Scan to contactCloudflare
Manage Cloudflare zones, DNS, SSL, tunnels, and settings via the bundled scripts/cf.sh bash script.
Prerequisites
curl,jq, andopensslmust be available on the system- Set
CLOUDFLARE_API_TOKENenvironment variable - Optionally set
CLOUDFLARE_ACCOUNT_IDfor tunnel operations
CLI: scripts/cf.sh
All operations go through the bundled scripts/cf.sh bash script (included in this skill). No external downloads needed.
# Run from skill directory
./scripts/cf.sh <command> [args...]
# Or reference by absolute path
/path/to/skills/cloudflare/scripts/cf.sh <command> [args...]
Commands
| Command | Args | Description |
|---------|------|-------------|
| help | | Show all commands |
| verify | | Verify API token is valid |
| zones | [domain] | List zones (optionally filter by domain name) |
| zone-get | <zone_id> | Get zone details |
| zone-id | <domain> | Get zone ID from domain name |
| dns-list | <zone_id> [type] [name] | List DNS records |
| dns-create | <zone_id> <type> <name> <content> [proxied] [ttl] | Create DNS record |
| dns-update | <zone_id> <record_id> <type> <name> <content> [proxied] [ttl] | Update DNS record |
| dns-delete | <zone_id> <record_id> | Delete DNS record |
| dns-export | <zone_id> | Export all records as JSON |
| dns-import | <zone_id> <file.json> | Import records from JSON |
| settings-list | <zone_id> | List all zone settings |
| setting-get | <zone_id> <setting> | Get specific setting |
| setting-set | <zone_id> <setting> <value> | Update a setting |
| ssl-get | <zone_id> | Get current SSL mode |
| ssl-set | <zone_id> <mode> | Set SSL mode (off/flexible/full/strict) |
| cache-purge | <zone_id> [url1 url2 ...] | Purge specific URLs or everything |
| pagerules-list | <zone_id> | List page rules |
| firewall-list | <zone_id> | List firewall rules |
| tunnels-list | | List Cloudflare Tunnels (needs ACCOUNT_ID) |
| tunnel-get | <tunnel_id> | Get tunnel details |
| tunnel-create | <name> | Create a tunnel (needs ACCOUNT_ID) |
| tunnel-delete | <tunnel_id> | Delete a tunnel (needs ACCOUNT_ID) |
| analytics | <zone_id> [since_minutes] | Zone analytics (default: last 24h) |
Proxied flag
true— orange cloud, traffic through Cloudflare (CDN, WAF, DDoS)false— grey cloud, DNS-only (use for MX, non-HTTP services)
TTL
1= automatic (Cloudflare-managed)- Set explicit seconds for DNS-only records (e.g.,
3600)
Typical workflows
Point domain to server
# Find zone ID
cf zones example.com
# Create A record (proxied)
cf dns-create <zone_id> A example.com 1.2.3.4 true
# Create www CNAME
cf dns-create <zone_id> CNAME www.example.com example.com true
Set up email (MX + SPF)
cf dns-create <zone_id> MX example.com "mx.provider.com" false 1
cf dns-create <zone_id> TXT example.com "v=spf1 include:provider.com ~all" false
Enable strict SSL
cf ssl-set <zone_id> strict
Safety rules
Always confirm with the user before:
- Deleting DNS records (
dns-delete) - Changing SSL mode
- Modifying firewall rules
- Any destructive operation
Safe to do freely:
- Listing/reading zones, records, settings, analytics
- Verifying token
Reference
For DNS record types, SSL modes, and API details: see references/api-guide.md