Cloudflare Zero Trust Tunnels (Previously Argo) for Home Lab Access

Mr李 好物分享

Cloudflare Tunnel was previously named Warp during the beta phase. As Warp was added to the Argo product family, Cloudflare changed the name to Argo Tunnel to match. Once Cloudflare decided that there is no longer required users to purchase Argo to create Tunnels, Argo Tunnel has been renamed to Cloudflare Tunnel.

In this post, I am gonna show how you can use Cloudflare Tunnel (free) to access our home lab internal network with a couple of simple steps and also how you can make this access secure.

Related posts:

Diagram

Steps

You will need a free Cloudflare account to log in and also you will need your own domain DNS records to be managed by Cloudflare.
  • Free Cloudflare accound
  • Free Domain (https://nic.eu.org/)

1 Add a tunnel

2 Create a new tunnel

3 Install and run a connector

4 Route traffic to your applications

Access Policy - OneTime Password

One Time PIN

By default, One Time Password has been added for your authentication method. 

1 Add an application

Accept all available identity providers:

2  Add policies

3  Setup

4  Access to route.51sec.eu.org

Set Up Google as an IdP (Identity Provider)

You can add other authentication methods such as Google, GitHub as an identity provider. 

Set up Google as an identity provider

  1. Visit the Google Cloud Platform console. Create a new project, name the project, and select Create.

  2. On the project home page, go to APIs & Services on the sidebar and select Dashboard.

  3. On the sidebar, go to Credentials and select Configure Consent Screen at the top of the page.

    Location of credential settings at the top of the Google Cloud Platform dashboard.

  4. Choose External as the User Type. Since this application is not being created in a Google Workspace account, any user with a Gmail address can login.

  5. Name the application, add a support email, and input contact fields. Google Cloud Platform requires an email in your account.

  6. Return to the APIs & Services page, select Create Credentials > OAuth client ID, and name the application.

    Location of OAuth client ID settings on Google Cloud Platform credentials page.

  7. Under Authorized JavaScript origins, in the URIs field, enter your team domain.

  8. Under Authorized redirect URIs, in the URIs field, enter your team domain followed by this callback at the end of the path: /cdn-cgi/access/callback. For example:


    https://<your-team-name>.
    cloudflareaccess.com
    /cdn-cgi/access/callback

  9. Google will present the OAuth Client ID and Secret values. The secret field functions like a password and should not be shared. Copy both values.

  10. In Zero Trust, go to Settings > Authentication.

  11. Under Login methods, select Add new. Choose Google on the next page.

  12. Input the Client ID and Client Secret fields generated previously.

  13. (Optional) Enable Proof of Key Exchange (PKCE). PKCE will be performed on all login attempts.

  14. Select Save.

Videos

 

https://blog.51sec.org

版权声明:
作者:Mr李
链接:https://www.techfm.club/p/69732.html
来源:TechFM
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
< <上一篇
下一篇>>