns.sh create $ZONE_ID --type A --name @ --content 192.0.2.1 --proxied true
./scripts/dns.sh create $ZONE_ID --type CNAME --name www --content example.com --proxied true
./scripts/dns.sh create $ZONE_ID --type MX --name @ --content mail.example.com --priority 10- 配置SSL:
bash
./scripts/ssl.sh set-mode $ZONE_ID strictMigrating DNS from Another Provider
从其他服务商迁移DNS
- Export current records from the source provider
- Import to Cloudflare:
bash
./scripts/dns-import.sh <zone_id> records.txt- 从源服务商导出当前记录
- 导入到Cloudflare:
bash
./scripts/dns-import.sh <zone_id> records.txtEmergency: Block Attack Traffic
紧急情况:阻止攻击流量
bash
undefinedbash
undefinedBlock specific IP
阻止特定IP
./scripts/ip-access.sh block <zone_id> <attacker_ip> "Attack mitigation"
./scripts/ip-access.sh block <zone_id> <attacker_ip> "缓解攻击"
Enable Under Attack Mode
启用攻击模式
./scripts/zone-settings.sh set <zone_id> security_level under_attack
./scripts/zone-settings.sh set <zone_id> security_level under_attack
Purge cache if compromised content was cached
若缓存了受篡改的内容,清除所有缓存
./scripts/cache.sh purge-all <zone_id>
undefined./scripts/cache.sh purge-all <zone_id>
undefinedAPI Reference
API参考
See for complete Cloudflare API v4 documentation including:
reference.md- All available endpoints
- Request/response formats
- Error codes and handling
- Rate limiting information
查看获取完整的Cloudflare API v4文档,包括:
reference.md- 所有可用端点
- 请求/响应格式
- 错误代码与处理
- 速率限制信息
Templates
模板
The directory contains JSON templates for common operations:
templates/- - Common DNS record configurations
dns-records.json - - Firewall rule templates
firewall-rules.json - - Page rule templates
page-rules.json - - Worker configuration template
worker-config.json
templates/- - 常见DNS记录配置
dns-records.json - - 防火墙规则模板
firewall-rules.json - - 页面规则模板
page-rules.json - - Worker配置模板
worker-config.json
Error Handling
错误处理
All scripts return appropriate exit codes:
- 0: Success
- 1: API error (check stderr for details)
- 2: Invalid arguments
- 3: Authentication error
- 4: Resource not found
Error responses include the Cloudflare error code and message for debugging.
所有脚本返回相应的退出码:
- 0:成功
- 1:API错误(查看stderr获取详情)
- 2:参数无效
- 3:身份验证错误
- 4:资源未找到
错误响应包含Cloudflare错误代码和消息,便于调试。
Best Practices
最佳实践
- Always use proxied records when possible for DDoS protection
- Use strict SSL mode for full end-to-end encryption
- Set appropriate TTLs - shorter for dynamic content, longer for static
- Test firewall rules in log mode before enforcing
- Use API tokens with minimal required permissions
- Cache aggressively but purge when content changes
- Monitor analytics for unusual traffic patterns
- 尽可能使用代理记录以获得DDoS保护
- 使用严格SSL模式实现端到端加密
- 设置合适的TTL - 动态内容用较短TTL,静态内容用较长TTL
- 在日志模式下测试防火墙规则后再启用强制生效
- 使用API令牌并分配最小必要权限
- 积极缓存但在内容变更时及时清除缓存
- 监控分析数据以发现异常流量模式
Support
支持
For issues with this skill, contact After Dark Systems, LLC.
For Cloudflare API documentation: https://developers.cloudflare.com/api/
若该Skill出现问题,请联系After Dark Systems, LLC。
Cloudflare API文档:https://developers.cloudflare.com/api/