Not re-loading in a private window was what I was missing. I did everything you covered in your video on my own, and was confused why it wasn't prompting for authentication... Found your vid, skimmed to find what I needed and bam! Private window haha. Cheers
Hey! Just wanted to know how did you get those domain names? And where can I get them? If yes, where are the paid ones and few ones? How can we map it with cloudflare!?
What if you want Zero trust working with apps like Audiobookshelf to connect to Audiobookshelf server? The web login via authentication is fine for web based services but not apps. Is there a way to have a cloudflare app or service running on device trying to connect that will authenticate the device with Cloudflare and then allow connection for apps?
Excellent video, loving the channel👍. How would it work with VaultWarden or similar app which can't log in with the IDP web portal? Do you just expose it without that IDP part, while using the other Zero Trust settings like whitelisting country IPs?
In your application setting you can setup a new policy with a bypass rules based off location, IP etc which will completely skip the cloudflare auth. For example my Nextcloud app on my phone would get stuck trying to reach my service because of the Clouflare Auth page, having the bypass fixes that. I hope that was your question haha
@@Techdox related to other top comment/question ... Assuming you don't care about option to allow someone to access your Nextcloud install without setting up "VPN" (say for your parents that have gmail/facebook and can login through that) - it seems like TailScale on your phone and server with nextcloud instance would work for games/apps/etc.
Thanks for the video! It works and adds an extra layer of protection. However, it can be challenging for applications with mobile and desktop apps. For example, my self-hosted password manager couldn't sync or save new credentials. There might be additional settings needed, but I couldn't figure them out yet, so I had to remove the application protection. I'm hoping to find a way to make it work without breaking the desktop/mobile app features.
I had the exact same issue with Nextcloud. Providing you have a static IP or you will need to adjust it when it changed. You can add a bypass rule to your Application Policy in Cloudflare, for your Public IP, so anything coming in via that IP bypasses the rules and this will allow your apps to reach the service
@@Techdox Thank you! The bypass rule is working flawlessly! Hopefully, they update the rules to add support for DDNS for users with dynamic IP addresses. Also, is there a way for users with a shared link to bypass the rules and retrieve a file from the application?
Thank you for your nice works. I have some questions. 1. How much cloudflare turnel's network traffic price? (ex. AWS EC2 is '0.117$ per 1TB) 2. Can we use this as IP also? (Not domain) I hardly have found this, but I can't find it)
I could be wrong but Cloudflare tunnels are 100% free and there is no cap on traffic going through. You could use Cloudflare WARP which is a VPN to your services if you wanna connect via IP and not a domain name
doing tunnel will it have any effect on bandwidth let see my home has 200mb up/down limited tunneling to do on Cf do it originally getting more bandwidth now from cloudflare or tunneling is just to mask and secure ur home ip
What ports need or not need to be open in the fierwall for the tunnel? Today I have 80 and 443 open and pointing to my pihole and from pihole are some directed to npm.
@Techdox the TCP port (eg 6881) is used for incoming connections (for seeding) on qbittorrent. If not part forwarded some how then will it ever seed? Thanks
Interesting, I have not needed to open any ports for my container to seed etc, give it a go and see without port forwarding and let me know how it works@@timsavory9718
You show to use tunnel with docker of nginx. And i have question i don't see any valid reason to use tunnel when you after that use nginx which is anyway proxy pass + use cloudflare in front to protect ddos etc. Can you or someone explain if it's worht to use tunnel if i use anyway nginx to pass forward request?
Hi Man, So after u install the tunnel command in docker , I need more information on this whats the next step do you have any documents fot this pls thanks
You should be able to follow the steps I took on the video, once you have the tunnel running it should show as active in Cloudflare. Then you can setup your tunnel to expose your applications
Question I got everything to work, but on the padlock after I login it has a warning: Parts of this page are not secure (such as images). I see the error on Firefox, but not Google Chrome.
@@Techdox I am guessing it is because it used http for the ip address to connect to the local server and that is why there is a warning about mixed parts not secure. Anyway I am going to use proxmox and install a virtual machine for the Ubuntu server. I will see if the error still persists.
Your site is drawing resources from outside sources like Google fonts, but provided over http rather than https. W3 resources, for instance, often get hard coded as http. Find those references, make sure they can be accessed over https, and update your code. Fun, fun!
hey man, why doen cloudflare keeps going down, it is not consistently connected, only last for less than one hour, but i need consistent nad permanent connection, what should i do my friend , thanks
@@Techdox the http serve runs on a linkstack docker, and my host server keeps running all the time, but the tunnel just keep going down, i don't know why
@@ricgondo so you are trying to SSH into a server with Cloudflare and it’s not working? I might need some more context but there’s two things here. Cloudflare tunnel will allow SSH via their tunnel but if you want to be able to connect to your services like normal via ssh from your terminal etc, you can use Cloudflare WARP, it’s a client you download on your pc and acts as a VPN for all your services
@@Techdox I was able to expose the Nginx just like you did via docker... then I also installed a SQL Server docker, which can be accessed internally but after adding it to the Cloudflare tunnel Public Hostname like the Nginx in your video, I'm still not able to access it. The same goes to the SSH. Thanks!
So focusing on the SQL server first, when you say access it you mean accesing it via it's public hostname via something like SQL management server? - I'm not sure if you have Discord but feel free to join it, it might make it easier to chat :) - discord.gg/m6ZMZkPBUG
@@Techdox My Nextcloud docker on unraid. I tried the tunnel with http and https. One said the error above. If I changed it I got that cloudflare screen with server down.. I'm using nginx proxy manager if that makes a difference. It's fine if I just have is as a regular A name so I guess I'll leave it at that.
The process is the same besides the tunnel setup which you can still do via Docker or you can install following their windows steps. The rest is still identical
tunnel now live under Networks not Access in cloudflare if anyone is wondering
Thanks for that, yeah that’s tech for you. Always changing haha
They be changing stuff and where things live a lot. Makes more sense tbh but yeah, if you didn't know :(
Worked so hard didn't work, searched everywhere and didn't find the information i needed. But in this video i got everything i wanted! THANKKSSS!
Glad I could help! :)
Not re-loading in a private window was what I was missing. I did everything you covered in your video on my own, and was confused why it wasn't prompting for authentication... Found your vid, skimmed to find what I needed and bam! Private window haha. Cheers
Fantastic! Your Vaultwarden video and this one helped me get it running in Docker. I greatly appreciate your clear and concise explanations! 😊
Amazing introductory video to Cloudflare Zero Trust. It really helped me out with my project. Thanks
Easy to understand explanations. It works! Thank you.
Glad I could help :)
Fantastic video, just what I was looking for. Subbed!
Hey! Just wanted to know how did you get those domain names? And where can I get them? If yes, where are the paid ones and few ones? How can we map it with cloudflare!?
I bought most of these via Cloudflare itself and doing that it shows up in Cloudflare as an option to use them
Thanks for explaining so clearly. You are very helpful
You're very welcome!
What if you want Zero trust working with apps like Audiobookshelf to connect to Audiobookshelf server? The web login via authentication is fine for web based services but not apps. Is there a way to have a cloudflare app or service running on device trying to connect that will authenticate the device with Cloudflare and then allow connection for apps?
Thanks for this overview; it is very helpful.
Excellent video, loving the channel👍. How would it work with VaultWarden or similar app which can't log in with the IDP web portal? Do you just expose it without that IDP part, while using the other Zero Trust settings like whitelisting country IPs?
In your application setting you can setup a new policy with a bypass rules based off location, IP etc which will completely skip the cloudflare auth.
For example my Nextcloud app on my phone would get stuck trying to reach my service because of the Clouflare Auth page, having the bypass fixes that.
I hope that was your question haha
@@Techdox related to other top comment/question ...
Assuming you don't care about option to allow someone to access your Nextcloud install without setting up "VPN" (say for your parents that have gmail/facebook and can login through that) - it seems like TailScale on your phone and server with nextcloud instance would work for games/apps/etc.
Thanks for the video! It works and adds an extra layer of protection. However, it can be challenging for applications with mobile and desktop apps. For example, my self-hosted password manager couldn't sync or save new credentials. There might be additional settings needed, but I couldn't figure them out yet, so I had to remove the application protection. I'm hoping to find a way to make it work without breaking the desktop/mobile app features.
I had the exact same issue with Nextcloud. Providing you have a static IP or you will need to adjust it when it changed.
You can add a bypass rule to your Application Policy in Cloudflare, for your Public IP, so anything coming in via that IP bypasses the rules and this will allow your apps to reach the service
@@Techdox Thank you! The bypass rule is working flawlessly! Hopefully, they update the rules to add support for DDNS for users with dynamic IP addresses. Also, is there a way for users with a shared link to bypass the rules and retrieve a file from the application?
Thank you for your nice works.
I have some questions.
1. How much cloudflare turnel's network traffic price? (ex. AWS EC2 is '0.117$ per 1TB)
2. Can we use this as IP also? (Not domain)
I hardly have found this, but I can't find it)
I could be wrong but Cloudflare tunnels are 100% free and there is no cap on traffic going through.
You could use Cloudflare WARP which is a VPN to your services if you wanna connect via IP and not a domain name
Well done. From the Duke of Dockers!! 😊
Thank you!
Your content is so good. Just cmt to send a thank, already subscribed
Appreciate you :)
which flag should I use if I want to use not a docker but Mac for tunnel in detach mode? same as -d for docker
this cloudflare feature is amazing
doing tunnel will it have any effect on bandwidth let see my home has 200mb up/down limited tunneling to do on Cf do it originally getting more bandwidth now from cloudflare or tunneling is just to mask and secure
ur home ip
Thanks again, i also host a mail server on my NAS, will cloudfare block it?
Cloudflare only has access to what you give it access to, any existing services won't be touched by Cloudflare
What ports need or not need to be open in the fierwall for the tunnel? Today I have 80 and 443 open and pointing to my pihole and from pihole are some directed to npm.
You shouldn’t need to open any ports, it will run via 443 I believe which should be a standard port that’s open
This was useful. Thanks! 🎉
How do I get this working for UDP?
Is necessary to use Cloudflare WAF Rules with Zero Trust to expose services?
No, only if you wish to add rules on who can access it
@@Techdox only the zero trust rules.
Hi please help me I am not understanding what is the zero trust plan for if I choose free plan does it limit my website user limit
Hi, no the free tier does not limit website users. Your zero trust users within Cloudflare is limited to 5 I believe
@@Techdox Oki thanks 🙏
Thanks for the video. If i expose qbittorrent using cloufare then presumably i still need to froward the TCP port (eg 6881) on my router?
That's the great thing about Cloudflare, not port forwarding needed. Just expose the UI port to access it via Cloudflare and that's it
@Techdox the TCP port (eg 6881) is used for incoming connections (for seeding) on qbittorrent. If not part forwarded some how then will it ever seed? Thanks
Interesting, I have not needed to open any ports for my container to seed etc, give it a go and see without port forwarding and let me know how it works@@timsavory9718
You show to use tunnel with docker of nginx. And i have question i don't see any valid reason to use tunnel when you after that use nginx which is anyway proxy pass + use cloudflare in front to protect ddos etc. Can you or someone explain if it's worht to use tunnel if i use anyway nginx to pass forward request?
Totally up to you. I use it so I don’t need to expose my public IP address and you get the added protection from Cloudflare
Hi Man, So after u install the tunnel command in docker , I need more information on this whats the next step do you have any documents fot this pls thanks
You should be able to follow the steps I took on the video, once you have the tunnel running it should show as active in Cloudflare. Then you can setup your tunnel to expose your applications
Question I got everything to work, but on the padlock after I login it has a warning:
Parts of this page are not secure (such as images).
I see the error on Firefox, but not Google Chrome.
Interesting, I don’t use Firefox but worth looking into. Did you find any answers so far?
@@Techdox I am guessing it is because it used http for the ip address to connect to the local server and that is why there is a warning about mixed parts not secure. Anyway I am going to use proxmox and install a virtual machine for the Ubuntu server. I will see if the error still persists.
Your site is drawing resources from outside sources like Google fonts, but provided over http rather than https. W3 resources, for instance, often get hard coded as http. Find those references, make sure they can be accessed over https, and update your code. Fun, fun!
Can i use my synology nas.
And can i use that nas’s nfs storage for recording my nvr outside my home network with or with a public ip.
Yeah, Synology NAS should be fine, just run the tunnel via Docker. Also, the NAS storage via Public IP I would need more details on the setup
hey man, why doen cloudflare keeps going down, it is not consistently connected, only last for less than one hour, but i need consistent nad permanent connection, what should i do my friend , thanks
Ii will stay up as long as the host stays up, where is it runnign and do you restart the host often?
@@Techdox the http serve runs on a linkstack docker, and my host server keeps running all the time, but the tunnel just keep going down, i don't know why
Wow, nicely done! I was able to expose my nginx as well! Can I do the same for my ssh server?
Hey! Thanks for being a member! Yes you can also expose SSH as well :) just like you can select HTTPS etc there is an option for SSH :)
@@Techdox I don’t know why, but my SQL Server and SSH connections are not working, any tips 😝?
@@ricgondo so you are trying to SSH into a server with Cloudflare and it’s not working? I might need some more context but there’s two things here.
Cloudflare tunnel will allow SSH via their tunnel but if you want to be able to connect to your services like normal via ssh from your terminal etc, you can use Cloudflare WARP, it’s a client you download on your pc and acts as a VPN for all your services
@@Techdox I was able to expose the Nginx just like you did via docker... then I also installed a SQL Server docker, which can be accessed internally but after adding it to the Cloudflare tunnel Public Hostname like the Nginx in your video, I'm still not able to access it. The same goes to the SSH. Thanks!
So focusing on the SQL server first, when you say access it you mean accesing it via it's public hostname via something like SQL management server? - I'm not sure if you have Discord but feel free to join it, it might make it easier to chat :) - discord.gg/m6ZMZkPBUG
when I sweat "docker ps" it doesn't show me what you show in the video, it offers me to download two
I know I am a bit late, but what is the actual message?
Hi can i use another programm besides docker a need a tunnel for my mac high sierra 10.13 and i cant install docker
Yeah in the zero trust screen where you see the steps for setting up the tunnel they have more options that just docker for a tunnel
@@Techdox thank you ,for you kindness
Can you use Authentik as an identity provider?
I just checked the list and could not see it there
@@Techdox I guess it would work with the Generic SAML 2.0 option?
Yeah, doesn’t hurt to find it a shot :)
Does this help to hide the IP address of the site?
Yeah, this will show up as Cloudflare IP addresses, not yours
So, perhaps this will help protect against DOS attacks such as hotlinking?@@Techdox
Nice mate 👍
😊
Don't forget to set it to autorun after the machine turns on
Thanks!
You are very generous 😊 Thank you for your support
This worked for about 1 minute then I suddenly got a ""the plain http request was sent to https port"" error. I can't resolve it.
What are you trying to expose?
@@Techdox My Nextcloud docker on unraid. I tried the tunnel with http and https. One said the error above. If I changed it I got that cloudflare screen with server down.. I'm using nginx proxy manager if that makes a difference. It's fine if I just have is as a regular A name so I guess I'll leave it at that.
Pardon, what kind of English do u use? Where r u from?🤔
@@OldPekar standard English 😂 I’m from New Zealand
make windows 10 Cloudflare Zero Trust Tunnel Guide
The process is the same besides the tunnel setup which you can still do via Docker or you can install following their windows steps. The rest is still identical
Selfish show idea. Install every single bitcoin node software option available!!
I think at some point they are all the same just a different UI haha
promo sm 😥
Hey, what’s up?
Thanks!
Thank you so much ❤