Shoutout to @christianlempa
Cloudflare Tunnels are great, but they come at a cost. Cloudflare sees all of your data, and if you're not careful you'll only have a single layer of defence in your network. In this video I show you how to reintroduce some of those layers by segmenting your Cloudflare Tunnel on its own vLAN, and then route this traffic through a firewall with IDS and IPS. I also show how to create a Cloudflare Tunnel.
Cloudflare Tunnel Docker Compose:
https://github.com/JamesTurland/JimsGarage/tree/main/Cloudflare-Tunnel
Christian's Video:
https://youtu.be/oqy3krzmSMA
Recommended Hardware: https://github.com/JamesTurland/JimsGarage/blob/main/Homelab-Buyer's-Guide/Q3-2023.md
Discord: https://discord.gg/qW5vEBekz5
Twitter: https://twitter.com/jimsgarage_
Reddit: https://www.reddit.com/user/Jims-Garage
GitHub: https://github.com/JamesTurland/JimsGarage
00:00 - Introduction to the "Problems" with Cloudflare Tunnels
01:46 - Summary of how we "Fix" the problem
03:43 - Creating a Cloudflare Tunnel to Demonstrate the Problem
06:12 - "Fixing" the Problem with macvLANs and a Firewall
06:22 - Docker macvLAN Implementation
10:35 - Routing Cloudflare Tunnel Through a Firewall (Sophos XG)
12:34 - Testing It All Works
13:13 - Outro & Summary