Cloudflare Pages + Custom Domain
Deploy a static site from GitHub to Cloudflare Pages and bind mtinfrasolutions.com + www with HTTPS.
Status: Draft
Scope / Objective
- Scope: GitHub repo → Cloudflare Pages deployment, custom domain binding, Cloudflare DNS web records (apex + www).
- Objective: Ensure
https://mtinfrasolutions.comandhttps://www.mtinfrasolutions.comload successfully over HTTPS. - Non-goals: Application backend, dynamic APIs, or replacing existing mail routing/authentication records.
Dependencies / Preconditions
Accounts & Access
- Cloudflare account with active zone
mtinfrasolutions.com - Permissions: edit DNS records; create/manage Cloudflare Pages projects and custom domains
- GitHub account/org access to repo (example:
GIT-MT-01 / MT-WEB-01) - GitHub Desktop authenticated (recommended for operator workflow)
Assumptions
- Site is static (root contains
index.html) - Local DNS (port 53) may be blocked; DNS validation uses DoH (HTTPS/443)
- Email DNS records (MX/SPF/DKIM/DMARC) exist and must remain unchanged
Change plan
- Create/update static site content in GitHub repo (
index.htmlat repo root). - Create Cloudflare Pages project from Git repository and deploy.
- Add custom domains in Pages: apex + www.
- Ensure Cloudflare DNS has required web CNAMEs (proxied) without disturbing mail records.
- Validate via Cloudflare UI + DoH JSON checks + browser proof.
- Capture evidence pack artifacts and hashes.
Implementation steps
1) Prepare repository (static site)
- Confirm repo exists and contains
/index.htmlat repo root. - Commit and push to
main(prefer PR workflow if using governance controls).
2) Create Cloudflare Pages project (Git-connected)
- Cloudflare Dashboard → Workers & Pages → Pages → Create application → Connect to Git.
- Select the repo (
GIT-MT-01 / MT-WEB-01). - Set build config:
- Production branch:
main - Framework preset:
None - Build command: (blank)
- Build output directory:
.
- Production branch:
- Click Save and Deploy.
3) Bind custom domains in Pages
- Pages Project → Custom domains → Set up a custom domain.
- Add apex:
mtinfrasolutions.com→ proceed. - Add www:
www.mtinfrasolutions.com→ proceed. - If Cloudflare requests DNS changes, apply them (see DNS mapping below).
- Wait until both domains show Active with SSL enabled.
4) Confirm Cloudflare DNS records (authoritative zone)
Required web records (example):
CNAME @ → mt-web-01.pages.dev(Proxied, TTL Auto)CNAME www → mt-web-01.pages.dev(Proxied, TTL Auto)
Note: Cloudflare supports apex CNAME via CNAME-flattening.
- Cloudflare zone
mtinfrasolutions.com→ DNS → Records. - Verify the two web records exist and are proxied. Do not modify Proton Mail records.
5) Optional: redirect www → apex (canonical host)
- Cloudflare zone → Rules → Redirect Rules → Create rule.
- Match: Hostname equals
www.mtinfrasolutions.com - Redirect:
https://mtinfrasolutions.com/$1(301)
Validation (with exact commands)
A) Cloudflare UI
- Pages → Custom domains: apex + www = Active (SSL enabled)
- Zone → DNS → Records: web CNAMEs present; mail records unchanged
B) External DNS checks via DoH (PowerShell)
$domain = "mtinfrasolutions.com"
$BasePath = "$env:USERPROFILE\Documents\MTINFRA-EvidencePack"
# Apex A (post)
$Apost = Invoke-RestMethod -Uri ("https://cloudflare-dns.com/dns-query?name=$domain&type=A") -Headers @{ accept="application/dns-json" }
$Apost | ConvertTo-Json -Depth 10 | Out-File (Join-Path $BasePath "EV-41-A-DoH-Post.json") -Encoding utf8
# www CNAME (post)
$WWWpost = Invoke-RestMethod -Uri ("https://cloudflare-dns.com/dns-query?name=www.$domain&type=CNAME") -Headers @{ accept="application/dns-json" }
$WWWpost | ConvertTo-Json -Depth 10 | Out-File (Join-Path $BasePath "EV-42-WWW-CNAME-DoH-Post.json") -Encoding utf8
C) HTTP HEAD checks (PowerShell)
Invoke-WebRequest -Uri "https://mtinfrasolutions.com" -Method Head | Select-Object -ExpandProperty StatusCode
Invoke-WebRequest -Uri "https://www.mtinfrasolutions.com" -Method Head | Select-Object -ExpandProperty StatusCode
D) Browser proof
- Open
https://mtinfrasolutions.comand confirm expected page content.
Rollback plan
- Cloudflare Pages → Project → Custom domains: remove
wwwand apex domain bindings. - Cloudflare zone → DNS → Records: remove web CNAMEs:
CNAME @ → mt-web-01.pages.devCNAME www → mt-web-01.pages.dev
- Confirm Proton Mail records still exist (MX/SPF/DKIM/DMARC).
- Validate: DoH queries should no longer resolve web hostnames; mail should remain functional.
Evidence pack checklist
| Evidence ID | Artifact | What it proves |
|---|---|---|
| EV-CF-04 | EV-CF-04-DeploymentSuccess.png | Pages deploy succeeded |
| EV-CF-05 | EV-CF-05-DNS-WebRecords.png | Apex + www DNS web records exist; mail records intact |
| EV-CF-06-07 | EV-CF-06-07-CustomDomains-Active.png | Apex + www are Active; SSL enabled |
| EV-41 | EV-41-A-DoH-Post.json | Post-change apex resolves externally |
| EV-42 | EV-42-WWW-CNAME-DoH-Post.json | Post-change www resolves externally |
| EV-V3 | EV-V3-Browser-WebLive.png | Browser proof of reachability |
| EV-00 | EV-00-Hashes-SHA256.txt | Integrity hashes for JSON evidence |
Final state
- Cloudflare Pages project deployed and serving content
- Custom domains
mtinfrasolutions.comandwww.mtinfrasolutions.comshow Active + SSL enabled - Cloudflare DNS contains web CNAME records to
mt-web-01.pages.dev(proxied) - Email DNS records preserved (Proton Mail)