Cloudflare DNS setup for IPFS

Hi there!

I managed to host my 1-page website on IPFS - see:

Then I created this TXT record in CloudFlare:


So I could see the website: https://gateway.ipfs.io/ipns/walkandwork.co.za/

I don’t know what records to add to have my domain www.walkandwork.co.za pointed to that IPFS link.

Any suggestions what records I need to add?

https://dnslink.io/#example-ipfs-gateway

Thanks Hector. The link you provided requires an ALIAS record, which is apparently not supported by Cloudflare. I can only add CNAME records, with the limitation of only using an IP address and not a URL.

What would be the workaround?

TXT record

_dnslink.subdomain          dnslink=/ipns/hash/

CNAME record

subdomain                 ipfs.gateway

Just add an A record to the gateway.ipfs.io IP:

[14:32:19] ~ $ host gateway.ipfs.io
gateway.ipfs.io has address 209.94.90.1
gateway.ipfs.io has IPv6 address 2602:fea2:2::1

OK, so to summarize:

  1. A record like this:
    A - gateway.ipfs.io - 209.94.90.1

  2. TXT record like this:

  • _dnslink - dnslink=/ipfs/QmZqVboCe1TWVbQfRk5Tatc6wZHNB6LwAuoRE62xxAagHs

Still feel like I need a CNAME?

My understanding of RFC approved records contained within a DNS zone is that A and AAAA records should contain only IP addresses for which the domain is Authoritative. CNAME records should be used when one is pointing to a DNS record in another zone for which the current zone is non-Authoritative.

So, while adding an A and a AAAA record with the “gateway.ipfs.io” IP addresses should function… it’s not strictly “correct” per RFC standard methods. Using A and AAAA records in this way may lead to incorrect routing if… for example… the external zone changes its zone file IP addresses.

But perhaps things have changed… and my understanding is no longer accurate.

Yes, the A record, and the AAAA records did the job.
One more thing - in the example Hector gave, the SSL is working. Is there a way to get rid of the “Not Secure” notification?

If I go to: https://ipfs.io/ipfs/QmZqVboCe1TWVbQfRk5Tatc6wZHNB6LwAuoRE62xxAagHs/

This shows the website with the SSL

If you want to use your own domain’s TLS cert, you’ll need to front your IPFS based website with a webserver proxy.

The TLS cert of the IPFS gateway is being used when the website is viewed on the IPFS gateway.

Something like this for Apache might work:

<VirtualHost *:443>
   ServerName walkandwork.co.za
   DocumentRoot /
   
   SSLEngine on
   
   ProxyPreserveHost On
   ProxyRequests Off
   ServerAlias walkandwork.co.za
   ProxyPass / http://gateway.ipfs.io/ipns/walkandwork.co.za/
   ProxyPassReverse / http://gateway.ipfs.io/ipns/walkandwork.co.za/
</VirtualHost>

It seems duplicative since you’ve already got the dnslink records.