[{"content":"","date":"20 January 2025","externalUrl":null,"permalink":"/categories/","section":"Categories","summary":"","title":"Categories","type":"categories"},{"content":"","date":"20 January 2025","externalUrl":null,"permalink":"/tags/cloudflare/","section":"Tags","summary":"","title":"Cloudflare","type":"tags"},{"content":"","date":"20 January 2025","externalUrl":null,"permalink":"/categories/hosting/","section":"Categories","summary":"","title":"Hosting","type":"categories"},{"content":" Intro # Have you ever stumbled upon a cool project that lacks authentication or wanted to make a simple website for yourself without dealing with setting that up? Luckily Cloudflare has a product that makes adding an authentication layer to any website they serve simple and free!\nIn this article I will show you how to set that up!\nTip For this to work, your website/application must be proxied by Cloudflare (that\u0026rsquo;s the orange cloud in the DNS settings)\nAccessing the Zero-Trust page # When you log into Cloudflare, you should be able to find the Zero Trust button on the sidebar to the left.\nCreating a policy # Policies are what we use to define how users authenticate to our application. From the Zero-Trust homepage, you want to navigate to the policies page by clicking the Access Controls dropdown and the Policies option as follows\nOn the policies page, hit Add a policy\nAs you can see in my screenshot, I have a policy setup to accept logins from emails ending in @domain.com. This is the authentication scheme we will use for this demonstration, we will define which emails are allowed and this will enable cloudflare to send those emails one time codes to authenticate!\nOn this page you will want to define a policy name and then add some rules. In my example I will setup both a specific email (you can allow multiple different emails by separating them with a comma) and all the emails under my domain.\nOnce you enter this, hit Save at the bottom.\nCreating an application # Now that we have a policy setup, we are ready to setup an \u0026ldquo;Application\u0026rdquo;. Applications are where we define what it is we want to protect.\nNavigate to the Applications page by looking for Applications in the sidebar.\nFrom this page you will want to click on Create new application\nThis will open a pop up with a few options. We want to select self-hosted as we are protecting an application we\u0026rsquo;re self hosting in this demo. Select Self-hosted and private and then click on Continue with Self-hosted and private\nFill out the destinations section. This is fairly simple, here you list which subdomains, domains and paths that Cloudflare is serving for you that you want to protect. In my example I will be protecting a website hosted at myapp.ondanny.com.\nTip If you specify just a domain, it will protect every proxied request to that domain (regardless of subdomain/path). Same thing with subdomain, if you specify that it will protect anything under that subdomain (regardless of path). If you need to get really precise you can fill out the Path option.\nScrolling down a bit brings us to the Policies section, this is where we add the policy we created in the previous section.\nIf you scroll to the bottom of the page, you should now be able to see something like this. The last thing you could change if desired is the Session Duration. By default its 24 hours which can be annoying and too strict for non-critical applications.\nOnce you are satisfied with the settings, go ahead and click on Create\nLogging in # Your application is now protected! Visit your application and you should see a page like this\nTry one of the emails you added to your policy, you should receive a one time code and once you enter it in, you will be able to access the application!\nThanks for reading,\n","date":"20 January 2025","externalUrl":null,"permalink":"/posts/hosting/securing-website-behind-cloudflare-zero-access/","section":"Posts","summary":"","title":"How to secure any website behind Cloudflare using Cloudflare Access (Zero-Trust)","type":"posts"},{"content":"","date":"20 January 2025","externalUrl":null,"permalink":"/posts/","section":"Posts","summary":"","title":"Posts","type":"posts"},{"content":"","date":"20 January 2025","externalUrl":null,"permalink":"/tags/","section":"Tags","summary":"","title":"Tags","type":"tags"},{"content":"","date":"20 January 2025","externalUrl":null,"permalink":"/tags/zero-trust/","section":"Tags","summary":"","title":"Zero-Trust","type":"tags"},{"content":"","date":"3 January 2025","externalUrl":null,"permalink":"/tags/caddy/","section":"Tags","summary":"","title":"Caddy","type":"tags"},{"content":" Tip This guide is now part of the Official Cloudflare documentation\nIf you are running an application behind Caddy that relies on the X-Forwarded-For header, you can configure Caddy to override the header with Cloudflare\u0026rsquo;s CF-Connecting-IP header.\nIt is advised that you also only accept traffic from Cloudflare\u0026rsquo;s IP addresses; otherwise, the header could be spoofed. That\u0026rsquo;s why, in the second example, we handle this as part of the Caddy configuration. Alternatively, you can handle this at the firewall level, which is usually easier to automate. If you already have a firewall or other measure in place to ensure this, your Caddyfile could look like this:\nhttps://example.com { reverse_proxy localhost:8080 { # Sets X-Forwarded-For as the value Cloudflare gives us for CF-Connecting-IP. header_up X-Forwarded-For {http.request.header.CF-Connecting-IP} } } If you want Caddy to handle only accepting traffic from Cloudflare\u0026rsquo;s IP addresses, you can use a configuration like this one:\nhttps://example.com { # Restrict access to Cloudflare IPs (https://www.cloudflare.com/ips/) @cloudflare { remote_ip 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 104.24.0.0/14 172.64.0.0/13 131.0.72.0/22 2400:cb00::/32 2606:4700::/32 2803:f800::/32 2405:b500::/32 2405:8100::/32 2a06:98c0::/29 2c0f:f248::/32 } # Process requests from Cloudflare IPs handle @cloudflare { reverse_proxy localhost:8080 { # Sets X-Forwarded-For as the value Cloudflare gives us for CF-Connecting-IP. header_up X-Forwarded-For {http.request.header.CF-Connecting-IP} } } # Deny requests from non-Cloudflare IPs handle { respond \u0026#34;Access Denied\u0026#34; 403 } } Thanks for reading,\n","date":"3 January 2025","externalUrl":null,"permalink":"/posts/hosting/pass-real-visitor-ip-from-cloudflare-to-caddy/","section":"Posts","summary":"","title":"How to pass real visitor IPs to an application that's behind Cloudflare and Caddy","type":"posts"},{"content":"","externalUrl":null,"permalink":"/","section":"","summary":"","title":"","type":"page"},{"content":"im daniel san\nWarning! This action is destructive! ","externalUrl":null,"permalink":"/about/","section":"","summary":"","title":"About Me","type":"page"},{"content":"","externalUrl":null,"permalink":"/authors/","section":"Authors","summary":"","title":"Authors","type":"authors"},{"content":"I\u0026rsquo;ve always got one or more side projects going. Some for clients which I can\u0026rsquo;t share but some of my own which can be seen below.\nThreePaycheckMonths.com Basic web app that allows you to see when your next three paycheck months are as a bi-weekly paid employee. View Live → LazyFinance.app Full-stack application that allows you to track your finances with the least amount of effort. View Live → ","externalUrl":null,"permalink":"/projects/","section":"","summary":"","title":"Projects","type":"page"},{"content":"I've spent the last 10+ years of my life solving problems on the internet for money. My life is optimized around my remote digital work. I excel at getting up to speed on things at a rapid pace. From the entrepreneurial world to the corporate world, I believe my value stems from my killer work ethic and the fact that I never give up.\nExperience 2022-PRESENT Senior Full Stack Developer THINKING/BIG Lead developer on client projects. Primarily working with Java, .NET, Angular and Oracle SQL. 2020-2021 Software Developer ARCIM Management LLC Java/Groovy Minecraft plugin development. 2016-2020 Founder and Operator SysAdamant Provided hundreds of businesses with Linux System Administration and Software Development services. Focused around but not limited to the Minecraft industry. 2014-2020 Founder and Operator MomentoNetwork Created and operated a Minecraft server/community that reached millions of players worldwide. Averaging 200-300 concurrent players. Generating over $500,000 USD in revenue. ","externalUrl":null,"permalink":"/resume/","section":"","summary":"","title":"Resume","type":"page"},{"content":"","externalUrl":null,"permalink":"/series/","section":"Series","summary":"","title":"Series","type":"series"}]