Pihole, Cloudflared, WARP, HTTPS Proxy


I’m currently running some advanced security setup in my home.
All DNS queries are sent to my local PiHole instance, which then routes all non-cached entries to the cloudflared daemon, which runs in proxy-dns mode and uses DoH, which obviously connects to CF Edge.

I have this set up and so far everything works perfectly, DNS queries are resolved perfectly.

Now I would like to take this further by implementing a HTTPS Proxy in my network, I want all HTTPS traffic to originate from a specific device in my home.
Now it would make sense to implement something after the cloudflared daemon.

Can I use the cloudflared argo-tunnel feature for this?
Can I use the new WARP for Linux service for this?

I still want to see all resolved domains in my Teams dashboard, but currently it is limited to DNS tracking.
I can’t use the upper layer HTTP Gateway Policies, because I don’t have any domains connected in Cloudflare (obviously it is my home, not an enterprise network). Tried to submit some .local domain just for experimenting but that is not going to work.

Any suggestions?
Clients — Pihole — cloudflared proxy-dns — [Potential proxy] — DoH Cloudflare

I am looking for solutions for implementing a proxy between the cloudflared daemon and CF Edge.


Just tried out WARP client, but unfortunately it takes away all DNS traffic from my PiHole and I do not have the visibility into it anymore through my PiHole+cloudflared instance.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.