I’ve seen a post on here before about Cloudflare tunnels being unsafe for exposing your locally hosted services to the web which I totally get.
However I’m a bit of a noob with complex VPN set ups and I tried to get Wireguard working in Docker but couldn’t. I got a tunnel configured and exchanged all the peer keys and things but I think my initial networking docker-compose stack was incorrect possibly. Also the windows client for it is a bit ugly but that’s by the by.
I’ve also used Tailscale in the past which is great but it feels like a temporary solution to me as you still have to remember ports and things (there may be a way around that if I remember correctly but I’d rather stay away from Tailscale. I prefer having control myself or through my domain name - probably illogical I know).
Instead I decided to try to protect the Cloudflare tunnel to my home network and I’ve made a policy in Cloudflare Access that won’t let you in without emailing you a code (only my email address works) and having you enter it. I’d also rather adjust that to my 2FA app but I can’t seem to get that to work here.
My question is: is that secure enough? And if not, what would you all suggest as an alternative (preferably an alternative that is pretty easy and means I can use my domain name)?
That’s the pout of Cloudflare Tunnels. It’s a reverse proxy.
Cloudflare Auth (zero trust) can lock down the tunnel so only certain people can access it.
I want to clarify something though. Cloudflare Tunnels IS SAFE. But if you choose to use it in a not safe way that’s not the fault of the tunnel.
It’s like putting on a bicycle helmet and then running on the freeway and wondering why your leg gets broken after getting hit by a car.
“but I was wearing my helmet” great, but that wasn’t the point of the helmet.
Makes sense. I was assuming that the people who were saying it wasn’t safe were including the access control methods in that too for some reason.