{"id":1066,"date":"2022-11-21T23:54:27","date_gmt":"2022-11-21T21:54:27","guid":{"rendered":"http:\/\/cln.io\/blog\/?p=1066"},"modified":"2022-12-01T12:57:59","modified_gmt":"2022-12-01T10:57:59","slug":"setting-up-cloudflare-zero-trust-tunnels-with-plesk","status":"publish","type":"post","link":"https:\/\/cln.io\/blog\/setting-up-cloudflare-zero-trust-tunnels-with-plesk\/","title":{"rendered":"Setting up CloudFlare Zero Trust tunnels with Plesk"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">I was using <a href=\"https:\/\/github.com\/memcorrupt\/firecove\" target=\"_blank\" rel=\"noreferrer noopener\">firecove<\/a> to reconfigure my OVH&#8217;s firewalls to only allow cloudflare connections, but there are better and newer ways! &#x1f680;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Since I&#8217;m a CloudFlare customer already the entry bar for using CloudFlare&#8217;s new Zero Trust tunnels is low.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"638\" src=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-24-1024x638.png\" alt=\"\" class=\"wp-image-1081\" srcset=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-24-1024x638.png 1024w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-24-300x187.png 300w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-24-768x479.png 768w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-24-1536x957.png 1536w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-24.png 1768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><a href=\"https:\/\/developers.cloudflare.com\/cloudflare-one\/connections\/connect-apps\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/developers.cloudflare.com\/cloudflare-one\/connections\/connect-apps\/<\/a><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">On this page<\/p>\n\n\n\n<nav aria-label=\"Table of Contents\" class=\"wp-block-table-of-contents\"><ol><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/cln.io\/blog\/setting-up-cloudflare-zero-trust-tunnels-with-plesk\/#steps-to-take\">Steps to take<\/a><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/cln.io\/blog\/setting-up-cloudflare-zero-trust-tunnels-with-plesk\/#updating-plesk-to-support-cloudflare-zero-trust-tunnels\">Updating Plesk to support CloudFlare zero trust tunnels<\/a><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/cln.io\/blog\/setting-up-cloudflare-zero-trust-tunnels-with-plesk\/#setting-up-the-cloudflare-zero-trust-tunnel\">Setting up the CloudFlare zero trust tunnel<\/a><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/cln.io\/blog\/setting-up-cloudflare-zero-trust-tunnels-with-plesk\/#some-more-notes-things-that-you-might-have-to-do-too\">Some more notes \/ things that you might have to do too!<\/a><ol><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/cln.io\/blog\/setting-up-cloudflare-zero-trust-tunnels-with-plesk\/#railgun-cloudflared\">railgun &amp; cloudflared<\/a><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/cln.io\/blog\/setting-up-cloudflare-zero-trust-tunnels-with-plesk\/#tls-verify-ssl-errors\">TLS verify \/ SSL errors<\/a><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/cln.io\/blog\/setting-up-cloudflare-zero-trust-tunnels-with-plesk\/#www-cname\">WWW \/ CNAME<\/a><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/cln.io\/blog\/setting-up-cloudflare-zero-trust-tunnels-with-plesk\/#disable-your-firewall-rule-for-www\">Disable your firewall rule for WWW<\/a><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/cln.io\/blog\/setting-up-cloudflare-zero-trust-tunnels-with-plesk\/#enable-http2-for-the-tunnel\">Enable HTTP2 for the tunnel<\/a><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/cln.io\/blog\/setting-up-cloudflare-zero-trust-tunnels-with-plesk\/#depending-on-your-firewall-allow-tunnel-ports-out\">Depending on your firewall, allow tunnel ports out<\/a><\/li><\/ol><\/li><\/ol><\/nav>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"steps-to-take\">Steps to take<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create unique local IP&#8217;s on our plesk server<\/li>\n\n\n\n<li>Assign the created IP to a website\/domain<\/li>\n\n\n\n<li>Set up a tunnel in CloudFlare<\/li>\n\n\n\n<li>Set up cloudflared on our host<\/li>\n\n\n\n<li>Configure cloudflared with our API key from cloudflare<\/li>\n\n\n\n<li>Set up a public hostname in the tunnel<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"updating-plesk-to-support-cloudflare-zero-trust-tunnels\">Updating Plesk to support CloudFlare zero trust tunnels<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Maybe there is a better way of doing this, but to me it looked like adding local IP&#8217;s to my node (not routable) and marking them as dedicated was the way forward.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"642\" height=\"305\" src=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-11.png\" alt=\"\" class=\"wp-image-1067\" srcset=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-11.png 642w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-11-300x143.png 300w\" sizes=\"auto, (max-width: 642px) 100vw, 642px\" \/><\/figure>\n<\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"731\" height=\"495\" src=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-12.png\" alt=\"\" class=\"wp-image-1068\" srcset=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-12.png 731w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-12-300x203.png 300w\" sizes=\"auto, (max-width: 731px) 100vw, 731px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">Pick whatever you want as an internal IP, I pick the 10 range, just have an unique IP per website, and make sure dedicated is selected<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Now switch your domain\/website &#8220;Home &gt; Domains &gt; [domain]&#8221; to the freshly made local IP<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"659\" height=\"253\" src=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-14.png\" alt=\"\" class=\"wp-image-1070\" srcset=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-14.png 659w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-14-300x115.png 300w\" sizes=\"auto, (max-width: 659px) 100vw, 659px\" \/><\/figure>\n<\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"639\" height=\"382\" src=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-15.png\" alt=\"\" class=\"wp-image-1071\" srcset=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-15.png 639w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-15-300x179.png 300w\" sizes=\"auto, (max-width: 639px) 100vw, 639px\" \/><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\" id=\"setting-up-the-cloudflare-zero-trust-tunnel\">Setting up the CloudFlare zero trust tunnel<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Head over to the <a href=\"https:\/\/one.dash.cloudflare.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">CloudFlare zero trust panel<\/a><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"257\" height=\"381\" src=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-16.png\" alt=\"\" class=\"wp-image-1072\" srcset=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-16.png 257w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-16-202x300.png 202w\" sizes=\"auto, (max-width: 257px) 100vw, 257px\" \/><\/figure>\n<\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"198\" height=\"480\" src=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-17.png\" alt=\"\" class=\"wp-image-1073\" srcset=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-17.png 198w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-17-124x300.png 124w\" sizes=\"auto, (max-width: 198px) 100vw, 198px\" \/><figcaption class=\"wp-element-caption\">under access go to tunnels<\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">First, let&#8217;s set up a tunnel<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"386\" src=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-18-1024x386.png\" alt=\"\" class=\"wp-image-1074\" srcset=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-18-1024x386.png 1024w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-18-300x113.png 300w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-18-768x289.png 768w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-18.png 1250w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Create a tunnel<\/figcaption><\/figure>\n<\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"997\" height=\"649\" src=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-19.png\" alt=\"\" class=\"wp-image-1075\" srcset=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-19.png 997w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-19-300x195.png 300w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-19-768x500.png 768w\" sizes=\"auto, (max-width: 997px) 100vw, 997px\" \/><figcaption class=\"wp-element-caption\">I name my tunnels after the hosts they run on,<\/figcaption><\/figure>\n<\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"744\" src=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-20-1024x744.png\" alt=\"\" class=\"wp-image-1076\" srcset=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-20-1024x744.png 1024w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-20-300x218.png 300w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-20-768x558.png 768w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-20.png 1131w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">pick the flavour of OS you are running<\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">I do suggest <strong>NOT<\/strong> to run that curl command.<br>I suggest installing cloudflared with your hosts package manager (so it stays up to date if you have autoupdates enabled)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><br>Installing cloudflared as a service with your package manager (for me AlmaLinux)<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo dnf update\nsudo dnf config-manager --add-repo https:\/\/pkg.cloudflare.com\/cloudflared-ascii.repo\nsudo dnf install cloudflared\nsudo cloudflared service install<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Once you have your tunnel up and running, head over to the tunnel&#8217;s public hostnames<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"705\" src=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-22-1024x705.png\" alt=\"\" class=\"wp-image-1078\" srcset=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-22-1024x705.png 1024w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-22-300x206.png 300w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-22-768x528.png 768w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-22.png 1071w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"619\" src=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-23-1024x619.png\" alt=\"\" class=\"wp-image-1079\" srcset=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-23-1024x619.png 1024w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-23-300x181.png 300w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-23-768x464.png 768w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-23.png 1129w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">(1) pick the domain you want to tunnel to your host.<br>(2) pick the type, in my case I picked HTTPS. <br>(3) point to the local IP you assigned to the website earlier<\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">It might error saying you already have an A record for whatever you are trying to set up, just delete that from your DNS settings and retry the save step.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">give the DNS some time to propagate, and &#x1f389; you now no longer expose your web server to the public internet <\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"some-more-notes-things-that-you-might-have-to-do-too\">Some more notes \/ things that you might have to do too!<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"railgun-cloudflared\">railgun &amp; cloudflared<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">If you have a railgun on your domain, disable that first &#x1f914; my cloudflare tunnel and my railgun were fighting &#x1f94a; and I had to disable railgun<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"tls-verify-ssl-errors\">TLS verify \/ SSL errors<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">I was having some connectivity issues after adding a public hostname. Checking the logs of the <strong>cloudflared <\/strong>service showed there were certificate issues between the tunnel and the locally hosted website, so turn on <strong>No TLS Verify<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">journalctl -u cloudflared.service -f  <\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">under the problematic public hostname, enable No TLS verify<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"380\" src=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-26-1024x380.png\" alt=\"\" class=\"wp-image-1096\" srcset=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-26-1024x380.png 1024w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-26-300x111.png 300w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-26-768x285.png 768w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-26.png 1179w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\" id=\"www-cname\">WWW \/ CNAME<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">a CNAME www -&gt; @ did not seem to work for me, I had to add www. to my tunnel too<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"986\" height=\"896\" src=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-25.png\" alt=\"\" class=\"wp-image-1095\" srcset=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-25.png 986w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-25-300x273.png 300w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-25-768x698.png 768w\" sizes=\"auto, (max-width: 986px) 100vw, 986px\" \/><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\" id=\"disable-your-firewall-rule-for-www\">Disable your firewall rule for WWW<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Once you have your tunnel up and running, I suggest to disable any incoming WWW traffic (80\/443) in the firewall settings<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"632\" src=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-27-1024x632.png\" alt=\"\" class=\"wp-image-1098\" srcset=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-27-1024x632.png 1024w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-27-300x185.png 300w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-27-768x474.png 768w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-27.png 1073w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\" id=\"enable-http2-for-the-tunnel\">Enable HTTP2 for the tunnel<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"517\" src=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-48-1024x517.png\" alt=\"\" class=\"wp-image-1153\" srcset=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-48-1024x517.png 1024w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-48-300x151.png 300w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-48-768x388.png 768w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/image-48.png 1208w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"depending-on-your-firewall-allow-tunnel-ports-out\">Depending on your firewall, allow tunnel ports out<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Since I work with outbound ports closed too, I had to allow some outbound ports for the Cloudflare tunnel to work ( <a href=\"https:\/\/developers.cloudflare.com\/cloudflare-one\/connections\/connect-apps\/do-more-with-tunnels\/ports-and-ips\/\" target=\"_blank\" rel=\"noreferrer noopener\">their documentation<\/a> )<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th>Destination<\/th><th>Port<\/th><th>Protocols<\/th><\/tr><\/thead><tbody><tr><td><code>region1.v2.argotunnel.com<\/code><\/td><td>7844<\/td><td>TCP\/UDP (<code>h2mux<\/code>,&nbsp;<code>http2<\/code>, and&nbsp;<code>quic<\/code>)<\/td><\/tr><tr><td><code>region2.v2.argotunnel.com<\/code><\/td><td>7844<\/td><td>TCP\/UDP (<code>h2mux<\/code>,&nbsp;<code>http2<\/code>, and&nbsp;<code>quic<\/code>)<\/td><\/tr><tr><td><code>api.cloudflare.com<\/code><\/td><td>443<\/td><td>TCP (HTTPS)<\/td><\/tr><tr><td><code>update.argotunnel.com<\/code><\/td><td>443<\/td><td>TCP (HTTPS)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"683\" height=\"1024\" src=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/colin-lloyd-Rur1JU_FOjM-unsplash-683x1024.jpg\" alt=\"\" class=\"wp-image-1085\" srcset=\"https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/colin-lloyd-Rur1JU_FOjM-unsplash-683x1024.jpg 683w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/colin-lloyd-Rur1JU_FOjM-unsplash-200x300.jpg 200w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/colin-lloyd-Rur1JU_FOjM-unsplash-768x1152.jpg 768w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/colin-lloyd-Rur1JU_FOjM-unsplash-1024x1536.jpg 1024w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/colin-lloyd-Rur1JU_FOjM-unsplash-1365x2048.jpg 1365w, https:\/\/cln.io\/blog\/wp-content\/uploads\/2022\/11\/colin-lloyd-Rur1JU_FOjM-unsplash-scaled.jpg 1707w\" sizes=\"auto, (max-width: 683px) 100vw, 683px\" \/><figcaption class=\"wp-element-caption\">Photo by <a href=\"https:\/\/unsplash.com\/es\/@onthesearchforpineapples?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText\" target=\"_blank\" rel=\"noreferrer noopener\">Colin Lloyd<\/a> on <a href=\"https:\/\/unsplash.com\/s\/photos\/sun-flare?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText\" target=\"_blank\" rel=\"noreferrer noopener\">Unsplash<\/a><\/figcaption><\/figure>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>I was using firecove to reconfigure my OVH&#8217;s firewalls to only allow cloudflare connections, but there are better and newer ways! &#x1f680; Since I&#8217;m a CloudFlare customer already the entry bar for using CloudFlare&#8217;s new [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1083,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[48,26,37],"tags":[],"class_list":["post-1066","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-it","category-networking"],"_links":{"self":[{"href":"https:\/\/cln.io\/blog\/wp-json\/wp\/v2\/posts\/1066","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cln.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cln.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cln.io\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cln.io\/blog\/wp-json\/wp\/v2\/comments?post=1066"}],"version-history":[{"count":13,"href":"https:\/\/cln.io\/blog\/wp-json\/wp\/v2\/posts\/1066\/revisions"}],"predecessor-version":[{"id":1219,"href":"https:\/\/cln.io\/blog\/wp-json\/wp\/v2\/posts\/1066\/revisions\/1219"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cln.io\/blog\/wp-json\/wp\/v2\/media\/1083"}],"wp:attachment":[{"href":"https:\/\/cln.io\/blog\/wp-json\/wp\/v2\/media?parent=1066"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cln.io\/blog\/wp-json\/wp\/v2\/categories?post=1066"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cln.io\/blog\/wp-json\/wp\/v2\/tags?post=1066"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}