I did this for some self-hosted services that my wife accesses. Limited access to my email and hers with Google authorization. Passes the wife test and quite secure so I'm happy!

Thank you for this very good video as usual, PLEASE do the Authelia / Cloudflare Tunnel Video 🙂

For those exposing docker services to cloudflared, make sure said services are part of (generally) the 'bridge' network. Don't ignore docker networking when troubleshooting!

Hi buddy, Thanks for all the videos. They're always accurate and straight to the point. Thanks! Just one note: could you slow down a little? I find myself having to rewind 5 seconds about 50 times in a single video. Still, they’re great, and I’ve definitely subscribed. I’d just love to see a slower pace; I understand the videos will be longer, but (for me) it's worth it.

Wonderful😃..Thanks a lot, very helpful 🙏. Would love to watch more such videos related to CloudFlare since it is growing with lots of new features.

THIS! This is the video I've been searching for. Thank you so much for helping me get my subdomains locked down with Google.

Thanks for this one. I understand the implementation so much better now I have walked through it while pausing the video. keep them coming.

Fantastic!! I had a CF Application authenticating with the one-time email code, but I've been struggling with the Google authentication. Afgter following along with your video,...IT WORKS! Thank you for all you do!

Been a long time follower, I would love to see some videos on using NGrok and Cloudflare used together !

Great content! Please do the Authelia / Cloudflare Tunnel Video

Hi David. If I enable Google or Github auth to protect a Vaultwarden (running in a tunnel) instance what will happen to the Chrome Extension or the Android app? will I have access to these or I need to setup exclusions like in Authelia?

Thanks for this! Looking forward to the Authelia integration as well! Using this to access my local Radarr and Sonarr applications because they have no auth. This should block access to people not approved but Authelia would be ideal.

Excellent. Just the video I was waiting for.

Great vid love the cloudflare tunnels vids use them on my network and always learn so much from ur vids thanks

Thanks David! Very easy to follow

Thanks for doing this, I feel safe now

did you add firewall rule allow access for this ip 0.0.0.0/0 on GCP ? actually I create wordpress on GKE and I want to restrict access to that wordpress using cloudflare , but I didn't know how to do that. I following your instruction using cloudflare, but the WordPress site still can be accessible for public

Thank you for your time and effort with this videos, it really really really helps a lot!!

If I had known you were going to do all the hard work, I would have waited for your video. Alas, I took inspiration from your last video (and helpful comments) and figured it out about 24 hours before this video went live. Now for bonus points - I'm currently investigating using Google SSO for Portainer to auto sign me in too - The steps in the portainer documentation are nowhere near as helpful as Cloudflare's. Thanks again for the helpful videos!

While I greatly appreciate your video on setting up Cloudflare Tunnels, there is a snag I've run into. I cannot get my domain through tunnels to connect to my Proxmox box, but all the VM's and Docker containers on it work with no problem.

When I set this up, it only works as shown in the video in an incognito window. When I try this in a normal browser window, it appears to want to load my application (since I am already signed into google on my browser), but then I end up with a white screen. Is there something I am missing?

These videos are incredible.

if people only knew how powerful this content really is....Thank you! @DBTechYT

Thanks, great tutorial and comment for the algorithm.

Sir, Please can you help me one thing i am using cloudflared tunnel for my winodows 10 pc, I can access webserver using 80 port from outside but when i am going to use RDP i cant not access from outside from my home. Please can help me.

Excellent videos, really useful! Have you played with the Private Network feature within the Zero Trust Tunnel? Is it useful at all?

Followed step by step and it worked flawlessly! Thanks!!!

great job DB

Works like a champ. Thanks!!!

My company uses gitea instead of github .. is there any option to check. Else authelia we use these two things.. Any advice or suggestions Vijey

Thank you for such series. Really helpful, built myself at least 5 self hosted programs. Do u have any plan on making one for Nextcloud AIO docker+portainer+cloudflare tunnel? I tried it but sadly after enabling nextcloud containers part, the initial a logging doesnt work sadly with tunnel, it says bad tunnel.

Very interesting video. Thank you for your hard work! Quick question - will this result in having to authenticate via Google or GitHub (in your case) even if I'll try accessing the application from internal network?

yes, please to a video with authelia and cloudflare

Great video as always! My question is how this affects other clients that are not browsers (i.e. Nextcloud, bitwarden, jellyfin, etc android clients). As I would like to setup this, but my concern is that they don't know how to interact with the new layer

thanks you for making this video this is what I wanted a video about becuse it is so complicated.

maybe do setup of SSO provider like Authelia Authentik Keycloak tutorial and integration more content to come!!

How this works for things like Plex and Vaultwarden where you have an app running in your phone ?

Very helpful - This will help me. I recently set up Authentik (very cool app) it is better then Authelia. I followed Cooptonian to set to configure it and just used the Authentik site with and .env file for email etc. Very cool though this will help me setup SMIL and cloud flair instead of Google or Github. :-)

I wish I could find documentation on how to add a custom logo to the auth page (or to customize it further than the application OAUTH page) This was very helpful though. Thank you

Hi David, great video as always. Can you tell me what happens if you pick one of the other Gmail addresses. One that hasn't been given access. Does it handle it gracefully? Does it let you in anyway? Many thanks.

Very helpful, thank you!

All this after I setup my Nginx container :( thanks for the vid!

Thanks, David. I'm curious about how to use multiple identity providers, e.g. check for an included ip and if that fails then verify by email or github. Can you explain the difference between "include" and "require"? I suspect they are implementations of boolean ANDs/ORs but I am just guessing.

thanks so much. it finaly works

Great video thank you for sharing.

how to add multiple email in the google authentication?

Thanks man

is anyone else having trouble getting this to work. I setup the self hosted app but it is not restricting access to my tunnel

I have an application which uses a specific port and was wondering how you can use the method described in this video to do this.. any help is greatly appreciated.

it was working then i suddenly started getting errors for both Google and Github, "Unable to find your Access organization! It appears that you have attempted to reach an invalid URL. Please enter a valid team name." i have gone into settings and copy and past what i see is the team name.... just wondering if someone else has this issue

Great tutorial 🙌

Any option to use the tunnel for other protocols, e.g. RDP?

Well this doesn't play nicely when trying to access your staging server's API endpoints. It keeps asking to authenticate with github :(

Hi @DBTech, nice Video! I have a question. How do I restrict access with Google authentication to all of my Cloudflare tunnels with a single policy? If I just leave the subdomain blank, there will be no authentication anymore. If I put subdomain in, authentication is working fine, but only for that singe sub. Would be nice If someone could help me.

Best!

Awesome as always bro , if possible can u do a video on setting up samba on cloudflare tunnels

This not working I add e-mail verification and remove. Everybody with mail still can has access

What a legend

one thing that stumped me - that might help someone else. if you only want github access with NO email access. You must go to cloudflare zero trust/applications/authorization - then select add 'login methods' as the selector and 'Github' as the value. other wise you get a login error (That account does not have access)

Is it possible to add multiple authorized email addresses this way?

Is it possible to use Nginx Proxy Manager with Cloudflare Tunnels ?

Are you using the paid version of cloudflare.. please advise

Thank you . 🌹🌹🌷🌷🌷

getting "Error 400: redirect_uri_mismatch" when trying to test google

Love u DB Tech...Ty from Brazil!

Can’t even transfer a simple TLS session. It has to be https or http or else it’s useless!

Also, I just posted in r/kasmweb about this....