This article demonstrates how to use a Cloudflare tunnel to secure Plex. As part of our server management services, Skynats provides answers to all of your questions.
Using Cloudflare Tunnel to Secure Plex
For a tunnel to function on the server, a client must be installed and configured to establish a secure connection with the upstream proxy. Even though tunnels are great for getting the origin on the public internet without piercing the firewall or opening ports on the router, anyone with the address can still access our Plex login page.
The next few steps configure Cloudflare access so that only we can access our Plex. Everyone else will see a Cloudflare "access denied" page.
- Free creation of a Cloudflare Zero Trust account
- Tunnel Configuration
- Route Creation For Tunnel
- Creation of a Cloudflare Access application
Free creation of a Cloudflare Zero Trust account
Create a free account on Cloudflare Zero Trust first.
Tunnel Configuration
The Installation of the Cloud Flare
# Install cloudflared brew install cloudflare/cloudflare/cloudflared cloudflared tunnel login # this will open a browser for you to log in.
The cloudflared Configuration
# Ensure the config directory exists mkdir -p ~/.cloudflared # Create a new tunnel. Be sure to save the output of this # command as it contains the Tunnel UUID needed in the next steps. cloudflared tunnel create plex TUNNEL_UUID=<tunnelUUID> cat << EOF >~/.cloudflared/config.yaml tunnel: ${TUNNEL_UUID} credentials-file: /Users/${USER}/.cloudflared/${TUNNEL_UUID}.json ingress: - hostname: plex.example.com service: http://localhost:32400 - service: http_status:404 EOF # Install the service to run at login cloudflared service install
Route Creation For Tunnel
To attach the tunnel to the specified hostname, use the code below:
cloudflared tunnel route plex plex.example.com
Creation of a Cloudflare Access application
To ensure that no one else can access our Plex origin server, create an app to use the Zero Trust Dash.
- On the left-hand navigation, select Access >> Applications and then "Add an Application."
- Then choose the option "Self-hosted."
- After providing the necessary information in the space provided, click "Next."
- Before scrolling down to the "Create extra rules" section, keep "Allow" selected as the rule action and enter a policy name.
- From the drop-down menu, select "Email," and then enter the email address into the box to the right.
- Once more select "Next," click "Add application." After that, the app ought to show up in the dashboard.
Last but not least, navigate to the tunnel route we created and enter the email we used to create the app policy. The email will then show a code. After entering that code, we will be taken directly to the Plex server.
Conclusion
The article offers a straightforward procedure for using the Cloudflare tunnel to secure the Plex server. Combining Cloudflare Tunnels and Cloudflare Access allows for the security of the entire stack, not just Plex.