Setting up Cloudflare Zero Trust
I'm trying to get a code until the end of December (which is the last day of this promotion) by setting up a zero trust. As I'm not so good with networking, it's not my expertise, can someone help me and let me know what am I missing? Sorry in advance if I'm missing something trivial. I don't have a domain with cloudflare and what I did so far is:
I run multiple docker containers on a local machine with, for example, IP x.x.x.5. Various ports, so hitting them from a local network is not an issue, they load normally. On the same machine, I run a cloudflared container as well. In CF dashboard, it's shown as an active tunnel.
On the same dashboard, I created an app with a URL being IP from above, so x.x.x.5 and type being "private net". Policy is allow, selector being Destination IP is x.x.x.5. ← Maybe this is one of the issues?
Additionally, I created one user which logins with OTP sent on email by going to something.cloudflareaccess.com URL. Once logged in, I can see the created app. Now if I'm on the same network and I click on the app, it redirects to x.x.x.5, and although I see the hosted docker container, it seems like this login is basically for nothing. On the other hand, If I'm not of the same network, it will show a standard error like unable to connect or the connection has timed out.
I thought I can solve this by installing a warp client on the device from which I'm connecting, so I installed it, and it connects to zero trust, but again, I can't open the app mentioned above as it shows the same error. DNS records from the device are shown on CF dashboard.
Can someone tell me what am I missing here? Setting up wireguard was easier by a mile.
Comments
@bikegremlin set up Zerto Trust recently iirc
Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.
https://github.com/rapiz1/rathole
I've used Zero Trust to prevent access to certain paths (requiring OTP) as an extra security layer.
That's relatively simple to configure, so I suppose it would satisfy the criteria of promotion.
Yet to write a tutorial on that - a bit of a hectic schedule.
@hyperton if you hit a wall, let me know, and I'll do my best to "rush" a step-by-step tutorial.
Detailed info about providers whose services I've used:
BikeGremlin web-hosting reviews
What does your local configuration .yml file look like?
Did you setup your ingress rules?
Does it serve the same purpose like NPM?
Looks interesting.
https://microlxc.net/
Well, for now, I didn't manage to make this work, i.e. I can't access a local app when I'm not on the same network, but when I am, it just redirects to the mentioned IP and probably skip all CF related stuff. Analytics tab under zero trust is basically empty, although home tab does show DNS requests from the device which has warp installed. I'm not sure will this be enough for them to consider it as an active usage.
I will see will they send anything until the next week. Regardless, thank you for offering to help, if they don't send an email, I will write here, so if you find some free time to write a tutorial, it would be greatly appreciated!
Are you referring to the device where cloudflared docker container is running? I didn't edit anything. Pulled and run a container, as well as some selfhosted apps and that's it. Apps are loading normally from a local network.
Well, it's done in a rush, but I hope it will help:
Cloudflare Access Zero Trust tutorial
Detailed info about providers whose services I've used:
BikeGremlin web-hosting reviews
If I'm not mistaken, you need to configure more things locally, like authenticating to your account, the tunnel token, the hostnames you want to reverse proxy to, etc...
Thank you so much! I don't have a domain registered with CF, hence I couldn't follow completely, because self-hosted app is greyed out, but luckily on 15th Dec. I received a code from yubico, so it definitely can be done with using a warp app like I did. Regardless, again, thank you for writing this tutorial, it will definitely come handy in the future!