Deeploy Secrets Setup Guide

Ratio1 uses Cloudflare Tunnels to expose your apps globally and enable load balancing.

To let Deeploy securely create and manage those tunnels, Cloud Service Providers must add their Cloudflare credentials.

Required fields

• Account ID: Your Cloudflare account identifier.

• Zone ID: The identifier of the zone (domain) you want Deeploy to manage.

• API Key: A Cloudflare API token with the required permissions.

• Domain: The domain associated with the zone.

Follow the step-by-step guide below to find each piece of information in the Cloudflare dashboard.

Preparing your domain

When you create a new tunnel, Deeploy’s Tunnel Manager automatically provisions a unique subdomain like: abcdef123456.yourdomain.com.

This is the URL where your application becomes accessible once deployed on Ratio1 Edge Nodes.

Because of this, you need a Cloudflare account with at least one domain connected and managed by Cloudflare DNS. For details on how to add and configure a domain in Cloudflare, see the official Cloudflare documentation: Managing domains.

We recommend using a dedicated domain for this purpose (so all your app subdomains are grouped and easy to manage), but you can also use your main domain if preferred.

How to find Account ID, Zone ID and Domain

1. Log in to the Cloudflare Dashboard.

2. Select the domain you want Deeploy to use.

3. On the Overview page of that domain, scroll to the right-hand side near the bottom. Under the API section, you will see both the Zone ID and the Account ID.

4. Copy these values and paste them into the form in Deeploy.

5. The Domain will simply be the domain you decided to use (eg. yourdomain.com)

How to create the API Token

To let Deeploy manage your tunnels and DNS records, you need to create a Cloudflare API Token.

1. Go back to the Cloudflare Dashboard.

2. Select your profile, and from the left sidebar select Manage Account - Account API Tokens - Create Token.

3. Choose Create Custom Token, give it a descriptive name, and assign the following permissions:

   • Account - Cloudflare Tunnel - Edit

   • Zone - Zone Settings - Edit

   • Zone - SSL and Certificates - Edit

   • Zone - DNS - Edit

4. Choose whether to grant access to all zones in your account or restrict it to the specific zone Deeploy should manage. Restricting to a single zone is generally safer, but you may allow multiple zones if needed.

5. (Optional) Define an expiration date (TTL) for the token. If it expires, you will need to create a new token and update it in Deeploy.

6. Once created, copy the token and paste it into the API Key field in Deeploy.

Bonus: Setting tunnels to external domains

With the default setup, Deeploy creates a tunnel subdomain like: abcdef123456.yourdomain.com. Your application will be available at this address once deployed.

You can also point a custom subdomain such as app.otherdomain.com to the tunnel using a CNAME record, as long as both domains are under the same Cloudflare account.

If you want to point external domains (domains not managed in Cloudflare, or domains belonging to a client with a separate Cloudflare account) to your tunnels, you need to activate Cloudflare for SaaS. This feature allows you to:

• Map customer-owned domains to your infrastructure.

• Manage certificates automatically for those external domains.

• Provide a seamless experience where apps can run under a client’s existing domain.

How to activate Cloudflare for SaaS

1. Log in to the Cloudflare Dashboard.

2. Go to the domain (zone) you use for Deeploy tunnels.

3. In the left-hand menu, select SSL/TLS - Custom Hostnames.

4. Click on Enable Cloudflare for SaaS.

5. Cloudflare will request billing details. The first 100 domains are included for free; any additional domains cost $0.10 per domain per month.

6. Before adding external CNAMEs, make sure you create a new Linked Domain in Deeploy’s Tunnel Manager so that certificates can be automatically issued.