CloudFlared & Traefik Guide
A guide to add traefik reverse proxy to a CloudFlared tunnel to expose apps with ingress.
caution
Implementing this guide will publicly expose your server, use at your own risk.
Create a tunnel and install cloudflared before starting this guide.
To add traefik to the CloudFlared tunnel.
Create all the public hostname entries in this order:
- the root domain (if you plan to use root domain).
- each sub domain record.
These are the values that would be needed and assumes that the app is named traefik
and the port is set to 443
.
sub domain: app
type: https
url: traefik-tcp.ix-traefik.svc.cluster.local:443
if using scale certs(deprecated)
- Additional application settings
- TLS
- Origin Server Name:
mydomain.tld
- Origin Server Name:
- TLS
if using cert-manager (recommended)
- Additional application settings
- TLS
- Origin Server Name:
app.mydomain.tld
- Origin Server Name:
- TLS
Traefik MiddleWares
It's highly advise to add a few MiddleWares like ipwhitelist and auth to protect certain apps from being directly or indirectly exposed publicly.