Need help traversing nginx proxy to reach my Cloudflare protected site (TLS end-to-end)
I’m trying to traverse my enterprise hosted nginx proxy instance to reach my own Cloudflare protected site. I own and control this entire solution end-to-end, and Cloudflare is only providing DNS, WAF and Proxy for the backend app server.
The nginx proxy (which is a proxy in front of Cloudflare’s own proxy), is needed to ensure client browsers that are riding over a corporate VPN can reach the Cloudflare protected site/server from IPs that are whitelisted on WAF rules.
Since I cannot adequately predict or control the source IPs of these browsers that use the VPN, I need them to traverse my nginx proxy to ensure they come from a whitelisted source IP that is acceptable to the engress WAF rules.
Since I know anyone reaching the Nginx Proxy is coming across the VPN, I know they are safe and should be allowed to use the proxy to access the site from a safe IP address acceptable to the Cloudflare WAF.
Can anyone point me to documentation or a blog related to configuring this type of solution, that has configured nginx proxy in front of a proxied Cloudflare / protected site?
I do have a good TLS cert on nginx so the browsers will hit an internally accessible URL but need to be forwarded through to the external site which is of course also TLS protected.
Browser → VPN → Corporate Headquarters → NGINX Proxy → Cloudflare Proxy / WAF → My Site