feat: add support for public DNS target IP and private DNS allowance in Cloudflare setup
This commit is contained in:
S
@@ -31,8 +31,9 @@ Before running anything, confirm:
|
||||
|
||||
DNS and TLS are only needed for Phase 8 (Caddy reverse proxy). You can set these up later:
|
||||
|
||||
- A DNS A record for your Gitea domain pointing to `UNRAID_IP`
|
||||
- If using `TLS_MODE=cloudflare`: a Cloudflare API token with Zone:DNS:Edit permission
|
||||
- `PUBLIC_DNS_TARGET_IP` set to your ingress IP for `GITEA_DOMAIN` (public IP recommended)
|
||||
- If you intentionally use LAN-only split DNS with a private IP target, set `PHASE8_ALLOW_PRIVATE_DNS_TARGET=true`
|
||||
|
||||
### 2. Passwordless sudo on remote hosts
|
||||
|
||||
@@ -316,7 +317,7 @@ Then re-run Phase 4. Already-migrated repos will be skipped.
|
||||
|
||||
**Symptom**: Preflight check 14 fails.
|
||||
|
||||
**Fix**: Add or update your DNS A record. If using a local DNS server or `/etc/hosts`, ensure the record points to `UNRAID_IP`. DNS propagation can take minutes to hours.
|
||||
**Fix**: Phase 8 can auto-upsert the Cloudflare A record for `GITEA_DOMAIN` when `TLS_MODE=cloudflare`. Set `PUBLIC_DNS_TARGET_IP` first. Use a public ingress IP for public access. For LAN-only split DNS, set `PHASE8_ALLOW_PRIVATE_DNS_TARGET=true`.
|
||||
|
||||
### Caddy fails to start or obtain TLS certificate in Phase 8
|
||||
|
||||
|
||||
Reference in New Issue
Block a user