Redirect traffic for specific sites on varying ports to GCP instance

Hi community,

I have the following problem to solve.
There are a few websites of our customer that can only be accessed by whitelisted IP addresses. One of our GCP instances IP address got whitelisted.

We want to use Cloudflare WARP and automatically redirect traffic to those website to go through the GCP instance.
So, if the user opens example.com in the browser, the traffic should go through the GCP instance. I guess, this is similar to a Proxy jump or using sshuttle.

I got this working for normal HTTPS traffic using the following setup:

  1. Create a firewall policy in Cloudflare Zero Trust to redirect traffic from example.com to 100.64.0.1
  2. Attach IP address 100.64.0.1 to the tunnel of the GCP instance
  3. Add the internal IP address as a loopback interface in the GCP instance
  4. Install nginx and use the following configuration:
stream {
  server {
    listen 100.64.0.1:443;
    proxy_pass example.com:443;
  }
}

I could extend this to other websites, doing the same steps for 100.64.0.2, etc.

However, I also need to redirect traffic to sites on various ports for example, api.example.com:3333. There are 2 problems I currently have:

  1. I can’t redirect traffic to different ports using the above mentioned steps. I can’t specify ports in the firewall policy
  2. There are quite a lot of ports that I need to listen to and I would like to dynamically re-route the traffic.

How would I go about setting this up using Cloudflare WARP?