Source from repo

Cloudflare Platform Skill

Comprehensive Cloudflare platform skill covering Workers, D1, R2, KV, AI, Durable Objects, and security.

cloudflareGitHub cloudflareSource repo Original GitHub link Publisher page

Files

321

Skill

n/a

Size

1.4 MB

Entrypoint

SKILL.md

Format

git-repo

Open file

references/spectrum/configuration.md

Syntax-highlighted preview of this file as included in the skill package.

Rendered Source

markdown195 linesFree

references/spectrum/configuration.md

1## Origin Types
2 
3### Direct IP Origin
4 
5Use when origin is a single server with static IP.
6 
7**TypeScript SDK:**
8```typescript
9const app = await client.spectrum.apps.create({
10  zone_id: 'your-zone-id',
11  protocol: 'tcp/22',
12  dns: { type: 'CNAME', name: 'ssh.example.com' },
13  origin_direct: ['tcp://192.0.2.1:22'],
14  ip_firewall: true,
15  tls: 'off',
16});
17```
18 
19**Terraform:**
20```hcl
21resource "cloudflare_spectrum_application" "ssh" {
22  zone_id  = var.zone_id
23  protocol = "tcp/22"
24 
25  dns {
26    type = "CNAME"
27    name = "ssh.example.com"
28  }
29 
30  origin_direct      = ["tcp://192.0.2.1:22"]
31  ip_firewall        = true
32  tls                = "off"
33  argo_smart_routing = true
34}
35```
36 
37### CNAME Origin
38 
39Use when origin is a hostname (not static IP). Spectrum resolves DNS dynamically.
40 
41**TypeScript SDK:**
42```typescript
43const app = await client.spectrum.apps.create({
44  zone_id: 'your-zone-id',
45  protocol: 'tcp/3306',
46  dns: { type: 'CNAME', name: 'db.example.com' },
47  origin_dns: { name: 'db-primary.internal.example.com' },
48  origin_port: 3306,
49  tls: 'full',
50});
51```
52 
53**Terraform:**
54```hcl
55resource "cloudflare_spectrum_application" "database" {
56  zone_id  = var.zone_id
57  protocol = "tcp/3306"
58 
59  dns {
60    type = "CNAME"
61    name = "db.example.com"
62  }
63 
64  origin_dns {
65    name = "db-primary.internal.example.com"
66  }
67 
68  origin_port        = 3306
69  tls                = "full"
70  argo_smart_routing = true
71}
72```
73 
74### Load Balancer Origin
75 
76Use for high availability and failover.
77 
78**Terraform:**
79```hcl
80resource "cloudflare_load_balancer" "game_lb" {
81  zone_id          = var.zone_id
82  name             = "game-lb.example.com"
83  default_pool_ids = [cloudflare_load_balancer_pool.game_pool.id]
84}
85 
86resource "cloudflare_load_balancer_pool" "game_pool" {
87  name    = "game-primary"
88  origins { name = "game-1"; address = "192.0.2.1" }
89  monitor = cloudflare_load_balancer_monitor.tcp_monitor.id
90}
91 
92resource "cloudflare_load_balancer_monitor" "tcp_monitor" {
93  type = "tcp"; port = 25565; interval = 60; timeout = 5
94}
95 
96resource "cloudflare_spectrum_application" "game" {
97  zone_id  = var.zone_id
98  protocol = "tcp/25565"
99  dns { type = "CNAME"; name = "game.example.com" }
100  origin_dns { name = cloudflare_load_balancer.game_lb.name }
101  origin_port = 25565
102}
103```
104 
105## TLS Configuration
106 
107| Mode | Description | Use Case | Origin Cert |
108|------|-------------|----------|-------------|
109| `off` | No TLS | Non-encrypted (SSH, gaming) | No |
110| `flexible` | TLS client→CF, plain CF→origin | Testing | No |
111| `full` | TLS end-to-end, self-signed OK | Production | Yes (any) |
112| `strict` | Full + valid cert verification | Max security | Yes (CA) |
113 
114**Example:**
115```typescript
116const app = await client.spectrum.apps.create({
117  zone_id: 'your-zone-id',
118  protocol: 'tcp/3306',
119  dns: { type: 'CNAME', name: 'db.example.com' },
120  origin_direct: ['tcp://192.0.2.1:3306'],
121  tls: 'strict',  // Validates origin certificate
122});
123```
124 
125## Proxy Protocol
126 
127Forwards real client IP to origin. Origin must support parsing.
128 
129| Version | Protocol | Use Case |
130|---------|----------|----------|
131| `off` | - | Origin doesn't need client IP |
132| `v1` | TCP | Most TCP apps (SSH, databases) |
133| `v2` | TCP | High-performance TCP |
134| `simple` | UDP | UDP applications |
135 
136**Compatibility:**
137- **v1**: HAProxy, nginx, SSH, most databases
138- **v2**: HAProxy 1.5+, nginx 1.11+
139- **simple**: Cloudflare-specific UDP format
140 
141**Enable:**
142```typescript
143const app = await client.spectrum.apps.create({
144  // ...
145  proxy_protocol: 'v1',  // Origin must parse PROXY header
146});
147```
148 
149**Origin Config (nginx):**
150```nginx
151stream {
152    server {
153        listen 22 proxy_protocol;
154        proxy_pass backend:22;
155    }
156}
157```
158 
159## IP Access Rules
160 
161Enable `ip_firewall: true` then configure zone-level firewall rules.
162 
163```typescript
164const app = await client.spectrum.apps.create({
165  // ...
166  ip_firewall: true,  // Applies zone firewall rules
167});
168```
169 
170## Port Ranges (Enterprise Only)
171 
172```hcl
173resource "cloudflare_spectrum_application" "game_cluster" {
174  zone_id  = var.zone_id
175  protocol = "tcp/25565-25575"
176 
177  dns {
178    type = "CNAME"
179    name = "games.example.com"
180  }
181 
182  origin_direct = ["tcp://192.0.2.1"]
183  
184  origin_port {
185    start = 25565
186    end   = 25575
187  }
188}
189```
190 
191## See Also
192 
193- [patterns.md](patterns.md) - Protocol-specific examples
194- [api.md](api.md) - REST/SDK reference
195

Preparing the source view

Cloudflare Platform Skill

references/spectrum/configuration.md