Expose to CF Workers privately

I’d like advice on what would be the best approach to expose an internal service (cephFS) through CF Tunnel to a CF Worker in a way that we don’t need to expose the entire service to the public WWW.

Any way to make a worker access the tunnel directly, maybe through an “internal-network”?

1 Like
  1. Make the CNAME that points to the uuid.cfargotunnel.com grey-cloud (DNS Only) and it’ll work for Workers but nothing else - but this means it’ll work for other peoples Workers.

  2. Add Cloudflare Access on it & create a Service Token that your Worker can include in the headers, so no-one can actually get past the Access login page other than your Worker.

2 is better.

1 Like

hey thanks for the tip regarding the tunnel and worker combination. However I get “Error 1016” (host ins on cf network) like when leaving it as “Proxied”. Do you know if this is still working?