TrueNAS SCALE Apps remote access using Cloudflare tutorial

[averageazn]

Thank you for this guide! I just followed it sucessfully! Cloudflare changed the tunnel menu behind a separate product called zeroTrust but it was essentially the same steps.
I dont understand how this works well enough to point anohter subdomain at my same server though. How would i expose another domain if you can only do that during setup of the tunnel and its recomendding one tunnel per network?
Id like stream.mydomain and request.mydomain
any advice?

 

[stephen.dail]

Thank you for this guide! I just followed it sucessfully! Cloudflare changed the tunnel menu behind a separate product called zeroTrust but it was essentially the same steps.
I dont understand how this works well enough to point anohter subdomain at my same server though. How would i expose another domain if you can only do that during setup of the tunnel and its recomendding one tunnel per network?
Id like stream.mydomain and request.mydomain
any advice?

If you use Cloudflare as your DNS manager and Traefik on your TrueNAS, you don't *really* need to use the tunnel capabilities provided by Cloudflare to get FQDN access.

Either way, to add additional FQDNs (i.e. stream.mydomain or request.mydomain as you mentioned) you need to ensure those subdomains are added to Cloudflare in the DNS settings of your managed domain.

I recommend adding them as CNAMEs; i.e. add a CNAME, (I assume you already have the A record as your public IP if you're using tunnels). In the first box, the subdomain, enter stream or request (or whatever.) The next box is the domain they host (i.e. mydomain.org or mydomain.net etc.)

You can keep the CNAME as proxied for extra security, or unproxied and it will expose the actual IP.

Note that in order for this to work, you have to have Traefik installed and managing the external requests to the internal IP and port.
Cloudflare will forward the request (subdomain.yourdomain) to your public IP using https. Traefik will convert the incoming subdomain.domain request to the proper internal IP and port (probably a 172.X.X.X if using standard Kubernetes IP scheme.)