MiahGroup — Infrastructure & DNS Reference

Accounts Overview

🧑‍💻

Public / Personal Account

miahnet@gmail.com

Cloudflare login · Published Viewer on Google Sites

🏢

Google Workspace Account

solaiman@miahgroup.com

Squarespace login · Google Sites owner · Admin Console

Login Credentials Storage

🔐 Credential Storage

Squarespace — login via solaiman@miahgroup.com. Username & password stored in Apple Passwords app.

Cloudflare — login via miahnet@gmail.com. Password managed by Apple Passwords. 2FA via Google Authenticator app.

Domain Setup

Registration & Hosting

Domain Registrar

Squarespace — Domain MiahGroup.com is registered here. Squarespace remains the renewal authority. DNS records were with Squarespace initially (free DNS service), registered with APNIC as the DNS authority for Australia region, which reports to ICANN.

DNS Host

Cloudflare — All DNS records transferred to Cloudflare. Squarespace still owns the domain registration but Cloudflare controls all DNS resolution and provides CDN, WAF, and Workers.

Cloudflare Nameservers

NS Records

april.ns.cloudflare.com
dion.ns.cloudflare.com

Naked Domain — A Records Required

For miahgroup.com (no subdomain) to resolve, you must have Google's IPs as A records. See the Google IPs section.

DNS Records

Current DNS Configuration

Type	Name	Content / Value	Proxy	Notes
A	miahgroup.com	`216.239.32.21`	🟠 Proxied	Naked domain → Google Sites
CNAME	*	`ghs.googlehosted.com`	🟠 Proxied	Wildcard — catches all subdomains
CNAME	www	`ghs.googlehosted.com`	🟠 Proxied	→ store site
CNAME	store	`ghs.googlehosted.com`	🟠 Proxied	→ /store site
CNAME	solaiman	`ghs.googlehosted.com`	🟠 Proxied	→ /solaiman site
CNAME	admin	`ghs.googlehosted.com`	⚪ DNS Only	DNS-only so custom URL shows in browser
R2	store.miahgroup.com	Cloudflare R2 bucket	🟠 Proxied	CDN image storage
MX	miahgroup.com	`smtp.google.com`	⚪ DNS Only	Google Workspace email (post-2023)
TXT	miahgroup.com	`v=spf1 include:_spf…`	⚪ DNS Only	SPF record for email auth
TXT	google._domainkey	`v=DKIM1; k=rsa; p=…`	⚪ DNS Only	DKIM for email signing
TXT	miahgroup.com	`google-site-verif…`	⚪ DNS Only	Google site ownership verification

⚠️

Proxy Status MattersWhen a CNAME is 🟠 Proxied, Cloudflare Workers intercept traffic. When ⚪ DNS Only, requests go directly to Google — Workers are bypassed.

Google Sites

Site Structure

Sites live as files on Google Drive under solaiman@miahgroup.com.

🛒storesites.google.com/miahgroup.com/store

homeaubdmyusuk

👤solaimansites.google.com/miahgroup.com/solaiman

homeaubdmy

🏢corporatesites.google.com/miahgroup.com/corporate

au

⚙️admin→ maps to store site

ℹ️

Pages vs SubdirectoriesThe geo paths (au, bd, my, us) are pages — not real subdirectories. The default/home page is shown to visitors from countries without a dedicated page.

How to Create a New Site

Go to sites.google.com → click + top-left, or copy an existing site.

Give the site a name. Create pages: home, au, bd, my, etc.

Click Publish → enter the custom domain path (e.g. store or solaiman).

In Google Workspace Admin Console → Apps → Google Workspace → Sites → Custom URL → map subdomain to site.

Share: set solaiman@miahgroup.com as owner, miahnet@gmail.com as Published Viewer.

Routing Logic

Traffic Flow

When Cloudflare proxy is ON, the Worker named "router" intercepts all requests and redirects based on the domain and visitor's geo-location.

User requests	Routed to	Notes
miahgroup.com	…/store/au/	A record + Proxied → Worker routes by country
www.miahgroup.com	…/store/au/	Proxied → Worker active
store.miahgroup.com	…/store/au/	Proxied → Worker active
solaiman.miahgroup.com	…/solaiman/au/	Proxied → Worker routes to solaiman site
corporate.miahgroup.com	…/corporate/au/	Proxied → Worker routes to corporate site
admin.miahgroup.com	admin.miahgroup.com/store	⚪ DNS Only → Worker bypassed, custom URL shown
[anything].miahgroup.com	…/store/au/	Wildcard CNAME catches all others

Country → Page Mapping

Geo Routing

🇦🇺 Australia → /au · 🇧🇩 Bangladesh → /bd · 🇲🇾 Malaysia → /my · 🇺🇸 USA → /us · 🇬🇧 UK → /uk

All other countries → default /home page.

Cloudflare Workers

Worker: "router"

Controls all traffic routing across all subdomains.

Deploy / Update

Cloudflare Dashboard → Workers and Pages

Click worker name → Edit Code → Cmd+A → Delete → paste new code → Deploy

Rollback: click Deployments → ⋯ next to any past version → Rollback

CDN Images — R2 Bucket

Cloudflare R2

Images stored in a Cloudflare R2 bucket. Custom domain store.miahgroup.com proxied through Cloudflare for CDN delivery.

Email & MX Records

Google Workspace MX Records

Current (Post-2023)

MX Record

smtp.google.com   Priority: 1

Legacy Values (Pre-2023) — Still Supported

aspmx.l.google.com
alt1.aspmx.l.google.com
alt2.aspmx.l.google.com
alt3.aspmx.l.google.com
alt4.aspmx.l.google.com

⚠️

DNS Transition WarningEmail stops working temporarily during MX record changes. DNS propagation can take up to 48 hours globally.

Known Gotchas

Cloudflare Proxy vs Custom URL

🟠

Proxied (Orange Cloud)

Workers active. CDN + security. Browser shows long Google URL. Custom subdomain URL NOT preserved.

⚪

DNS Only (Grey Cloud)

Workers bypassed. Browser shows custom URL. No Cloudflare CDN or Workers.

💡

Custom URL ActivationTemporarily set CNAME to Grey Cloud → wait ~30 min for Google Admin "Active" status → switch back to Orange Cloud.

One Domain, One Account

🚨

Google restriction — Google does not allow one domain mapped to two Google accounts simultaneously. Unmap from old account first.

Worker Must Be Proxied

⚠️

For Workers to intercept traffic, DNS record must be Proxied (Orange Cloud). DNS Only bypasses Workers entirely.

Google IPs — A Records

Required for Naked Domain

Add these as A records (Proxied) in Cloudflare DNS for miahgroup.com:

216.239.32.21

216.239.34.21

216.239.36.21

216.239.38.21

Google Sites CNAME Target

CNAME value for all subdomains

ghs.googlehosted.com

Access & Auth Summary

Full Access Reference

Service	Login Account	Auth Method
Squarespace (domain)	`solaiman@miahgroup.com`	Google OAuth · Apple Passwords
Cloudflare	`miahnet@gmail.com`	Password (Apple Passwords) + 2FA (Google Auth)
Google Workspace Admin	`solaiman@miahgroup.com`	Google OAuth
Google Sites	`solaiman@miahgroup.com`	Owner · Google OAuth
Google Sites (viewer)	`miahnet@gmail.com`	Published Viewer
Google Apps Script	`solaiman@miahgroup.com`	Anyone with Google account can access deployed web app