Cloudflare Tunnelling

Installation Issues
1

Checklist
[x ] I have read intro post: About the Installation Issues category
[x ] I have read the tutorials, help and searched for similar issues
[ ] I provide relevant information about my server (component names and versions, etc.)
[ ] I provide a copy of my logs and healthcheck
[ ] I describe the steps I have taken to trouble shoot the problem
[ ] I describe the steps on how to reproduce the issue

Has anyone used Cloudflare’s Argo Tunnelling to support a Passbolt server? It works as a hybrid tunnel from a Cloudflare IP address and als a bit lite a reverse proxy. I’m looking for input from people who have tried it. Either successful or failed.

2

Hi @CharlesG I think some info are missing in the your post. What is your issue?

3

I jusat edited. I hit send too fast.

6

Yep, works like a charm. Added this to my docker-compose.yaml

  cloudflared:
    image: cloudflare/cloudflared:latest
    restart: unless-stopped
    command: tunnel --no-autoupdate run --token <token>
1 Like
7

I was able to expose my Passbolt Site, however It shows that is on “Unsafe Mode” has anybody seen that?

8

Hello @JavierChaparroMX,
Indeed we see this when using a self-signed SSL certificate, is that what you are using in your set up?

We have guides about manual and auto https configuration if needed :slightly_smiling_face:

If you still have an issue, i’ll be more than happy to help.

9

Hello Antony, @antony

I have passbolt currently running behind my Cloudflare Tunnel and all is well, however, I’m looking to see if I can create a bypass rule for mobile. The way I would do this is if there was a specific path or set of paths that would be static for mobile access, such as https://domain.com/mobile or other similar structure. This would allow me to force my Google Oauth2 login and email match that I have for accessing the front-end web UI, but still allow the mobile app to connect.

While not as secure as having it entirely behind CF, it does significantly reduce the attack surface by only allowing traffic to bypass CF to the mobile auth path and blocking everything else.