Hello. I have looked over docs and see there may be many ways to do this but I basically need help with the Rules/Policies Firewall. Zero trust Cloudflared tunnel.
I have my tunnel set up and can access my Proxmox running a VM which holds Docker containers (Homeassistant, Mosquitto, Frigate, portainer, Cloudflare tunnel. I have a subdomain linked to the IP and port of my Home assistant server. container. All is good for me to type in the Subdomain and get to the Home assistant portal and My family 3 mobile phone’s home assistant Companion apps can connect over the Subdomain without wifi. I have onboarded the 3 mobile phones with WARPED and added the Certs to the phones. Also added Google authentication/identity provider to the ZeroTrust account…( not sure if I needed to onboard them like this or not though) I also add 3 Gateway locations for the mobile phones and used Cloudflare private DNS on the 3 phones. (not sure if it is good or bad to do this but I like seeing all the traffic analyzed in the dashboard for each.
Basically I want to lock down the public domain so that only the 3 mobile phones can access it. I am not sure if it should be by IP by device or maybe by the user that I onboarded ( I do not want to have to used the WARPED client to access it though) . Is it possible to install a certain certificate or token that allows only the 3 mobile phones? I am not sure which way to go or how to accomplish this.
I appreciate any help or advice to whitelist just those devices.