cloudflare
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChinesePlan mode: If you are planning work, this entire skill is ONE plan step: "Invoke /vibes:cloudflare". Do not decompose the steps below into separate plan tasks.
计划模式:如果你正在规划工作,整个技能作为一个计划步骤:「调用 /vibes:cloudflare」。不要将以下步骤拆分为单独的计划任务。
Deploy to Cloudflare
部署到Cloudflare
Deploy your Vibes app to Cloudflare Workers with the subdomain registry.
将你的Vibes应用部署到带有子域名注册功能的Cloudflare Workers。
Prerequisites
前置条件
- Cloudflare account with Workers enabled
- Wrangler CLI installed ()
npm install -g wrangler - KV namespace created for registry storage
- 已启用Workers的Cloudflare账户
- 已安装Wrangler CLI()
npm install -g wrangler - 已创建用于注册存储的KV命名空间
Quick Deploy
快速部署
bash
cd skills/cloudflare/worker
npm install
wrangler deploybash
cd skills/cloudflare/worker
npm install
wrangler deployEnvironment Setup
环境配置
Before deploying, set the required secrets:
bash
cd skills/cloudflare/worker
npx wrangler secret put CLERK_PEM_PUBLIC_KEY
npx wrangler secret put CLERK_WEBHOOK_SECRET部署前,设置所需的密钥:
bash
cd skills/cloudflare/worker
npx wrangler secret put CLERK_PEM_PUBLIC_KEY
npx wrangler secret put CLERK_WEBHOOK_SECRETDeploy Script
部署脚本
For deploying with static assets (index.html, bundles, assets):
bash
node scripts/deploy-cloudflare.js --name myapp --file index.html --clerk-key "pk_test_xxx"The flag auto-fetches the PEM public key from Clerk's JWKS endpoint and sets it as . Without it, the Worker can't verify JWTs for authenticated endpoints like .
--clerk-keyCLERK_PEM_PUBLIC_KEY/claimThis automatically:
- Copies index.html to worker's public/
- Copies bundles/*.js (fireproof-vibes-bridge.js + fireproof-clerk-bundle.js)
- Copies assets/ directory (images, icons)
- Runs wrangler deploy
如需部署包含静态资源(index.html、打包文件、资源)的应用:
bash
node scripts/deploy-cloudflare.js --name myapp --file index.html --clerk-key "pk_test_xxx"--clerk-keyCLERK_PEM_PUBLIC_KEY/claim该脚本会自动执行以下操作:
- 将index.html复制到worker的public/目录
- 复制bundles/*.js文件(fireproof-vibes-bridge.js + fireproof-clerk-bundle.js)
- 复制assets/目录(图片、图标)
- 执行wrangler deploy
Endpoints
端点
| Endpoint | Method | Description |
|---|---|---|
| GET | Public registry read |
| GET | Check subdomain availability |
| POST | Claim a subdomain (auth required) |
| POST | Clerk subscription webhooks |
| POST | AI proxy to OpenRouter (requires OPENROUTER_API_KEY) |
| 端点 | 方法 | 描述 |
|---|---|---|
| GET | 公开注册信息读取 |
| GET | 检查子域名可用性 |
| POST | 认领子域名(需要认证) |
| POST | Clerk订阅Webhook |
| POST | 指向OpenRouter的AI代理(需要OPENROUTER_API_KEY) |
KV Storage
KV存储
The registry is stored in Cloudflare KV under the key . Schema:
registryjson
{
"claims": { "subdomain": { "userId": "...", "claimedAt": "..." } },
"reserved": ["admin", "api", "www"],
"preallocated": {}
}注册信息存储在Cloudflare KV中,键为。数据结构:
registryjson
{
"claims": { "subdomain": { "userId": "...", "claimedAt": "..." } },
"reserved": ["admin", "api", "www"],
"preallocated": {}
}Important: Custom Domain Required for Subdomains
重要提示:子域名需要自定义域名
Workers.dev domains only support one subdomain level for SSL. For multi-tenant
apps with subdomains (tenant.myapp.workers.dev), you MUST use a custom domain.
Won't work: (SSL error)
Will work: (with custom domain)
tenant.myapp.username.workers.devtenant.myapp.comOn workers.dev, use the query parameter for testing:
?subdomain=- → landing page
myapp.username.workers.dev - → tenant app
myapp.username.workers.dev?subdomain=tenant - → admin dashboard
myapp.username.workers.dev?subdomain=admin
Workers.dev域名仅支持一级子域名的SSL证书。对于带有子域名的多租户应用(如tenant.myapp.workers.dev),你必须使用自定义域名。
不可用:(SSL错误)
可用:(使用自定义域名)
tenant.myapp.username.workers.devtenant.myapp.com在workers.dev上,可使用查询参数进行测试:
?subdomain=- → 着陆页
myapp.username.workers.dev - → 租户应用
myapp.username.workers.dev?subdomain=tenant - → 管理后台
myapp.username.workers.dev?subdomain=admin
Custom Domain Setup
自定义域名配置
- Add domain to Cloudflare (get nameservers from Cloudflare DNS dashboard)
- Point registrar nameservers to Cloudflare's assigned nameservers
- Delete conflicting DNS records for the apex domain (A, AAAA, CNAME)
- Add Custom Domain in Workers & Pages → your worker → Settings → Domains & Routes → Add → Custom Domain (apex: yourdomain.com)
- Add wildcard CNAME in DNS: Name: , Target:
*(Proxied: ON)<worker-name>.<username>.workers.dev - Add Route in Workers & Pages → your worker → Settings → Domains & Routes → Add → Route:
*.yourdomain.com/*
After setup:
- → landing page
yourdomain.com - → tenant app
tenant.yourdomain.com - → admin dashboard
admin.yourdomain.com
- 将域名添加到Cloudflare(从Cloudflare DNS控制台获取域名服务器)
- 将注册商的域名服务器指向Cloudflare分配的域名服务器
- 删除 apex 域名的冲突DNS记录(A、AAAA、CNAME)
- 添加自定义域名:在Workers & Pages → 你的worker → 设置 → 域名与路由 → 添加 → 自定义域名(apex:yourdomain.com)
- 添加通配符CNAME记录:在DNS中,名称:,目标:
*(代理:开启)<worker-name>.<username>.workers.dev - 添加路由:在Workers & Pages → 你的worker → 设置 → 域名与路由 → 添加 → 路由:
*.yourdomain.com/*
配置完成后:
- → 着陆页
yourdomain.com - → 租户应用
tenant.yourdomain.com - → 管理后台
admin.yourdomain.com
Required Secrets
所需密钥
| Secret | Source | Purpose |
|---|---|---|
| Clerk JWKS endpoint | JWT signature verification |
| Your domains | JWT azp claim validation |
| Clerk dashboard | Webhook signature verification |
| OpenRouter dashboard | AI proxy for |
Setting secrets:
bash
cd skills/cloudflare/worker
npx wrangler secret put CLERK_PEM_PUBLIC_KEY| 密钥 | 来源 | 用途 |
|---|---|---|
| Clerk JWKS端点 | JWT签名验证 |
| 你的域名 | JWT azp声明验证 |
| Clerk控制台 | Webhook签名验证 |
| OpenRouter控制台 | |
设置密钥:
bash
cd skills/cloudflare/worker
npx wrangler secret put CLERK_PEM_PUBLIC_KEYPaste the PEM key (-----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY-----)
粘贴PEM密钥(-----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY-----)
npx wrangler secret put CLERK_WEBHOOK_SECRET
npx wrangler secret put CLERK_WEBHOOK_SECRET
Paste the webhook signing secret from Clerk dashboard
粘贴Clerk控制台中的Webhook签名密钥
npx wrangler secret put PERMITTED_ORIGINS
npx wrangler secret put PERMITTED_ORIGINS
**Getting CLERK_PEM_PUBLIC_KEY:**
1. Find your Clerk Frontend API URL in Clerk dashboard (e.g., `clerk.yourdomain.com`)
2. Fetch JWKS: `curl https://clerk.yourdomain.com/.well-known/jwks.json`
3. Convert JWK to PEM using Node.js:
```javascript
const crypto = require('crypto');
const jwk = { /* paste the key from jwks.json */ };
const pem = crypto.createPublicKey({ key: jwk, format: 'jwk' }).export({ type: 'spki', format: 'pem' });
console.log(pem);
**获取CLERK_PEM_PUBLIC_KEY:**
1. 在Clerk控制台中找到你的Clerk前端API URL(例如:`clerk.yourdomain.com`)
2. 获取JWKS:`curl https://clerk.yourdomain.com/.well-known/jwks.json`
3. 使用Node.js将JWK转换为PEM:
```javascript
const crypto = require('crypto');
const jwk = { /* 粘贴jwks.json中的密钥 */ };
const pem = crypto.createPublicKey({ key: jwk, format: 'jwk' }).export({ type: 'spki', format: 'pem' });
console.log(pem);Deploy with --name Flag
使用--name参数部署
Always use the flag to deploy to your app's worker:
--namebash
node scripts/deploy-cloudflare.js --name myapp --file index.htmlImportant: The determines the worker URL. Without it, wrangler uses
the name from wrangler.toml (), not your app.
--namevibes-registry请始终使用参数将应用部署到你的worker:
--namebash
node scripts/deploy-cloudflare.js --name myapp --file index.html重要提示:参数决定了worker的URL。如果不使用该参数,wrangler会使用wrangler.toml中的名称(),而不是你的应用名称。
--namevibes-registryAI Features
AI功能
Apps using the hook call on the same origin. The worker proxies these requests to OpenRouter.
useAI()/api/ai/chatDeploy with AI enabled:
bash
node scripts/deploy-cloudflare.js --name myapp --file index.html --clerk-key "pk_test_xxx" --ai-key "sk-or-v1-your-key"The flag sets the secret on the worker after deployment. Without it, returns .
--ai-keyOPENROUTER_API_KEY/api/ai/chat{"error": "AI not configured"}Manual setup:
bash
npx wrangler secret put OPENROUTER_API_KEY --name myapp使用钩子的应用会调用同源的。Worker会将这些请求代理到OpenRouter。
useAI()/api/ai/chat启用AI功能的部署:
bash
node scripts/deploy-cloudflare.js --name myapp --file index.html --clerk-key "pk_test_xxx" --ai-key "sk-or-v1-your-key"--ai-keyOPENROUTER_API_KEY/api/ai/chat{"error": "AI not configured"}手动配置:
bash
npx wrangler secret put OPENROUTER_API_KEY --name myappPaste your OpenRouter API key
粘贴你的OpenRouter API密钥
undefinedundefined