most config is known and already described in cloudflare.com itself but there's a step "little known" that I "discovered" thru Gemini: before creating the redirect rule go to DNS and add the following records A: @ -> 192.0.2.1 (Proxied) CNAME: www -> @ (Proxied) so that traffic hits cloudflare