Hello everyone, I’ve recently set up a small home server routing my domain through cloudflare. Also, for reference, this server isn’t incredibly top-secret (it’s an art portfolio for my SO) I would just like to be as security conscious as a noob can be. When I bought the domain I instantly linked it to cloudflare before ever even touching my server so-as to hopefully mitigate whois leaks, but recently I’ve noticed when searching www.mydomain.com, shodan and censys return 0 results which I find promising. The bad part is when I just search mydomain.com, shodan and censys show that my home IP address returns the following:
Results for MY_IP: HTTP/1.1 301 Moved Permanently Server: openresty Date: TODAY Content-Type: text/html Content-Length: XXX Connection: keep-alive Location: https://mydomain.com
Meaning that when searching for mydomain.com, we are presented with the HTTP headers from my home ip address, redirecting traffic to mydomain.com. I’m using AOPs but I am not using the Argo tunnel and I’m wondering if that is my problem? I’m using the free cloudflare plan and just have an http server running. I understand this problem is purely from misconfiguration on my part, so any help would be greatly appreciated. (Also any future tips are great as well). Thank you all for the help!