I’m doing some research on a private project and 'm looking at ways to do the following;
I have a server (lets call it main) that needs to reach an HTTP REST API on multiple other clients/servers, mostly windows 10 and Windows Server 2019 machines (lets call them clients).
The main server is not on the same network as the clients, and i need to be able to reach them over the internet (clients have internet access). I dont want to - or have access to do portforwarding on the clients network.
I do have full admin access on the clients.
Could i use Zero Trust tunnels to achive this? What would be the most secure approach to manage the clients and making? I dont need full answers, just point me in the right direction / documentation
You can - just install cloudflared on the server and establish tunnel connection with the Cloudflare network as public hostname configuration. From the client side, you just connect to the public hostname to access the REST API.
If you want to secure the access to the public hostname further, you may use the Service Token feature so that only clients who supply the correct token during the connection may talk to the REST API (assume that the client access is automated), else you configure Access Policy to allow based on email address if it’s human-based access.
Yes, but the communication is the other way - The “main” server has to connect to the clients HTTP API and fetch some data from the clients.
Could i maybe create multiple tunnels? Is there a limit of how many tunnels i can have?
