I hope this is will be an additional listening port, lest we break the expectations that Virtualmin is accessible over port 10000 by default.
I’m guessing the check will be done for the ns records mentioned under the domain’s SOA info. However, this doesn’t necessarily mean that a certain hostname is proxied on Cloudflare.
Alternatively, a DNS (CNAME/A/AAAA) lookup then a comparison against the Cloudflare proxy IPs can be done to confirm.
IPv4 list: https://www.cloudflare.com/ips-v4
IPv6 list: https://www.cloudflare.com/ips-v6
And then there’s the decision to take when a hostname resolves to multiple addresses. Do we process them all? What if only some point to Cloudflare?
Gosh, why life is so complicated? 