Hi Everyone, sorry for the noob question, but here’s my situation:
- I have an application server(hosted on Heroku) serving the front end of my website that is cached through Cloudflare at domain.com (APPSERVER)
- It’s supported by a Wordpress backend (hosted on LiquidWeb) at api.domain.com (APISERVER). This server serves 3 functions 1) It hosts the Wordpress backend of my site (DB and Admin pages) 2) It responds to API calls from the application server 3) It serves images to the end user.
I would like to secure the APISERVER behind Access so only authorized users can directly access it, but I need the APPSERVER to still be able to make calls to the API, and the images for the website still needed to get loaded (ideally cached through Cloudflare).
I was planning on setting up an Argo tunnel between the APISERVER and Cloudflare and then limiting Access to APISERVER to me and a few other users, but it feels like this is missing something (i.e. I think it will work for controlling access to the WP backend but I’m worried it’s going to break API access from the app server and I’m also worried the images won’t be loadable by the end user either.
I can’t really find any documentation on Access + Argo Tunnel beyond Cloudflares own limited documentation so I would really appreciate any thoughts from someone who has done something similar (or knows how this works).
Thanks for your help!