Cloudflare

Manage Cloudflare zones, DNS, SSL, tunnels, and settings via the bundled scripts/cf.sh bash script.

Prerequisites

curl, jq, and openssl must be available on the system
Set CLOUDFLARE_API_TOKEN environment variable
Optionally set CLOUDFLARE_ACCOUNT_ID for tunnel operations

CLI: `scripts/cf.sh`

All operations go through the bundled scripts/cf.sh bash script (included in this skill). No external downloads needed.

# Run from skill directory
./scripts/cf.sh <command> [args...]
# Or reference by absolute path
/path/to/skills/cloudflare/scripts/cf.sh <command> [args...]

Commands

Command	Args	Description
`help`		Show all commands
`verify`		Verify API token is valid
`zones`	`[domain]`	List zones (optionally filter by domain name)
`zone-get`	`<zone_id>`	Get zone details
`zone-id`	`<domain>`	Get zone ID from domain name
`dns-list`	`<zone_id> [type] [name]`	List DNS records
`dns-create`	`<zone_id> <type> <name> <content> [proxied] [ttl]`	Create DNS record
`dns-update`	`<zone_id> <record_id> <type> <name> <content> [proxied] [ttl]`	Update DNS record
`dns-delete`	`<zone_id> <record_id>`	Delete DNS record
`dns-export`	`<zone_id>`	Export all records as JSON
`dns-import`	`<zone_id> <file.json>`	Import records from JSON
`settings-list`	`<zone_id>`	List all zone settings
`setting-get`	`<zone_id> <setting>`	Get specific setting
`setting-set`	`<zone_id> <setting> <value>`	Update a setting
`ssl-get`	`<zone_id>`	Get current SSL mode
`ssl-set`	`<zone_id> <mode>`	Set SSL mode (off/flexible/full/strict)
`cache-purge`	`<zone_id> [url1 url2 ...]`	Purge specific URLs or everything
`pagerules-list`	`<zone_id>`	List page rules
`firewall-list`	`<zone_id>`	List firewall rules
`tunnels-list`		List Cloudflare Tunnels (needs ACCOUNT_ID)
`tunnel-get`	`<tunnel_id>`	Get tunnel details
`tunnel-create`	`<name>`	Create a tunnel (needs ACCOUNT_ID)
`tunnel-delete`	`<tunnel_id>`	Delete a tunnel (needs ACCOUNT_ID)
`analytics`	`<zone_id> [since_minutes]`	Zone analytics (default: last 24h)

Proxied flag

true — orange cloud, traffic through Cloudflare (CDN, WAF, DDoS)
false — grey cloud, DNS-only (use for MX, non-HTTP services)

TTL

1 = automatic (Cloudflare-managed)
Set explicit seconds for DNS-only records (e.g., 3600)

Typical workflows

Point domain to server

# Find zone ID
cf zones example.com
# Create A record (proxied)
cf dns-create <zone_id> A example.com 1.2.3.4 true
# Create www CNAME
cf dns-create <zone_id> CNAME www.example.com example.com true

Set up email (MX + SPF)

cf dns-create <zone_id> MX example.com "mx.provider.com" false 1
cf dns-create <zone_id> TXT example.com "v=spf1 include:provider.com ~all" false

Enable strict SSL

cf ssl-set <zone_id> strict

Safety rules

Always confirm with the user before:

Deleting DNS records (dns-delete)
Changing SSL mode
Modifying firewall rules
Any destructive operation

Safe to do freely:

Listing/reading zones, records, settings, analytics
Verifying token

Reference

For DNS record types, SSL modes, and API details: see references/api-guide.md

cloudflare

Safety Notice

Copy this and send it to your AI assistant to learn

Cloudflare

Prerequisites

CLI: `scripts/cf.sh`

Commands

Proxied flag

TTL

Typical workflows

Point domain to server

Set up email (MX + SPF)

Enable strict SSL

Safety rules

Reference

Source Transparency

Related Skills

Charging Ledger

qg-skill-sync

Ad Manager

cloudflare

Safety Notice

Copy this and send it to your AI assistant to learn

Cloudflare

Prerequisites

CLI: scripts/cf.sh

Commands

Proxied flag

TTL

Typical workflows

Point domain to server

Set up email (MX + SPF)

Enable strict SSL

Safety rules

Reference

Source Transparency

Related Skills

Charging Ledger

qg-skill-sync

Ad Manager

CLI: `scripts/cf.sh`