LogoLogo
HomeDiscordYouTubeDisclaimer
  • Authelia
    • Installation
      • Unraid
      • Docker Compose
    • Configuration
    • Reverse-Proxy
    • Rules
  • OpenLDAP
    • Installation
      • Unraid
      • Docker Compose
    • Configuration
  • OpenID Connect
    • Cloudflare Tunnel Setup
    • Authelia Setup
    • Registering OIDC Provider
    • Cloudflare & Authelia
    • Extras
  • Configuration Files
    • configuration.yml
    • users_database.yml
  • LDAP
    • LDAP - FreeIPA
    • LDAP - OpenLDAP
    • LDAP - Active Directory
    • LDAP - LLDAP / Light LDAP
  • OIDC
    • OIDC - configuration.yml
  • NGINX
    • NGINX Config - Endpoint
    • NGINX Config - Authelia
  • 🎯DO I NEED AN UPDATE?
    • Update Me!
  • ❗Disclaimer
    • Read Our Disclaimer
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. OpenID Connect

Cloudflare Tunnel Setup

Cloudflare Tunnel and Cloudflare Zero Trust go hand in hand. This is the secure tunnel into your network and the mechanism that will allow you secure remote access

PreviousOpenID ConnectNextAuthelia Setup

Last updated 2 years ago

Was this helpful?

To run a Cloudflare Tunnel from UnRAID you will need to manually create the docker container.

Name: Cloudflared Tunnel

Repository: cloudflare/cloudflared:latest

Post Arguments: tunnel --no-autoupdate run --token <tunnel-token>

Icon URL: Any Icon URL you like

Your Tunnel Token can be found by creating a Tunnel within Cloudflare Zero Trust > Access > Tunnels. The token is provided in the docker run command

Once the container is running it will grab it's configuration automatically from Cloudflare and also make 4x seperate TCP/443 connections outbound using the QUIC protocol. The Cloudflare Tunnel should now have a status of "HEALTHY"

Cloudflare Access

Cloudflare access is a product within Cloudflare Zero Trust. Access allows us to share HTTP, SSH and RDP session securely via the Cloudflare Tunnel

Head to Cloudflare Zero Trust > Access > Tunnels > "your tunnel" > Configure > Public Hostname and click Add a public hostname

This configuration is letting our Cloudflare Tunnel know how to route to our Authelia instance in our network. Authelia in my network is listening on https://192.168.0.2:9091 and has a self-signed SSL certificate

Subdomain: auth.<domain-name>

Service: HTTP or HTTPS

URL: IP Address & Port Authelia is listening

NoTLSVerify: Enable this if you are using a self-signed SSL certificate as Cloudflare only trust their own root certificates

Once saved Cloudflare will automatically push this configuration to your Cloudflare Tunnel and it will immediately be accessible via the specifed domain name

auth.<domain-name> is accessible via the internet and has a valid SSL certificate

We have now configured remote access to our Authelia application hosted on UnRAID

Things to note:

  • auth.<domain-name> must be accessible by any device needing to authenticate via OIDC

  • This is the only site not protected via Zero Trust

  • We can create Cloudflare Page Rules to restrict IP Addresses, Countries and others from accessing this site

UnRAID Add Container
Cloudflare Tunnel Creation
Example Tunnel Connections
Authelia Webpage forwarding
Authelia accessible via Cloudflare Tunnel