CloudFlare Tunnel

Using Cloudflare Tunnel with PlexGuide

Cloudflare Tunnel provides a secure way to expose your internal applications to the internet without needing to open ports on your firewall or configure a VPN. It acts as a secure gateway between your internal network and Cloudflare, ensuring that traffic to your applications is protected and can be easily managed. This guide will walk you through the process of setting up a Cloudflare Tunnel, enabling it, and protecting your applications with additional security measures.

1. How Cloudflare Tunnel Works

Cloudflare Tunnel, formerly known as Argo Tunnel, works by establishing an encrypted connection between your internal network and the Cloudflare network. Instead of exposing your IP address directly to the internet, you route your application traffic through a secure tunnel that ends at a Cloudflare data center. Here’s how it works:

• Secure Tunnel Creation: The Cloudflare Tunnel agent (a lightweight daemon) is installed on your server. This agent creates a secure connection to Cloudflare's edge servers, effectively acting as a tunnel.
• Traffic Management: All incoming traffic to your application's domain (e.g., app.yourdomain.com) is directed through Cloudflare's network. Cloudflare's edge servers route the traffic through the tunnel to your internal application, ensuring encryption and protection.
• No Open Ports Required: Since the traffic is routed through Cloudflare, you don't need to open any ports on your firewall. This reduces the risk of attacks and simplifies network security.
• Access Control: With Cloudflare’s Zero Trust model, you can enforce authentication and authorization policies, ensuring that only authorized users can access your internal applications.

2. How to Login and Enable Cloudflare Tunnel

To use Cloudflare Tunnel with PlexGuide, follow these steps:

Step 1: Install the Cloudflare Tunnel via PlexGuide Interface

1. Access your PlexGuide server: Open your server’s terminal or SSH into it if you are managing it remotely.
2. Navigate to the PlexGuide menu: In your terminal, run the PlexGuide script to access the main menu.

   plexguide

3. Select Cloudflare Tunnel from the menu: Follow the on-screen instructions to install the Cloudflare Tunnel agent. PlexGuide automates the setup process, making it easier to integrate Cloudflare Tunnel with your server.

Step 2: Authenticate with Cloudflare

1. Log in to your Cloudflare account: Visit Cloudflare and sign in with your credentials.
2. Create a new tunnel: Navigate to Zero Trust > Access > Tunnels and click on Create a Tunnel.
3. Name your tunnel: Give your tunnel a descriptive name and follow the instructions provided by Cloudflare.
4. Download the configuration file: After creating the tunnel, download the Cloudflare Tunnel configuration file. This file will be used to establish a secure connection between your server and Cloudflare.

Step 3: Finalize the Configuration in Cloudflare

1. Go to the Cloudflare Zero Trust dashboard and access the tunnel configuration settings.
2. Add DNS records: If you haven't done so already, add DNS records for your subdomains (e.g., app.yourdomain.com). This will direct traffic from these subdomains through the Cloudflare Tunnel.
3. Apply the settings: Use the Cloudflare interface to apply the settings. Cloudflare will handle routing traffic through the tunnel securely to your internal applications.

3. How to Point the Tunnel to Your Internal Applications

Cloudflare Tunnel can route traffic to multiple internal applications. This is managed through the Cloudflare interface, where you can define rules for each subdomain.

Example Configuration in Cloudflare Dashboard:

1. Define Ingress Rules: In the Cloudflare interface, specify the internal application endpoints. For example:

   • plex.yourdomain.com -> http://localhost:32400
   • sonarr.yourdomain.com -> http://localhost:8989
   • radarr.yourdomain.com -> http://localhost:7878

2. Set Up Subdomains: Ensure that the subdomains are correctly set up to point to their respective applications. Cloudflare will handle the routing and encryption.

4. How to Protect Your Applications with Sign-In

Cloudflare Tunnel integrates with Cloudflare Access to provide an additional layer of security by requiring sign-in before users can access your internal applications.

Step 1: Enable Cloudflare Access

1. Go to Cloudflare Zero Trust: Navigate to Access > Applications in the Cloudflare dashboard.
2. Add a new application: Click on Create Access Application.
3. Set up your application:
   • Application Name: Give your application a meaningful name.
   • Application Domain: Enter the domain (e.g., plex.yourdomain.com).
   • Session Duration: Define how long users can stay logged in without re-authentication.
4. Configure Access Policies: Define who can access your application. You can require users to sign in with Google, GitHub, or other identity providers.

Step 2: Define Access Policies

1. Go to Access Policies: Under the application settings, click Add a policy.
2. Set up rules:
   • Action: Select Allow.
   • Include: Choose the identity providers (e.g., email domain, specific users) allowed access.
   • Exclude: Optionally, define conditions for denying access.
3. Save the policy and apply it to your application.

With these steps, only authenticated users will be able to access your internal applications through the Cloudflare Tunnel.

Conclusion

Using Cloudflare Tunnel with PlexGuide enhances the security and accessibility of your internal applications. By routing traffic through Cloudflare, you protect your server from direct exposure to the internet and gain the flexibility to implement advanced security measures, such as sign-in enforcement. Follow this guide to set up and configure your Cloudflare Tunnel, ensuring that your media server and other applications remain secure and easily accessible.