Cloudflare: Difference between revisions
Brian Wilson (talk | contribs) Created page with "== Tunnels == Cloudflare is set to "Flexible" level encryption on SSL/TLS for the domains, which means traffic between Cloudflare and my servers is HTTP (but tunneled via Zero Trust and the tunnel encrypts) and any requests to Cloudflare in HTTP are automatically bumped over to HTTPS, and Cloudflare manages the certificates. Log into Cloudflare Go to Zero Trust Go to Networks -> Tunnels Click on a network (currently bellman or hupi) The sidebar pops up for that netw..." |
Brian Wilson (talk | contribs) |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 8: | Line 8: | ||
Go to Networks -> Tunnels | Go to Networks -> Tunnels | ||
Click on a network (currently | Click on a network (currently "Home LAN" or "Tektonic") | ||
The sidebar pops up for that network. Click EDIT. | The sidebar pops up for that network. Click EDIT. | ||
| Line 14: | Line 14: | ||
This brings up a page with a tab bar at the top, select Public Hostname that's where you will see this | This brings up a page with a tab bar at the top, select Public Hostname that's where you will see this | ||
[[File:Screenshot from 2024-09-12 14-47-50.png|left|thumb]] | [[File:Screenshot from 2024-09-12 14-47-50.png|left|thumb]] | ||
In this example, wiki is running in a Docker in Bellman and vhpa is running directly. | |||
So, I used the zero-trust subnet in Docker for Wiki and it has an internal IP address, | |||
but for vhpa I used the host (bellman) ip address. | |||
Since taking this screenshot, I have changed "hupi" to Tektonic since that's more descriptive. | |||
Apparently the container_name entry in the Hupi compose.yaml is enough to identify the IP of the service for cloudflared. | |||
So in Cloudflare under Public Hostname, the service description of <nowiki>http://hupi:82</nowiki> is enough! I wonder how I ever figured that out? I used to be smarter. | |||
When creating a new public hostname, you have to use a unique subdomain, for example "static.wildsong.biz" can't already exist as a separate DNS entry. The create will also create a CNAME that points to Cloudflare's service.<br clear="all" /> | |||
Latest revision as of 21:58, 26 September 2024
Tunnels
Cloudflare is set to "Flexible" level encryption on SSL/TLS for the domains, which means traffic between Cloudflare and my servers is HTTP (but tunneled via Zero Trust and the tunnel encrypts) and any requests to Cloudflare in HTTP are automatically bumped over to HTTPS, and Cloudflare manages the certificates.
Log into Cloudflare
Go to Zero Trust
Go to Networks -> Tunnels
Click on a network (currently "Home LAN" or "Tektonic")
The sidebar pops up for that network. Click EDIT.
This brings up a page with a tab bar at the top, select Public Hostname that's where you will see this
In this example, wiki is running in a Docker in Bellman and vhpa is running directly.
So, I used the zero-trust subnet in Docker for Wiki and it has an internal IP address,
but for vhpa I used the host (bellman) ip address.
Since taking this screenshot, I have changed "hupi" to Tektonic since that's more descriptive.
Apparently the container_name entry in the Hupi compose.yaml is enough to identify the IP of the service for cloudflared.
So in Cloudflare under Public Hostname, the service description of http://hupi:82 is enough! I wonder how I ever figured that out? I used to be smarter.
When creating a new public hostname, you have to use a unique subdomain, for example "static.wildsong.biz" can't already exist as a separate DNS entry. The create will also create a CNAME that points to Cloudflare's service.
