Mastodawn

Mennyire örülök annak, hogy rájöttem arra, hogy létezik egy self host #Cloudflare #Tunnel alternatíva a #Pangolin formájában.

A bár, publikus IP-vel rendelkező, mégis ki nem nyitható routerem esetén, meg úgy biztonsági szempontból is sokkal kényelmesebb.

Igaz, ehhez kell bérelnem egy VPS-t a #Vultr szolgáltatónál (nekem ez vált be már sok-sok éve, de gateway átjáróként használható, olcsóbb alternatívát szívesen fogadok), ami évi 60 eurómba kerül, de legalább a szerverem kimegy, a kapcsolatok nem arra érkeznek közvetlenül, hanem a VPS-re. Szóval... Minden oké.

És a #Tailscale #Funnel szolgáltatásával sem kell szórakoznom, ami vagy tűrhető sávszéllel volt, vagy nem, és a hozzá tartozó domaint soha nem tudtam megjegyezni normálisan, annak ellenére, hogy minden szolgáltatásomhoz volt egy #sidecar megoldásként alkalmazott TS konténer is.

De, legalább így ki tud menni a #JellyFin is és a #Nextcloud is a világba, és nem kell félnem attól, hogy a CF előszed a #ToS megsértése miatt.

#selfhosting #selfhost #VPS #CloudflareTunnel #CFTunnel #ZeroTrust #CloudflareZeroTrust

N-gated Hacker News Nov 16

Ah, the internet's newest oracle has finally deciphered Cloudflare Zero Trust tunnels—14 minutes and 2822 words later, he's practically handing out honorary PhDs. 🤓 Because, of course, understanding a product as clear as mud is the ultimate badge of tech honor. 🌪️🔒
https://david.coffee/cloudflare-zero-trust-tunnels #CloudflareZeroTrust #CloudflareTunnels #TechHonor #OracleDeciphered #InternetWisdom #HackerNews #ngated

I finally understand Cloudflare Zero Trust tunnels

Everything you wanted to know about using Cloudflare Zero Trust Argo tunnels for your personal network

David Mohl

Lanie Feb 14, 2025

Help Needed with Cloudflare Zero Trust, Pages, and Workers for ReactFlux + MiniFlux Setup

Hi everyone,

I'm new to #Cloudflare and have been trying to set up a #SelfHosted project on my #RaspberryPi 500. I'm mostly self-taught, so I apologize if I misunderstand anything or miss important details. Here's my situation:

Current Setup

I'm running the self-hosted #RSS feed reader #MiniFlux on my Raspberry Pi 500 (#ArchLinuxARM, installed via Pacman).
The setup uses #Caddy as a reverse proxy, a #CloudflareZeroTrust tunnel, and Cloudflare Access for SSO.
My #CloudflareAccess application is configured to allow all origins, methods, and headers. It has a policy that allows specific emails or login methods (e.g., GitHub).

What I'm Trying to Do

I want to deploy ReactFlux, an alternative frontend for MiniFlux, on #CloudflarePages.
Before setting it up fully, I tested the ReactFlux demo with my MiniFlux instance at https://rss.laniecarmelo.tech. However, ReactFlux couldn't log in.

Suspected Issue

I believe the issue is caused by Cloudflare Access protection blocking ReactFlux from accessing the MiniFlux API (https://rss.laniecarmelo.tech/v1/*).

What I've Tried So Far

I added another hostname (rss.laniecarmelo.tech/v1/*) to my tunnel configuration and created a new Cloudflare Access application with a policy set to "Bypass" for everyone. However, this didn't work—when testing the API endpoint in a private browser window, I'm still asked to sign into Cloudflare.

I also tried setting up the hostname with "Protect with Access" turned off but got the same results.

Next, I attempted to use a #CloudflareWorker written in JavaScript to bypass authentication for /v1/*, but it doesn't seem to be doing anything (or isn't being triggered).

What I Need Help With

How can I properly configure Cloudflare so ReactFlux can access the MiniFlux API (/v1/*) while keeping the rest of my MiniFlux instance protected by Cloudflare Access?
I've been stuck on this for a couple of days and would really appreciate any guidance or suggestions!

Thanks in advance for your help!

#SelfHosting #ArchLinux #Linux #RSSReader #tech #technology #RaspberryPi #RPi #RPi500 #RaspberryPi500
@selfhosting @selfhost @selfhosted