In Reddit many suggested to use nginx, fail2ban, crowdsec. But the logs in nginx seems to be writing local IP of tunnel instance running in docker i.e. 127.0.x.x always. So, in that case, who will fail2ban or corwdsec will know someone/hacker connected to my service?
As of now, I have setup cloudflare tunnel with following options:
SSL/TLS : Flexible Encrypts traffic between the browser and Cloudflare
WAF: location as US only
Bot Fight Mode : ON
DDOS:
Scope: Global
Acttion: Block
Sensitivity: Default
Settings:
Security Level : Medium
Challenge Passage: 30min
Browser Integrity Check : Enabled
Do I need to do anything in cloudflare or in my local machine to avoid being attacked by hackers/bot?
Also, how do I know the list of IP addresses that successfully connected to my tunnel? Log shows the ones that are blocked but I couldn’t find the ones that made successfully connection and accessed my server or the apps running in it.
All my tunnels use one time except two services. These two services I couldn’t enable one time password in cloudflare as their mobile apps are not handling it properly.