How do I restrict certain subdomains to be accessible from the localnetwork only?
Original message was deleted
FLocal firewall rules?
EHow would I configure this over cloudflare?
FYou can't. You need to restrict access on your site, in your local router/firewall appliance.
EAre you sure?
EI've read multiple places that it's possible but no real explanation on how
FOkay, maybe I understood your question wrong, you want a proxied subdomain on Cloudflare to be only accessible from a certain IP range (home network) correct? And all other IPs should get blocked?
EYea close enough I guess, I'm not sure what you mean by proxied
Ebut whoever visits proxmox.example-homelab.com should be required to be on the network through a vpn or smth
FProxied means that the CNAME record in your Cloudflare DNS is orange and all requests to that subdomain go through the Cloudflare proxy.
EAlright
Ebut I want the possibility of making other subdomains public
Eso let's say, project1.esd-homelab.com
Eshould be public
FThis sounds like complex setups, I first thought about recommending WAF rules for this, but they might not be powerful enough.
I'd recommend to look into Zero Trust and how to setup an app inside this framework (it support a gazillion way to for authentication/authorization) -> https://developers.cloudflare.com/cloudflare-one/setup/
I'd recommend to look into Zero Trust and how to setup an app inside this framework (it support a gazillion way to for authentication/authorization) -> https://developers.cloudflare.com/cloudflare-one/setup/
Cloudflare Docs
This guide covers the recommended steps to start securing your users and devices with Cloudflare Zero Trust.
EI'm looking at that right now myself but when I try to setup a tunnel using the "private network", I'm not allowed to set any subdomain
FI think you don't need a tunnel to setup an app for a subdomain.
EHow would I do it?
FNot trivial, but also not extremely complex, I got a demo working after an hour or two. Read the docs, experiment, learn the lingo. There is no quick way. This stuff is a bit complex by design.
EI dont know, that doesn't help me much tbh. I'm gonna give tunnelling a shot
EBump
