Virtualmin --dns cloudflare-dns

Hello,

I suggest adding cloudflare dns api to virtualmin. It acts as reverse proxy (caching contents), firewall,... and it's also free.

They've provided many tools which can be used to easily implement it into any panel, e.g. :

https://www.cloudflare.com/docs/host-api.html

I think it beats BIND, djbdns, ... .

Status: 
Fixed (pending)

Comments

So are you thinking that Virtualmin could offload DNS hosting to cloudflare via their API?

I suppose that could be done, although it would be a major departure from the way Virtualmin usually does things (by hosting everything locally). So we aren't likely to add this any time soon.

Mostafa's picture
Submitted by Mostafa on Sat, 07/05/2014 - 13:19

The fact is that efficiency of hosting dns on cloudflare is much greater than hosting it locally. This is a useful feature, I hope you add this whenever possible.

Thank you Jamie.

Let me put in 2 cents on this one. I would really like to see a Cloudflare plugin in Virtualmin. Cloudflare provides a fairly nice reverse proxy setup that includes:

  1. CDN caching around the world
  2. Nice distributed DNS
  3. Thread and ddos protection.

My current interest revolves around the fact that I just signed up to be a partner with them. This is a pretty good opportunity for small hosting companies to distinguish themselves since they provide a fairly full API into their system. I'm at the moment looking into integrating this into the WHMCS sales system I have set up in front of Virtualmin/Cloudmin -- but at the moment that's going to require that my customers go in and manually change a DNS record to put in a CNAME for their web site. I'm trying at the moment to think of creative ways to make this work at least as a first pass (I think I can actually tweak this up by making the Cloudflare fronted sites be a separate hosting product) but -- the ability to do some of this on Virtualmin through their API would be great - unfortunately I dont have the staff or time to do this right now.

BY the way I'd be completely FINE with this just being a Pro feature.

Just a thought and suggestion for a feature that would make Virtualmin Pro more attractive :-)

So, would this plugin just need to add a single CNAME record, or is there more to it than that? Like copying the full DNS zone to cloudflare?

Hi Jamie - This is going to get a little confusing because I think we're talking 2 different use cases here, and mine is not necessarily the same as the person who initiated this thread.

I think the initial poster was asking about just implementing cloudflare on a site or set of sites. For most folks this is a 2-step process --- you set up an account at Cloudflare and ask it to set up your site. It then sets up the CDN for you, and grabs a copy of your DNS records which it stuffs into its own DNS infrastructure - you can then edit the records over on the Cloudflare site.

Then when it's all settled you just make the 2 DNS servers they give you authoritative for your domain.

That's the normal behavior for a regular person. In that case I'm not real sure that there's anything really useful you can do with Virtualmin --

The API that is mentioned is really an API for Cloudflare Partners - I'm one of those partners as of yesterday. The idea here is that you're a hosting provider and want to be able to offer Cloudflare to your clients - this is a little different than the simple use case. Here you've got an API for provisioning Cloudflare accounts for clients. They have modules for many of the control panels -- in fact it looks like for just about everything but Virtualmin (this is one of those rare moments when running Cpanel looks attractive - but it only lasts a couple minutes). There's also a slightly pathetic plugin for WHMCS, which is what I'm playing with currently.

If you're a partner the only way to set up these accounts is through the API. There are 2 modes, one where you provision the account for the person, and make a CNAME record for (typically) the www address on the site, which then shoves that traffic over to Cloudflare and runs everything through the CDN.

There's also a way in the API to do the full integration over to their DNS servers, which is more attractive (they have a nice worldwide DNS infrastructure).

So - it's the Cloudflare partner thing that I'm interested in. Doing the integration in WHMCS is really ugly and it would be a lot neater if one could set up a button to click on the Virtualmin panel to set up Cloudflare for a domain if you're a partner.

Actually the API is pretty straightforward and I'm thinking I can probably do a simple test of this just by writing a little script to run - the example (using just CURL) for doing a provisioning of a user looks something like this

curl https://api.cloudflare.com/host-gw.html \ -d 'act=user_create' \ -d 'host_key=8afbe6dea02407989af4dd4c97bb6e25' \ -d 'cloudflare_email=newuser@example.com' \ -d 'cloudflare_pass=newpassword' \ -d 'unique_id=someuniqueid'

And it then sends a JSON response.

Then you'd need to do a zone-set operation to set up a domain - looks like this: curl https://api.cloudflare.com/host-gw.html \ -d 'act=zone_set' \ -d 'host_key=8afbe6dea02407989af4dd4c97bb6e25' \ -d 'user_key=57bd6ab7536daa87cab966ad723f014a' \ -d 'zone_name=someexample.com' \ -d 'resolve_to=cloudflare-resolve-to.someexample.com' \ -d 'subdomains=www,blog,wordpress:cloudflare-rs2.someexample.com'

There are other actions in the API as well.

Well there, that's probably more than you wanted to know. I think a module for this would be great - I'm considering just kludging together something ugly for testing purposes, but coding ain't my strong suit.

I could probably get you in touch with the Cloudflare folks on this if you have any interest. This is actually a pretty good sales point for small hosting providers.

The WHMCS integration is really bare bones and only really works properly for shared accounts (and only one per person because the code in there is REALLY stupid).

Let me know if there's any way I can help with this -- or let me know if you just don't see it as a possibility. I realize it's not going to be a big money maker for you.

Mostafa's picture
Submitted by Mostafa on Thu, 04/16/2015 - 11:42

Hi Jamie and Cruiskeen,

I have the following in my mind when I created this feature request:

Let's say I have a website on my Virtualmin panel. I want to setup Cloudflare for my domain, so I first signup on their website and then add my domain to their panel. I set my domain's NS records to those provided by Cloudflare. Now, if I add / remove a subdomain in virtualmin, I have to manually update my DNS records on cloudflare. Here is where Virtualmin's CloudFlare module comes in and automatically updates the DNS records.

https://www.cloudflare.com/docs/client-api.html

By using: 3.3 - "rec_load_all" - Retrieve DNS Records of a given domain 5.1 - "rec_new" -- Add a DNS record 5.2 - "rec_edit" -- Edit a DNS record 5.3 - "rec_delete" -- Delete a DNS record

Replying to my own comment here --- I've been playing with the Cloudflare plugin in WHMCS and it works at least slightly better than I thought. I believed all the things they said were wrong with it in the docs - turns out it actually works better than they said, so my need here is less pressing than I thought it might be. Still, I DO think this would be a nice Virtualmin feature, at least for the Pro Virtualmin.

Ok, I'll take a look into this..

I've used the CPanel Cloudflare integration plugin for about a year.

It's really simple for the user.

You just input your free cloudflare account credentials into the cpanel cloudflare area, and turn "on" or "off" cloudflare for each of your domains and add-on domains.

Default is off.

When you click "on", the cpanel cloudflare plugin tells cloudflare (presumably via a curl call) to automatically handles (proxy and cache) the www part of all http web traffic, and optionally https termination which costs a paid subscription.

Cpanel plugin does this by modifying the www record for the domain to be a CNAME record that points to cloudflare CDN name provided in the curl call.

For example:

ping www.mydomain.com
 
Pinging www.mydomain.com.cdn.cloudflare.net [104.28.17.95] with 32 bytes of data:
Reply from 104.28.17.95: bytes=32 time=24ms TTL=51
Reply from 104.28.17.95: bytes=32 time=24ms TTL=51
Reply from 104.28.17.95: bytes=32 time=24ms TTL=51
Reply from 104.28.17.95: bytes=32 time=24ms TTL=51
 
Ping statistics for 104.28.17.95:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 24ms, Maximum = 24ms, Average = 24ms

CF doesn't proxy anything else other than http/https - neither the plain mydomain.com , nor the email ports, nor the ftp...

CF's a decent free service to protect a small blog from DDoS/Redditing/Slashdotting, but the downside is privacy, CF of course would see every byte of traffic and every user coming into your site.

Warning : all incoming traffic appears to originate from the CF CDN (because it's a man in the middle between the virtualmin and the web surfer)....

You have to take the extra step to extract a http headers CF-Connecting-IP and X-Forwarded-For, these 2 headers contain info on the end user web surfer IP....

use THESE IP's in order to have accurate web statistics / webalizer....

More info: https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Clou...

Hi I'd love to see this plugin/addon too. I also have used the Cloudflare cpanel plugin for some time and it not only speeds up cpanel servers massively if serving a lot of websites, but also the added security is great too. It would be fantastic to have a similar Virtualmin/Webmin option.

Diabolico's picture
Submitted by Diabolico on Thu, 07/14/2016 - 07:27

I agree, this option would be great but not for GPL. I would add only on Vmin Pro and use as another selling point.

Integration with Cloudflare (and other DNS providers) is definitely on our TODO list.

Mostafa's picture
Submitted by Mostafa on Mon, 10/24/2016 - 04:21

Hope to see this feature soon :)

Extending Virtualmin/Webmin to services often used by web hosts, registrars and managers makes sense. The choice, IMO, should be based on 1) How widespread the use of the extended function. DNS certainly qualifies in general. 2) How popular is the provider. 3) How stable and well maintained they are, ie. beta versions of services should not be officially supported even if from a large company such as Microsoft (Azure DNS) for expamble until it moves to production/stable platform status. 4) Is there support within the community... some here are coders or otherwise can provide starting points for extensions. VM has among good user support to draw on.

The stage of development of cloud services, web hosting, mobile applications includes providing better integration and ease of management and use. I think that is now as or more important than adding new functionality. Virtualmin is well positioned as an integration type platform that fits this major trend in the ICT, Information and Communications Technologies, world.

Some aspects of web development are harder to use than they should be: DNS, SSL Certificates are among them. Providers are responding such as Letsencrypt for simple SSL cert. And that is pushing competitors to revamp their services to make them easier to use and more automated. DNS services have proliferated because there is money to be made. The problem for hosting services, managers and users is that there are many providers to manage, making changing, upgrading, installing new sites to be managed trhough alternate providers more time consuming and problematic. I am an idiot who sometimes forgets simple things such as steps or get bogged down because a particular web browser or settings block a popup .. "why isn't it accepting the new DNS?".. only to find it was a stupid error on my part. Making things 'idiot proof' by reducing steps through a common interface (VM) is what is needed.

Sorry about the long post. I think Virtualmin is great already but also fits what is needed for improving managed web and web-interfaced mobile applications.

The next release of Virtualmin will include Google DNS and Cloudflare integration.