All web content is served directly from the production server without CDN caching.

Let's Encrypt HTTP-01 verification fails when Cloudflare proxy is enabled, due to port 80 hijacking.

Traefik is used in production for routing, unlike Caddy, which has simpler Cloudflare DNS-based validation.

Cloudflare can offer origin certificates and encrypted traffic, but its proxy breaks HTTP validation unless appropriately configured.

Traeffik supports dynamic routing through Docker labels and Terraform config files in our infrastructure repo.

There is uncertainty around why IP-based p2p bootstrap was previously avoided, though currently, p2p does rely on DNS (e.g., dns4/hyper.media/tcp/...).

Create a new domain: cdn.hyper.media

Enable Cloudflare proxy only for this domain.

Point the domain to our existing production server.

Configure Traeffik to serve this hostname only for /ipfs route.

In the web app, rewrite ipfs:// URLs to https://cdn.hyper.media/ipfs/...

Use Let's Encrypt certificates for simplicity, knowing CF can terminate TLS and initiate a second handshake to our origin server.

Speeds up the delivery of heavy IPFS media files.

Avoids interfering with main web and P2P traffic.

Easy to test in development with cdn.dev.hyper.media

Only media files benefit from CDN.

HTML and site-specific content won’t be cached.

Need to verify proper CORS headers.

Need to validate certificate flow doesn’t break on CF proxy.

Expand Cloudflare proxy to include full site traffic with proper HTTPS cert management.

Reassess the role of static IP vs. DNS in P2P networking.

Evaluate whether all document sites (*.hyper.media) can be CDN-accelerated without breaking publishing or P2P routes.