Cloudflare Setup
DNS yonetimi, Argo Tunnels, ve AWS ACM entegrasyonu - legendsdxp.com domain yapisi.
Traffic Flow Overview
CloudflareCloudflare, DNS yonetimi ve Argo Tunnel ile AWS ortamlarina guvenli erisim saglar. Production ve Staging ortamlari farkli Argo Tunnel'lar uzerinden yonlendirilir.
flowchart TB
subgraph INTERNET["Internet"]
USER["Users"]
end
subgraph CF["Cloudflare (legendsdxp.com)"]
DNS["DNS
alexis.ns.cloudflare.com
gwen.ns.cloudflare.com"] WAF["WAF / DDoS
Protection"] subgraph TUNNELS["Argo Tunnels"] T_PROD["Production Tunnel
12dc2b72-e2fa-4528..."] T_STG["Staging Tunnel
5ea41e92-6b72-4db9..."] end end subgraph AWS_PROD["AWS Production (957976799355)"] PROD_BE["backend-nickelodeon-production-access"] PROD_PG["pgadmin4-nickelodeon-production-access"] end subgraph AWS_STG["AWS Staging (123644281811)"] STG_FE["frontend-nickelodeon-staging-access"] STG_BE["backend-nickelodeon-staging-access"] STG_ADMIN["admin-nickelodeon-staging-access"] STG_PG["pgadmin4-nickelodeon-staging-access"] end USER --> DNS DNS --> WAF WAF --> T_PROD WAF --> T_STG T_PROD --> PROD_BE T_PROD --> PROD_PG T_STG --> STG_FE T_STG --> STG_BE T_STG --> STG_ADMIN T_STG --> STG_PG
alexis.ns.cloudflare.com
gwen.ns.cloudflare.com"] WAF["WAF / DDoS
Protection"] subgraph TUNNELS["Argo Tunnels"] T_PROD["Production Tunnel
12dc2b72-e2fa-4528..."] T_STG["Staging Tunnel
5ea41e92-6b72-4db9..."] end end subgraph AWS_PROD["AWS Production (957976799355)"] PROD_BE["backend-nickelodeon-production-access"] PROD_PG["pgadmin4-nickelodeon-production-access"] end subgraph AWS_STG["AWS Staging (123644281811)"] STG_FE["frontend-nickelodeon-staging-access"] STG_BE["backend-nickelodeon-staging-access"] STG_ADMIN["admin-nickelodeon-staging-access"] STG_PG["pgadmin4-nickelodeon-staging-access"] end USER --> DNS DNS --> WAF WAF --> T_PROD WAF --> T_STG T_PROD --> PROD_BE T_PROD --> PROD_PG T_STG --> STG_FE T_STG --> STG_BE T_STG --> STG_ADMIN T_STG --> STG_PG
Domain
legendsdxp.com
NS Servers
alexis, gwen
Argo Tunnels
2 (Prod + Staging)
Proxied Records
6 CNAME
ACM Validations
4 CNAME
Argo Tunnels
CloudflareArgo Tunnel, Cloudflare'den AWS private network'e guvenli, outbound-only baglanti saglar. Public IP veya firewall acmaya gerek kalmadan internal servislere erisim.
flowchart LR
subgraph CF["Cloudflare Edge"]
EDGE["Edge Network"]
end
subgraph TUNNEL_PROD["Production Tunnel"]
CONN_P["cloudflared
Connector"] end subgraph TUNNEL_STG["Staging Tunnel"] CONN_S["cloudflared
Connector"] end subgraph AWS_P["AWS Prod VPC"] ALB_P["Private ALB"] ECS_P["ECS Services"] end subgraph AWS_S["AWS Staging VPC"] ALB_S["Private ALB"] ECS_S["ECS Services"] end EDGE <-->|"Encrypted"| CONN_P EDGE <-->|"Encrypted"| CONN_S CONN_P --> ALB_P --> ECS_P CONN_S --> ALB_S --> ECS_S
Connector"] end subgraph TUNNEL_STG["Staging Tunnel"] CONN_S["cloudflared
Connector"] end subgraph AWS_P["AWS Prod VPC"] ALB_P["Private ALB"] ECS_P["ECS Services"] end subgraph AWS_S["AWS Staging VPC"] ALB_S["Private ALB"] ECS_S["ECS Services"] end EDGE <-->|"Encrypted"| CONN_P EDGE <-->|"Encrypted"| CONN_S CONN_P --> ALB_P --> ECS_P CONN_S --> ALB_S --> ECS_S
| Tunnel | ID | Environment | Services |
|---|---|---|---|
| Production Tunnel | 12dc2b72-e2fa-4528-9cf7-85315af26f5c |
PROD | backend, pgadmin4 |
| Staging Tunnel | 5ea41e92-6b72-4db9-9de7-632d8d7fe589 |
STG | frontend, backend, admin, pgadmin4 |
DNS Records
DNSCloudflare DNS kayitlari - Argo Tunnel CNAME'leri (proxied) ve AWS ACM validation CNAME'leri.
Application Access Records (Proxied)
| Subdomain | Type | Target | Env | Proxy |
|---|---|---|---|---|
backend-nickelodeon-production-access |
CNAME | 12dc2b72-...cfargotunnel.com | PROD | Proxied |
pgadmin4-nickelodeon-production-access |
CNAME | 12dc2b72-...cfargotunnel.com | PROD | Proxied |
frontend-nickelodeon-staging-access |
CNAME | 5ea41e92-...cfargotunnel.com | STG | Proxied |
backend-nickelodeon-staging-access |
CNAME | 5ea41e92-...cfargotunnel.com | STG | Proxied |
admin-nickelodeon-staging-access |
CNAME | 5ea41e92-...cfargotunnel.com | STG | Proxied |
pgadmin4-nickelodeon-staging-access |
CNAME | 5ea41e92-...cfargotunnel.com | STG | Proxied |
AWS ACM Validation Records
| Record Name | Type | Target | Purpose |
|---|---|---|---|
_6b1e03eb7cc805ddba22eaf3b4b98b45.legendsdxp.com |
CNAME | _ee1beb330509f41...acm-validations.aws | Production ACM |
_d1de668b7a51c8f6c9bbbcab61f0a039.legendsdxp.com |
CNAME | _84320ecb1e354815...acm-validations.aws | Staging ACM |
_efa4fddba63a82e471c72710d375c56d.nickelodeon.production.public |
CNAME | _9751a56fb3c870b8...acm-validations.aws | Production Public ACM |
_1460c86a4c80b525e9991d2cd575f2a3.nickelodeon.production.private |
CNAME | _c56177d57552868...acm-validations.aws | Production Private ACM |
_4e81b09be46ae45cbe8e93cebd2627b8.nickelodeon.staging.private |
CNAME | _70a2e4249e4bdb33...acm-validations.aws | Staging Private ACM |
AWS Route53 Delegation (NS Records)
| Subdomain | Type | NS Servers | Purpose |
|---|---|---|---|
nickelodeon-production.legendsdxp.com |
NS | ns-1503.awsdns-59.org, ns-240.awsdns-30.com, ns-1856.awsdns-40.co.uk, ns-666.awsdns-19.net | AWS Route53 delegation |
nickelodeon.production.public.legendsdxp.com |
NS | ns-1097.awsdns-09.org, ns-258.awsdns-32.com, ns-586.awsdns-09.net, ns-1896.awsdns-45.co.uk | AWS Route53 public zone |
Application Access URLs
URLsCloudflare Argo Tunnel uzerinden erisilebilen application URL'leri.
| Application | URL | Environment |
|---|---|---|
| Backend API | https://backend-nickelodeon-production-access.legendsdxp.com |
PROD |
| pgAdmin4 | https://pgadmin4-nickelodeon-production-access.legendsdxp.com |
PROD |
| Frontend | https://frontend-nickelodeon-staging-access.legendsdxp.com |
STG |
| Backend API | https://backend-nickelodeon-staging-access.legendsdxp.com |
STG |
| Admin Panel | https://admin-nickelodeon-staging-access.legendsdxp.com |
STG |
| pgAdmin4 | https://pgadmin4-nickelodeon-staging-access.legendsdxp.com |
STG |