Infrastructure

Stack Overview

Component	Technology	Purpose
Static Site Generator	Astro Starlight	Documentation framework
Hosting	Cloudflare Pages	Global CDN, automatic HTTPS
Security	Cloudflare Access	Zero Trust authentication
IaC	Terraform	Infrastructure as Code
Deployment	Wrangler CLI	Cloudflare tooling

Project Structure

docs/
├── astro.config.mjs        # Astro + Starlight configuration
├── wrangler.toml           # Cloudflare Pages config
├── package.json            # Dependencies and scripts
├── tsconfig.json           # TypeScript configuration
│
├── src/
│   ├── content/
│   │   ├── config.ts       # Content collection schema
│   │   └── docs/           # Documentation pages
│   │       ├── guides/     # How-to guides
│   │       └── reference/  # Technical reference
│   └── env.d.ts            # Type declarations
│
├── terraform/
│   ├── main.tf             # Cloudflare Access resources
│   └── variables.tfvars.example
│
└── dist/                   # Build output (gitignored)

Deployment Pipeline

┌──────────────┐     ┌──────────────┐     ┌──────────────────────┐
│   Markdown   │────▶│  Astro Build │────▶│  Static HTML/CSS/JS  │
│   Content    │     │  (npm build) │     │  (dist/)             │
└──────────────┘     └──────────────┘     └──────────┬───────────┘
                                                     │
                                                     ▼
                                          ┌──────────────────────┐
                                          │  Wrangler Deploy     │
                                          │  (Direct Upload)     │
                                          └──────────┬───────────┘
                                                     │
                                                     ▼
                                          ┌──────────────────────┐
                                          │  Cloudflare Pages    │
                                          │  (Global CDN)        │
                                          └──────────────────────┘

Commands

Development

# Start local dev server with hot reload
npm run dev

# Preview production build locally
npm run preview

Build & Deploy

# Build static site
npm run build

# Build and deploy to Cloudflare Pages
npm run deploy

# Deploy to preview environment
npm run deploy:preview

Terraform (Infrastructure)

# Initialize Terraform
npm run tf:init

# Preview changes
npm run tf:plan

# Apply changes
npm run tf:apply

Configuration Files

astro.config.mjs

Key settings:

export default defineConfig({
  site: 'https://docs.sarafoleanu.com',
  output: 'static',  // Static site generation
  integrations: [
    starlight({
      title: 'SecureDocs',
      sidebar: [...],
    }),
  ],
});

wrangler.toml

name = "securedocs"
pages_build_output_dir = "dist"
compatibility_date = "2024-01-01"

tsconfig.json

Strict TypeScript configuration:

{
  "extends": "astro/tsconfigs/strict",
  "compilerOptions": {
    "strictNullChecks": true,
    "noImplicitAny": true
  }
}

Environment Variables

Variable	Purpose	Set Via
`CLOUDFLARE_API_TOKEN`	Terraform authentication	Environment
`CLOUDFLARE_ACCOUNT_ID`	Account identifier	terraform.tfvars
`CLOUDFLARE_ZONE_ID`	Zone identifier	terraform.tfvars

Never commit secrets to the repository.

Terraform Resources

When fully configured, Terraform manages:

cloudflare_access_application

resource "cloudflare_access_application" "securedocs" {
  name                       = "SecureDocs"
  domain                     = "docs.sarafoleanu.com"
  type                       = "self_hosted"
  session_duration           = "24h"
  http_only_cookie_attribute = true
}

cloudflare_access_policy

resource "cloudflare_access_policy" "email_policy" {
  application_id = cloudflare_access_application.securedocs.id
  name           = "Allow Specific Emails"
  decision       = "allow"

  include {
    email = ["user@example.com"]
  }
}

URLs

Environment	URL
Production	https://docs.sarafoleanu.com
Pages Default	https://securedocs-6vu.pages.dev
Preview	https://[hash].securedocs-6vu.pages.dev