Cloudflare

Status

in-flight

Tier

Tier 2 — Platform

Owner

Ryan Colston

Started

2026-04-24

One-line description. Cloudflare is the edge platform under everything customer-facing — DNS for rycolston.com, every static site on Pages, and the natural home for future Workers / R2 / Browser Rendering work.

Why

GCP isn't the right tool for every workload. Public-facing static sites, DNS, edge logic, and webhook handlers run faster, cheaper, and simpler on Cloudflare than on Cloud Run.

This hub exists because Cloudflare is no longer a "captured option." It's a live operational dependency. DNS for rycolston.com lives there. Five+ Pages projects ship through it. Future projects (wallet pass, lead-magnet form handlers, browser screenshot jobs) will probably land on Workers.

Without a hub, Cloudflare-related decisions get scattered across Reference/Web Properties.md, individual project hubs, and feedback memory. The hub centralizes credentials path, deployment patterns, and the shortlist of what to build next on this platform.

Current state

Active. Powering production sites.

• DNS for rycolston.com (zone 731d5e532ef078b3610ff07ce41535b5), migrated from Namecheap 2026-04-24
• Pages projects live: ry-realtor, setter-landing, customer-journey, capri-landing, handbook (and others — see Web Properties.md for the canonical list)
• Account ID: 9f54c7990a6d42f0c504318d2031d9de
• API token in 1Password: op item get mieu4nz3ygy7el3mf4bxpznlaa --vault POSPJ --fields credential --reveal

No Workers, R2, D1, KV, Vectorize, or Browser Rendering in production yet. Those are the next layer when an adjacent problem fits.

• Status: in-flight (DNS + Pages live, edge compute not yet)
• Last update: 2026-05-06
• Blocked on: nothing. Waiting for a concrete Workers use case.

Next 3 actions

(none — surface when relevant)

When a Workers / R2 / Browser Rendering use case appears, the next moves are:

1. First Worker: probably the Appointment Wallet Pass generator (FUB webhook → Google Wallet pass JWT). Lives well at the edge.
2. First R2 bucket: any public file workload that's currently on GCS and incurring egress costs.
3. First Browser Rendering job: replace any local Playwright / headless Chrome process (CMA PDF gen, screenshot-based site-doc captures).

Capability map

What Cloudflare offers that's worth knowing:

• DNS — already canonical for rycolston.com
• Pages — Git-connected static hosting, preview deploys per branch, custom domains. Already in production.
• Workers — V8 isolates at the edge. No cold starts. 100K req/day free tier. Public webhooks, form handlers, edge logic.
• R2 — S3-compatible object storage. No egress fees. Public file serving wins over GCS here.
• D1 — managed SQLite at the edge. Small workloads only.
• KV — fast key-value cache, eventually consistent.
• Vectorize — vector DB for embeddings. Cheaper than Vertex Vector Search at small scale.
• Workers AI — edge LLM inference (Llama, Mistral). Bypass Anthropic for low-stakes tasks.
• Browser Rendering — headless Chrome as an API. Screenshots, PDFs, scraping.
• Stream — video hosting + transcoding.
• Access — zero-trust auth gating in front of any route. Replaces ad-hoc passwords.

When to reach for Cloudflare over GCP

• Public webhook handler → Worker (faster + cheaper than Cloud Function)
• Public file serving → R2 (no egress vs GCS)
• Embedding search at small scale → Vectorize (simpler than Vertex)
• Browser automation → Browser Rendering (simpler than running Playwright)
• Static site → Pages (always)
• Auth gate in front of an internal tool → Access (replaces hand-rolled auth)

When to stay on GCP

• Anything touching BigQuery / Vertex / heavy compute → Cloud Run / Functions
• Anything that needs the shared-gcp-auth library or platform monorepo conventions
• Long-running jobs (>30s)
• Workloads that need GCS for interop with existing GCP pipelines

Decisions log

• 2026-04-24 — migrated rycolston.com DNS from Namecheap to Cloudflare. Unlocked Pages + future Workers.
• 2026-04-26 — captured as platform #1 in External API Platforms. Promoted to its own hub 2026-05-06 because production usage warranted it.

Open issues

No GitLab project warranted yet. Track candidate workloads here:

• Appointment Wallet Pass — first Worker candidate. See Appointment Wallet Pass.
• Lead-magnet form handlers — Capri lead-capture pages currently inert. Workers would handle form POSTs without standing up a Cloud Function.
• R2 audit — review what's in GCS that could move to R2 to cut egress costs. Public assets only.
• Browser Rendering for /doc-site — current site-doc workflow uses local Playwright. Could move to Browser Rendering for consistency.
• Cloudflare Access on internal tools — anything currently behind ad-hoc auth.

Sites currently on Cloudflare

Source of truth: Web Properties. Snapshot as of 2026-05-06:

• rycolston.com (Pages: ry-realtor)
• setter.rycolston.com (Pages: setter-landing)
• customer-journey.rycolston.com (Pages: customer-journey)
• capri.rycolston.com (Pages: capri-landing)
• handbook.rycolston.com (Pages: handbook)
• DNS for everything under rycolston.com

Credentials & deploy pattern

API token: op item get mieu4nz3ygy7el3mf4bxpznlaa --vault POSPJ --fields credential --reveal Account ID: 9f54c7990a6d42f0c504318d2031d9de rycolston.com zone: 731d5e532ef078b3610ff07ce41535b5

Standard Pages deploy:

CLOUDFLARE_API_TOKEN=$(op item get mieu4nz3ygy7el3mf4bxpznlaa --vault POSPJ --fields credential --reveal) \
CLOUDFLARE_ACCOUNT_ID=9f54c7990a6d42f0c504318d2031d9de \
wrangler pages deploy . --project-name=<project> --branch=main --commit-dirty=true

References

• Web Properties — canonical list of every domain/subdomain
• External API Platforms — sister hub for non-GCP platforms
• Customer Journey Map — Pages user
• Handbook Site — Pages user
• Appointment Wallet Pass — likely first Worker
• Feedback: Named Domain Means Deploy — when Ry names a subdomain, deploy directly to Cloudflare Pages
• Cloudflare docs: https://developers.cloudflare.com/