Tips on exposing Ceph RGW in a secure way

Hi folks!
We are implementing a new CDN serving files to external clients, and I would like to hear from you about some improvements/opportunities on the Cloudflare side to make it more secure.

Basically, we are using (1) Cloudflare Worker as frontend, to handle the requests to our internal Ceph, (2) Cloudflare Tunnel to expose RGW externally, and (3) Cloudflare Access to authorize the requests based on secrets (created an Application with a policy action to require a specific Service Token).

Everything is working fine, but I would like to have some thoughts from the CF community. I’m a new user and don’t have too much experience with CF solutions.

Thank you!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.