What is the name of the domain?
What is the issue you’re encountering
Is the tunnel encrypted between cloudflare and my homelab? Or do I need to implement a tls cert between my homelab and cloudflare for it to be secure?
Cloudflared Tunnel does create an encrypted connection from your homelab to Cloudflare’s edge, which means all traffic between Cloudflare and your homelab is protected and private.
If you want to ensure traffic between Cloudflare’s edge and your homelab is encrypted using your own certificate, you can configure TLS with an Cloudflare Origin CA certificate from Cloudflare, or use your own SSL certificate if you have it.
Having certificates on your homelab will add another layer of security (end-to-end encryption).
Not required, but it’s recommended to do so. Otherwise, you’d have to bound your Website or web server to HTTPS, therefrom make sure the noTLSVerify option is enabled for your public hostname.
If the tunnel was created in the dashboard - easier to manage:
If running via CLI locally from the host, an example of the config.yml:
tunnel: CLOUDFLARED-TUNNEL-ID
credentials-file: /root/.cloudflared/COUDFLARED-TUNNEL-ID.json
ingress:
- hostname: service.example.tld
service: https://127.0.0.1:443
originRequest:
connectTimeout: 30s
noTLSVerify: true
- service: http_status:404
To leverage Cloudflare, you can generate and install Cloudflare Origin CA Certificate on your web server to have end-to-end secure connection, therefrom followed by the SSL/TLS settings set to Full (Strict).