Steps to “park” a new domain with email and HTTP service. Total cost is ~$12/year assuming you already have a web server set up.
Domain Registration and DNS
- Register domain with Amazon Route53 ($12/year for .com)
- Delete the public “Hosted Zone” ($6/year) since CloudFlare will be used for hosting DNS
- No Route53 Hosted Zone is necessary, unless you want to run a VPC with its own private view of the domain, in which case there needs to be a private Hosted Zone.
- Create CloudFlare free-tier account for DNS hosting
- Change Amazon Route53 DNS server settings over to CloudFlare
- CloudFlare settings that you might want to adjust:
- Crypto/SSL Policy: see below
- Always Use HTTPS: On (unless you need fine-grained control over HTTP→HTTPS redirection)
Assume you have a web server that will respond to HTTP requests on the new domain.
- Option 1: Direct Connection (CloudFlare ingress and SSL termination, but no SSL to the origin)
- Use a single-host A/CNAME record in CloudFlare
- CloudFlare will handle SSL termination, but must be used in “Flexible” crypto mode which reverts to HTTP when talking to the origin server.
- Option 2a: Proper SSL Setup with AWS load balancer (~$240/year) and its built-in certificate
- Create an EC2 load balancer with a certificate appropriate for the domain
- Use a CNAME record in CloudFlare pointing to the load balancer’s dualstack.my-lb-1234566-... DNS name
- Now you can enable CloudFlare’s “Full” crypto mode
- Option 2b: Proper SSL Setup with Let’s Encrypt (free)
- TBD – needs some kind of containerized HTTP server that updates the certificate automatically
It is important to be able to receive email addressed to [email protected], for example to respond to verification emails for future domain transfers or SSL certificate issuance.
Email forwarding can be set up for free using Mailgun:
- Create Mailgun free-tier account on the top-level domain
- Add the necessary DNS records for Mailgun at CloudFlare (domainkey and MX servers)
- In Mailgun’s “Routes” panel, create a rule that matches incoming email to [email protected] and forwards it as necessary
If you actually want to receive (not just forward) incoming email, either use Gmail on the domain, or the following (nearly-free) AWS system:
- In Amazon SES, add and verify the domain
- This will require adding a few more records at CloudFlare, including MX records
- Set up an SES rule to accept incoming email and store messages in S3
- Use a script like this one to poll S3 for new messages and deliver them via procmail