Cloudflare: Difference between revisions
Brian Wilson (talk | contribs) |
Brian Wilson (talk | contribs) |
||
Line 39: | Line 39: | ||
# Install '''Cloudflare One Agent''' on smartphone. | # Install '''Cloudflare One Agent''' on smartphone. | ||
# On phone, use client to log in to my team. | # On phone, use client to log in to my team. | ||
== Keycloak IDP == | |||
https://wiki.brianturchyn.net/devops/keycloak-cloudflare/ |
Revision as of 00:36, 7 December 2024
Tunnels
Here is a guide, https://fossengineer.com/selfhosting-cloudflared-tunnel-docker/
Zero Trust tunnels use "QUIC".
Cloudflare is set to "Flexible" level encryption on SSL/TLS for the domains, which means traffic between Cloudflare and my servers is HTTP (but tunneled via Zero Trust and the tunnel encrypts) and any requests to Cloudflare in HTTP are automatically bumped over to HTTPS, and Cloudflare manages the certificates.
Log into Cloudflare
Go to Zero Trust
Go to Networks -> Tunnels
Click on a network (currently "Home LAN" or "Tektonic")
The sidebar pops up for that network. Click EDIT.
This brings up a page with a tab bar at the top, select Public Hostname that's where you will see this
In this example, wiki is running in a Docker in Bellman and vhpa is running directly.
So, I used the zero-trust subnet in Docker for Wiki and it has an internal IP address,
but for vhpa I used the host (bellman) ip address.
Since taking this screenshot, I have changed "hupi" to Tektonic since that's more descriptive.
Apparently the container_name entry in the Hupi compose.yaml is enough to identify the IP of the service for cloudflared.
So in Cloudflare under Public Hostname, the service description of http://hupi:82 is enough! I wonder how I ever figured that out? I used to be smarter.
When creating a new public hostname, you have to use a unique subdomain, for example "static.wildsong.biz" can't already exist as a separate DNS entry. The create will also create a CNAME that points to Cloudflare's service.
Cloudflare WARP client
- Install Cloudflare One Agent on smartphone.
- On phone, use client to log in to my team.