![]() Our pwndrop image is perfect for this task. It's meant to be publicly accessible by anyone with a link so there will be no authentication. Single service published without authenticationĪs the first scenario, let's set up very basic service for file sharing. Keep in mind that since it is a premium feature, they do ask for a valid credit card during sign up, but with the free plan, there should not be any charges. It is technically a premium service, but they offer a free plan for up to 50 users, which should be plenty for a home lab setting. We also need to sign up for Cloudflare Teams to be able to access their Zero Trust dashboard through which the tunnels and access policies are managed. We'll copy that, too, as we will not be able to view it again after closing. ![]() Once we save, our token will be displayed once. Make sure that your token creation page looks as shown in the screenshot below. The scope we need for the token should include Zone:DNS:Edit and Account:Cloudflare Tunnel:Edit. Let's copy those ids and then click on that link. Right below them, there is a link titled Get your API token. On Cloudflare's dashboard, in the overview page of our domain, we can see the zone and account ids at the bottom right of the screen. Initial Cloudflare setupīefore we start, we need to create a new api token for Cloudflare with the correct scope, and retrieve our zone and account ids. There are many different possible combinations for implementation. It is only meant to showcase some of what you can achieve with Cloudflare Tunnels and Access, SWAG and Authelia. Keep in mind that this article is not meant to be a step by step guide. All connections will go through Cloudflare directly into the containers. You'll notice that with all 3 examples, there will be no ports mapped on the host so none of these services will be available on the local network. The final example involves setting up multiple services reverse proxied via SWAG, and with authentication handled via a local instance of Authelia integrated with SWAG, and 2fa via Duo. The second example involves setting up multiple services, reverse proxied via SWAG, and the authentication handled via Cloudflare Access's Google SSO integration. This is meant to be a publicly accessible service, so there will be no authentication. ![]() The first one involves setting up a single service in a docker container with the cloudflared mod, which will route all incoming connections through Cloudflare, with all the protections they provide. ![]() In this article, we will provide 3 examples. As it is a broad concept, there are many aspects and applications, but in this article we will focus on applying Zero Trust to the web based services we host.Ĭloudflare Tunnels provide an easy way to achieve Zero Trust by pairing them with either Cloudflare Access, or other authentication solutions like Authelia. It has become quite a popular buzz word of late, in light of all the recent successful cyber attacks, compromising vast amounts of user data. Zero Trust Architecture is the practice of designing systems based on the principle of never trust, always verify, as opposed to the traditional trust, but verify principle. ![]()
0 Comments
Leave a Reply. |