Using Cloudflare Tunnels For Hosting & Certificates Without Exposing Ports On Your Firewall
Рет қаралды 176,967
Күн бұрынCloudflare Tunnel Docs
developers.cloudflare.com/clo...
pfsense HAProxy video
• (Updated Video In Desc...
Jeff's How I survived a DDoS attack
• How I survived a DDoS ...
Connecting With Us
---------------------------------------------------
+ Hire Us For A Project: lawrencesystems.com/hire-us/
+ Tom Twitter 🐦 / tomlawrencetech
+ Our Web Site www.lawrencesystems.com/
+ Our Forums forums.lawrencesystems.com/
+ Instagram / lawrencesystems
+ Facebook / lawrencesystems
+ GitHub github.com/lawrencesystems/
+ Discord / discord
Lawrence Systems Shirts and Swag
---------------------------------------------------
►👕 lawrence.video/swag
AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store
🛒 www.amazon.com/shop/lawrences...
UniFi Affiliate Link
🛒 store.ui.com?a_aid=LTS
All Of Our Affiliates that help us out and can get you discounts!
🛒 lawrencesystems.com/partners-...
Gear we use on Kit
🛒 kit.co/lawrencesystems
Use OfferCode LTSERVICES to get 10% off your order at
🛒 lawrence.video/techsupplydirect
Digital Ocean Offer Code
🛒 m.do.co/c/85de8d181725
HostiFi UniFi Cloud Hosting Service
🛒 hostifi.net/?via=lawrencesystems
Protect you privacy with a VPN from Private Internet Access
🛒 www.privateinternetaccess.com...
Patreon
💰 / lawrencesystems
⏱️ Time Stamps ⏱️
00:00 Cloudflare Tunnels
00:30 Requirements
01:42 Security Considerations
04:06 Demo Lab Setup
06:43 Documentation & Dashboard Setup
07:42 Creating Tunnels
14:41 Adding Application Security
#homelab #cloudflare #firewall
@bassjmr Жыл бұрын
I think it’s important to note that cloudflare tunnels have limitations. For exemple if you plan to use this to access stuff that require large file transfers like nextcloud, cloudflare tunnels are limited to 100mb per file.
@DaleCunningham_DBA Жыл бұрын
Thank you for this info.. that adds a lot of doubt into the mix for if I want to use it. I have large photos, videos and PDF documents that exceed 100MB Maybe Cloudflare wants a client to upgrade to get a higher threshold on the file sizes?
@ericesev Жыл бұрын
Also see section 2.8 of the terms. "Use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service or expressly allowed under our Supplemental Terms for a specific Service."
@3xpired3lements Жыл бұрын
I think this is false information, Cloudflare TOS only refers to non HTML content.The 100mb limit is per connection and not per file. You can have multiple connections... I can upload 10G files just fine
@LAWRENCESYSTEMS Жыл бұрын
I don't see that in their documentation developers.cloudflare.com/cloudflare-one/account-limits/
@LAWRENCESYSTEMS Жыл бұрын
No hard limit, but it's at their discretion for free accounts. "Use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service or expressly allowed under our Supplemental Terms for a specific Service" www.cloudflare.com/terms/
@adamisherwood6708 Жыл бұрын
You never fail to give me practical new information on new systems. Thanks 😀
@KenPryor Жыл бұрын
I've been using this service for 2-3 months and I love it. Easy setup and it works very well. I'm stuck behind CG-NAT making self-hosting difficult, but Cloudflare tunnels have made life much easier.
@pablogc2008 4 ай бұрын
Very informative. That extra layer of security was exactly what I was looking for
@monirulislammonir 5 ай бұрын
thanks so much for your detailed videos - I have been struggling since last couple of days to fix the cloudflare tunneling problem with my docker container and continuously watching videos on youtube. But your video help me to resolve the issue, thanks again.
@tacioandrade Жыл бұрын
This service is brilliant, I had superficially seen something about it, but I hadn't tested it yet, now with this video, I'm going to try to implement it in some personal project to test it and see if it fits in some current or future project!
@realMattGavin Жыл бұрын
It's hilarious how many times in the past year I've search this up to bypass ISP port blocking, and still haven't done it... maybe this will be the recemented video that makes me implement it.
@nixxblikka Жыл бұрын
This is why I love this channel - first time I hear of the TLS intercept, which is okay, but you have to be aware of this. None of the other pointed this iirc...
@Glatze603 Жыл бұрын
Best and most secure option to exposé internal services to the internet - and one that works with a cgnat, too 👍 Thanks for the video 😁
@sulaimanaldarmaki4773 Жыл бұрын
Thank you Lawrence for the videos, please upload more Cloudflare tutorials. great content
@Jarek. Жыл бұрын
Thank you Tom, very informative. One point I missed is - how to handle HTTPS certificates and if clouldflare can handle more sophisticated URL manipulations (rewriting)? I'm trying to understand if this could replace also my reverse proxy. I wish all best in 2023🎉😊
@KeithWeston Жыл бұрын
Excellent - as is your usual standard. Thank you.
@lespinoz Жыл бұрын
I started using this to have my college labs accessible when out of home. Making code changes real time and see them implemented makes life a lot easier.
@Dotcomtipsandtricks 9 ай бұрын
Could you please share with me how you did that on windows?
@lespinoz 9 ай бұрын
@@Dotcomtipsandtricks let me compose something later today and share it with you once done, but will for sure provide help!
@bjornmuh Жыл бұрын
Very good intro to bring awareness around who you bring into the trustcircle
@LucS0042 Жыл бұрын
With the 'bug' you mentioned at the end, you can go to your DNS settings in cloudflare, and delete the subdomain forward manually
@LucS0042 Жыл бұрын
I'd love to see you run your ssh connections through a tunnel. I've only managed to do it with their in-browser ssh client, and not through a remote terminal.
@cloudagnostic Жыл бұрын
Great video Lawrence! I self host Guacamole and have a custom domain pointing to it, but I think adding the extra security layer Cloudflare offers is a good idea.
@Jordan-hz1wr 2 ай бұрын
I’ve done the exact same thing for our MeshCentral instance.
@teklynkvideos Жыл бұрын
Thanks for the tutorial. I was able to set this up to point to my Plex server and Owncast instance. I previously had these behind an nginx proxy. Plex and Owncast use websockets and was tricky to configure all of that in Nginx. Using Cloudflare tunnels, everything just works! no more nginx reverse-proxy configs and struggling to get it configured correctly.
@MrShinig4mi Жыл бұрын
all good thanks for cover it step by step. I discover also that you can combine tailscale network and cloudflare tunnel to host something that isn't on the same network
@MikeMcGrath Жыл бұрын
If you go into your DNS settings in cloud flare for that domain you can remove them manually if you do it backwards.
@sking379 Жыл бұрын
Awesome video Lawrence, you got me out of a pickle, unfortunately, I followed another youtuber's video, but he failed to provide one very important detail regarding TLS verification..! Thanks
@danchase1831 Жыл бұрын
I’ve experienced the same DNS “bug” when deleting a tunnel and needed to manually delete the DNS entry to reuse the subdomain when I started setting things up and testing. However, later when I set up different tunnels and eventually deleted them after testing, the DNS entry was deleted with the tunnel. So it hasn’t been a consistent bug for me, and may be related to the process taken when deleting.
@JamzYaneza Жыл бұрын
I encountered that small nuance of not being able to adding back/renaming to a hostname that I had previously used. When you create/add a Public Hostname under Tunnel it creates a new CNAME in your DNS, and this doesn't get automatically deleted probably more of a safety feature since DNS propagation usually takes time. Delete the CNAME entry and you can go about the rest of the day.
@mikescott4008 Жыл бұрын
Many thanks. Will certainly be looking at this and interesting you referenced it re Bitwarden which is one of my potential use cases. Originally I was going to do bitwarden self hosted with vpn. Cisco CBD build to be done next week too.
@-Giuseppe Жыл бұрын
great stuff! exactly the solution I need, thanks a lot for sharing this.
@chrisumali9841 Жыл бұрын
thanks for the demo and info, have a great day
@kendallrandleas8651 Жыл бұрын
Saved me for an issue I was having, thank you very much!
@DJ-Manuel Жыл бұрын
Damn… I already thought I must have a look at Cloudflare Zero Trust Platform, but still havent come around doing so. Thanks to this video, I now know I DEFINETILEY need to have a look at as soon as possible…
@chucksw1 Жыл бұрын
I run this as an add on in Home Assistant, works great!
@malachis1447 Жыл бұрын
A few things to note: end-to-end encryption can be achieved by specifying a trusted CA and an expected hostname within the cloudflare zero trust dashboard. Also, docker isolated networks are a MUST if you're going to host other containers/services that you don't want exposed to the internet
@nixxblikka Жыл бұрын
Can you maybe please elaborate in more detail how to achieve end-to-end encryption? Unfortunaly I cant post links, but googling said it works with enterprise accounts...
@JohnsonJLB Жыл бұрын
Which CA is best bang for buck? Verisign, GoDaddy, Digicert? Any other?
@malachis1447 Жыл бұрын
@@nixxblikka So I self host my own PKI, and in the Zero Trust panel, I specify the location on the internet where cloudflare can pull the CA cert from, and then specify the host name that cloudflare expects from the certificate
@Zeric1 Жыл бұрын
@@malachis1447 The only thing I found in the docs was how to "deploy a custom certificate" which encrypts the connection between the end user and the cloudflare gateway with your own cert (and only on enterprise plans). Perhaps yare are talking about something else as the "deploy a custom certificate" doesn't prevent cloudflare from reading your data (the man in the middle issue). Can you be more specific on how you set things up to get true end to end encryption (no man in the middle concern)?
@malachis1447 Жыл бұрын
@@Zeric1 the only place that you're "deploying a custom certificate" is internally, in the webserver in your network that you want cloudflare tunnels to connect to (something like a self signed certificate that cloudflare will trust the CA and specific hostname, once you've specified that setting in Cloudflare Zero Trust). Externally (for the end user), the certificate still says Cloudflare
@richardlewis2096 Жыл бұрын
Excellent video, very easy to follow and I have now restructured my remote connections using cloudflare tunnels and added another layer of security.Thanks!!! One thing I noticed when testing though was that I needed to set the email rules to 'Require' rather than 'Include' for the restrictions to work as described in the video.
@fotografm Жыл бұрын
It won't let me save with required rule unless include rule is also present.
@TheBeardedLibertarian 9 ай бұрын
need both
@shrenikshah8882 4 ай бұрын
How to transfer or copy/paste windows files/directories to novnc servers?
@pdp8 Жыл бұрын
Excellent demo! Question do they offer an agent that would enable private tunnel access with 2fa? This way you could enable access to all containers with a wildcard and not expose all the names in public dns,
@dezejongeman Жыл бұрын
awsome. I saw it elsewhere, but not seen the additional security layer. there is only the risk that cloud flare going for the free security to paid in some years.
@TheBeardedLibertarian 9 ай бұрын
thank god for u, everyone missed the tls setting
@unkreativnet 5 ай бұрын
Thank you for this video. Answers a lot of questions I have :-)
@dadelpe Жыл бұрын
@Tom thank you for this.. you solved my issue.. I wasn't activating the "No TLS Verify" so it wasn't working..
@captgrant Жыл бұрын
This worked excellent. So many layers and no holes in the firewall.
@stefanbehrendsen330 Жыл бұрын
I'll have to give this a try. I actually had to solve this exact problem for a server I was building last year. I ended up using zerotier sdn connecting the homelab vm's to a droplet with a public IP, and using ipforwarding and ipchain to build a frontend for it. the droplet has the ssl cert, and dns records pointing to it. It follows the iptables rules to forward specific traffic over the zerotier virtual network to the local vm's and back.
@propeto13 Жыл бұрын
Cloudflare tunnels, this is the way. Also the Web Application Firewall (WAF) they offer for free only adds additinal layers of security. You can make firewall rules to block traffic before it ever hits your network/servers/applications.
@yankee-in-london Жыл бұрын
Hey Lawrence, just wondering if you've tried the client configuration option (versus configuring on the zero-trust dashboard). I suspect you'll find this more helpful and it may also address the "bug" you mentioned in the video (at end).
@LAWRENCESYSTEMS Жыл бұрын
Have not tried it, still an odd bug.
@kingmatqc Жыл бұрын
Awesome video ! Thank you very much !
@afcasidel4933 Жыл бұрын
Thanks for this video, cloudflare is the best 💯
@JohnMandersonBM Жыл бұрын
Great video as always. Is there a way to create a RTSP stream connection to an internal camera?
@greenduckgamer 3 ай бұрын
Super helpful! Thank you!
@colin79666 Жыл бұрын
Can confirm this works well on a Raspberry Pi with the Debian Buster ARM 32-bit package 🙂 Can now access NUT UPS monitoring to see more detail of what is going on when I receive the dreaded email to say my UPS is on battery. It wasn't something I wanted to publicly expose and can't anyway due to my ISPs CG-NAT.
@AdamsLab Жыл бұрын
VPNs don’t exist? 😊
@colin79666 Жыл бұрын
@@AdamsLab Not behind CGNAT without something extra in the middle.
@tomstechnews Жыл бұрын
Hi Tom. Thanks for this great content! I successfully use CF tunnels to expose home services a good while. Using "Applications Policies" in conjunction with "Access Groups" give me a granular way to lock down certain services to special groups of users or devices (by country, ip-address ranges, e-mail addr). Using special "identity provider"s for certain applications provides more flexibility also. The use tunnels depends a lot of "trusting" CF. Controlling the SSL-endpoints is a real responsibility for CF. Hope that CF never suffers a data breach or use our data for their own purposes. Than the "shit hits the fan"... A good an successful year 2023 for everybody! See you next year (in 1 day) 😀
@fredzibulski3111 Жыл бұрын
great video I love and use Cloudflare myself. any plans to make a video on combining it with Authelia for extra security ?
@LAWRENCESYSTEMS Жыл бұрын
No, because I don't use it or have any plans to start using it right now.
@namelesuser Жыл бұрын
Hey there. Not sure if you’ve figured out the bug already, but in case you haven’t. When you create a new public hostname, it’s actually creating a new CNAME entry in your DNS records. When you delete a tunnel before the hostname, you just need to go delete the DNS entry manually before you can recreate one of the same name. Deleting the public hostname “correctly” simply removes the DNS entry for you. Hope this helps!
@sitemech1515 Жыл бұрын
Great Vid, what about set up for a RDP connection? I can't seem to get this to work
@NonyaDamnbusiness Жыл бұрын
Also, folks should consider setting memory limits on their Docker containers in case one runs wild and starts using up all the RAM on the docker host. It helps prevent problems down the road.
@sebastian05000 Жыл бұрын
How do you add limits on each docket container or how to add it in a docker compose file?
@skorpion1298 Жыл бұрын
@@sebastian05000 use portainer. It’s super easy with it.
@sebastian05000 Жыл бұрын
@skorpion1298 Never used it tbh will need to learn it as well how to make my setup of docker compose files work without any issues. I simply used commands as well the Synology GUI of docker.
@skorpion1298 Жыл бұрын
@@sebastian05000 afaik you can also use compose files or commands in portainer. It’s pretty easy and there are plenty of tutorials out there :)
@TheSJamG Жыл бұрын
Great video, thank you very much - earned a new Subscriber here! Couple of questions: 1. Following on from your last video, I decided to ditch lastpass and am now hosting my own BitWarden, but would like to add another level of security when not going to the url from my home (which I have managed), but the sync in the app does not connect due to the Application Policy, is there a workaround to make this more secure? 2. I have a dynamic IP address at home and would like to make sure the IP in the application policy updates - is there a way to do this? Thanks and keep the great videos coming!
@LAWRENCESYSTEMS Жыл бұрын
1. not sure, not something I have tested. 2. no way that I am aware of.
@jean-francoispelletier6934 Жыл бұрын
I do use it from before it changed of name. It was in beta, right now why it is free it is for gaining clients also if they do updates it is on the free before as if it broke the payed clients wont get the error as they will correct the error before. I used it for years as I am hosting at home on DHCP from my ISP and with it changing IP wont do me any thing. It is super repliable, safe and easy to configure.
@ThePopolou Жыл бұрын
Seems that UDP is also a supported service on the Cloudflare Tunnel so technically, you can use the tunnel to manage your Unifi setup AND have the inform URL set to point to it. Has anyone given this a go?
@nonkelsue Жыл бұрын
Great video again, appreciated! Someone already asked the question but so far I've not seen a response to it. How would these Cloudflare tunnels compare to other popular solutions nowadays such as Tailscale or Zerotier? Any views on that you want to share Tom?
@LAWRENCESYSTEMS Жыл бұрын
Tailscale or Zerotier are overlay networks , this is a reverse proxy they are not the same thing at all.
@nixxblikka Жыл бұрын
@Nonkel: Main difference: With Tailscale / Zerotier the end point needs to be setup, here you do expose a servive to the internet, they great advantage: you do benefit from all security cloudflare provides, compared to a (mis)configured firewall at home. however without the shown security layer from Tom, you need to trust the implementation and setup with the client. Also too: The fact CF can intercept all traffic is a downside for me. Apart from media streaming I wouldnt know, what I want to share with them... although someone above explained to achieve real end2end (by pointing to a CA i think)
@mathesonstep Жыл бұрын
This is crazy easy and cool I am gonna be using this!!! I still find it crazy its free
@danielberma 10 ай бұрын
Hello, this is a great video and convinced me to use Cloudflare Tunnels instead of reverse proxy. A question though: is there a possibility to add wildcards? I want to run a Wordpress Multisite but dont want to log in to Cloudflare and add another tunnel every time I add a new site. Also, if there are issues removing a tunnel I may have to rethink this.
@BillyDickson Жыл бұрын
That looks really interesting, I'm currently using wireguard on pfsense, but I'll definitely have a play with that. As always, thanks for your excellent videos.
@RickMyBalls Жыл бұрын
the plural of video is videos
@BillyDickson Жыл бұрын
@@RickMyBalls So it is, thanks, I've amended the comment.
@jadamsnz Жыл бұрын
It occurs to me that this might be a way to "expose" my webserver to fellow residents of the retirement village I live in and build a community portal. I'm behind a double NAT and I'm running WordPress on IIS (because I know IIS...). Thoughts on using Cloudflare Tunnels for this purpose?
@misteryu6819 Жыл бұрын
This is great,would definitely try it, but do you need to purchase the SSL certificate for your own domain for this?
@LAWRENCESYSTEMS Жыл бұрын
nope, they handle the SSL cert
@Quayleman123 Жыл бұрын
I already use this with a synologydva and Google OAuth. The only downside/ issue I have is not being able to access it via a mobile phone app DSCam.
@davideliseu7727 Жыл бұрын
Hi there, Do a vídeo explain service access with CF, like RDP, SQL SSH. That Will be great too!
@phenoumene Жыл бұрын
Hi Lawrence, thanks for your video. A question on a detail. I've installed Portainer and set a Cloudlare tunnel with Docker. When I go to the cloudflare container, to check the logs as you do, mines are empty. Which doesn't seem normal. Should I do something to make these logs visible? thanks
@mo3k Жыл бұрын
Can you please provide some details on your video camera/mic setup? Video and audio are A+ [If I was to guess, Blackmagic 6K]. Do you edit with After-Effects/Premier Pro or something like DaVinci? Thanks! - big fan from neighborly ann arbor :)
@LAWRENCESYSTEMS Жыл бұрын
I have a studio tour here kzbin.info/www/bejne/rJishWxsns6IbZI
@JaedenHudson Жыл бұрын
The DNS bug happened with me too. I found out I had to manually delete the DNS Records it made on my main account page (not the zero trust page), and then I was able to make sites with those names again.
@junkmauler Жыл бұрын
This is one of those awesome tools similar to ZeroTier One that once you hear about them you are super glad you know exist!
@m19mesoto Жыл бұрын
I am wondering what could be the potential Performance of those tunnels, packet per second etc. Also how could I make them Highly Available mode, Option1 k8sbut again some many options can I run them in replica set. The intention would be complete firewall / load-balancer replacement for large busy websites. What are your thoughts based on my comments?
@fotografm Жыл бұрын
Great video ! I set policies to "email" for each of my services. Is it a bug that once I succesfully accessed one service using the emailed PIN, I can then access all of the other services on the same tunnel without being challenged for an email PIN ? Or does the browser store a cookie allowing access to all services once I have successfully accessed one of them ? If I set a different email address for each service then this "bulk authorisation" disappears. I found that setting the "session duration" to "no duration" prevents this behaviour.
@razmus9708 2 ай бұрын
Really good. Thanks
@perjensen1824 Жыл бұрын
Hi Lawrence, couldn't you make a video with RDP through Cloudflare.
@maciofacio364 Жыл бұрын
Nice video, for most of use cases free plan is enough, but always it is a free so it needs to be limited, to encourage you to buy premium ;). Tom thank you for that.
@andoniortiz4774 Жыл бұрын
Hi you are great!! it's possible protect the tunnel access with mutual tls for authenticated the clients? because the apps behind the tunnel has auth. like a "MFA" cert + user + pwd
@alexie4241 Жыл бұрын
5:09 you made a small spelling mistake (Descsription). Anyway, love your videos!
@fossdom5568 Жыл бұрын
Great! How is this compared to Netmaker
@stefana1257 Жыл бұрын
Can you make a video "How to add cloudflare tunnels to OpnSense". Please I realy like your videos. Fantastic work !
@LAWRENCESYSTEMS Жыл бұрын
I don't use opnsense
@koset Жыл бұрын
Lawrence, I tried what you did with uptime-kuma, but Cloudflare treated it as an http URL. It doesn't wrap it in https for me the way it did for you. The TLS tab doesn't appear when I set the target service for http. What might I be missing? Thanks.
@mt_kegan512 Жыл бұрын
Awesome! Thx as always Tom. If it's free give me three (secure tunnels)
@CaptZenPetabyte Жыл бұрын
Might seem like a stupid question, but ... can you add the main domain *and* sub-domains *or* just a list of sub-domains
@DaleCunningham_DBA Жыл бұрын
Great Video -- How would I use TrueNAS Scale to host this Cloudflare client? Does the TrueNAS Scale machine need a VM host to these objects or can the Docker be managed by TrueNAS itself?
@LAWRENCESYSTEMS Жыл бұрын
Don't know, I have not tested.
@costenalolek973 Жыл бұрын
cloudflared from truecharts
@cyberjohn44 Жыл бұрын
Great Video 👍
@dmcginnis427 Жыл бұрын
Fantastic!
@jansufin3102 Жыл бұрын
Any particular reason to use this instead of Tailscale? Apart from needing Tailscale on both the server and the client?
@monkeysausageclub Жыл бұрын
Just a quick question. Will the cloud flare docker also point to services that are not running in docker? Say a Nextcloud snap image.
@LAWRENCESYSTEMS Жыл бұрын
Yes, it can talk to anything on reachable on the network it's attached to.
@Elliot9874 Жыл бұрын
Is like the lazy man trafik? Also what happens if your internet goes out at home? Are you still able to access local services?
@cheako91155 Жыл бұрын
I know this is a bit difficult with docker containers... but can the connections, you were using 192.168.x.y:z, be unix domain sockets?
@LAWRENCESYSTEMS Жыл бұрын
Not sure
@sammo7877 Жыл бұрын
yay i got the 1k like - nice video btw
@TotemTed Жыл бұрын
How does this compare to a Tailscale setup latency/throughput wise for streaming video (plex/jellyfin)?
@apbirch Жыл бұрын
Thanks!
@fodi123 Жыл бұрын
Can you also block some parts of an open service? Like restricting only the admin page of a tunneled bitwarden install
@LAWRENCESYSTEMS Жыл бұрын
Maybe, I did not test all the features.
@BENTUN1T Жыл бұрын
I feel like this would be a good solution for the Minecraft servers I host for my kids and their friends?
@mr_fukiyato Жыл бұрын
What about the data transferred via client tunnel? E.g. What if I transfer a large amount of data through my application? Is there any additional payment for this?
@LAWRENCESYSTEMS Жыл бұрын
They don't have any clear bandwidth limits it seems to be at their discretion
@bobburger7508 Жыл бұрын
Lmao the name happen to me as well. Also thank you for the extra layer of security settings
@capps1994 3 ай бұрын
its possible that it was eventual concistentancy, there is also the possibilty that they just let the ttl run out ?
@jonathangalloway9147 Жыл бұрын
What happens when you are on the same local network as the Cloudflare "endpoint" and you are requesting services on that local network with that same DNS entry... does the traffic route out of that "local" network and then back through the tunnel?
@LAWRENCESYSTEMS Жыл бұрын
Your DNS need to point to cloudflare inside or outside and it will route out and back.
@JerryWoo96 Жыл бұрын
I need to use Traefik's reverse proxy services. Is there an option to route wildcard subdomain through cloudflare tunnel?
@Koaki913 Жыл бұрын
I am trying to create a tunnel for Kavita but when I put the local URL at the Route Traffic for "TunnelName" it says URL is required despite me putting a URL into that spot. I've confirmed the service is running, and the URL is correct.
@yakk0dotorg Жыл бұрын
I’ve been looking at this. Would it be a safer way of self hosting a Bitwarden vault while making it accessible to clients outside your network?
@LAWRENCESYSTEMS Жыл бұрын
Safer than just exposing it.
@jacksoncremean1664 Жыл бұрын
do keep in mind you do not have to use Cloudflare to have a secure Bitwarden instance, but it sure does make it easy. If you're not comfortable being MiTM'd by Cloudflare then there are other options.
@sebastian05000 Жыл бұрын
@@jacksoncremean1664 Any examples of the other options? Since I am interested to know those
@jacksoncremean1664 Жыл бұрын
@@sebastian05000 ModSecurity is a really good option for securing websites, but it's a bit difficult to use. CrowdSec is another great option which works really well with ModSecurity.
@sebastian05000 Жыл бұрын
@@jacksoncremean1664 thanks will read about both to see the differences as well to learn even if it's difficult to use.
@weisstdudochnicht1 Жыл бұрын
Is there an elegant way to use cloudflare access for the whole domain, except 1 subdomain/ public hostname?
@rickyc5860 Жыл бұрын
you should add or make note that the vm you made must be able to access resources. I had a firewall blocking my vm from accessing resources on different vlan from where i had tunner hosted
@LAWRENCESYSTEMS Жыл бұрын
I did when I showed the network layout
@chromosome24 Жыл бұрын
How are requests sent to the host without exposing ports in the firewall? Does does the cloudfare daemon on the host restrict port forwarding to a specific IP source?
@LAWRENCESYSTEMS Жыл бұрын
Yes, it's all controlled via the Cloudflare tool
@nabukodonosor777 Ай бұрын
At 12:57 you say "this has got a self-signed certificate"...How did you do that? Can you do a video on that?
@LAWRENCESYSTEMS Ай бұрын
By default Synology has a self signed certificate.
QAZSPORT TV / ҚАЗСПОРТ TV
Рет қаралды 189 М.
Jim's Garage
Рет қаралды 39 М.
Lawrence Systems
Рет қаралды 62 М.
Raid Owl
Рет қаралды 344 М.
Thebox - о технике и гаджетах
Рет қаралды 148 М.