Cloudflare

From Wildsong
Jump to navigationJump to search

Tunnels

Cloudflare is set to "Flexible" level encryption on SSL/TLS for the domains, which means traffic between Cloudflare and my servers is HTTP (but tunneled via Zero Trust and the tunnel encrypts) and any requests to Cloudflare in HTTP are automatically bumped over to HTTPS, and Cloudflare manages the certificates.

Log into Cloudflare

Go to Zero Trust

Go to Networks -> Tunnels

Click on a network (currently "Home LAN" or "Tektonic")

The sidebar pops up for that network. Click EDIT.

This brings up a page with a tab bar at the top, select Public Hostname that's where you will see this

In this example, wiki is running in a Docker in Bellman and vhpa is running directly.

So, I used the zero-trust subnet in Docker for Wiki and it has an internal IP address,

but for vhpa I used the host (bellman) ip address.


Since taking this screenshot, I have changed "hupi" to Tektonic since that's more descriptive.

Apparently the container_name entry in the Hupi compose.yaml is enough to identify the IP of the service for cloudflared.

So in Cloudflare under Public Hostname, the service description of http://hupi:82 is enough! I wonder how I ever figured that out? I used to be smarter.

When creating a new public hostname, you have to use a unique subdomain, for example "static.wildsong.biz" can't already exist as a separate DNS entry. The create will also create a CNAME that points to Cloudflare's service.