search

Cloudflare Zero Trust

Time Required

1 Hour

Difficulty

Easy

Required Knowledge

SSH

hashtag
Set up Zero Trust

  1. Browse to https://one.dash.cloudflare.com/arrow-up-right

  2. Follow the onscreen steps to create a Zero Trust organization

  3. When prompted select the Free Zero Trust plan - you will still need to provide payment details

circle-info

Source: https://developers.cloudflare.com/cloudflare-one/setup/#create-a-zero-trust-organizationarrow-up-right

hashtag
Set up your first Access Policy

hashtag
Administrator / your policy

In this step, we will create your generic access policy. This policy will be configured to allow only your email address to access resources

  1. Open your Zero Trust dashboard, https://one.dash.cloudflare.com/arrow-up-right

  2. On the left, select Access Controls > Policies

  3. Click on Add a policy

    1. Basic Information:

      Policy Name

      Your name or 'administrator'

      Action

      Allow

    2. Add rules:

      Selector

      Emails

      Value

      Your email address and/or the list of other 'administrators'

  4. Click on Save

hashtag
Friends and Family Policy

In this step, we will create your generic 'friends' access policy. This policy will be configured to allow your specific friends, email email address, to access certain applications

This policy set is useful for specific items that you want to lock down to specific people

  1. Open your Zero Trust dashboard, https://one.dash.cloudflare.com/arrow-up-right

  2. On the left, select Access Controls > Policies

  3. Click on Add a policy

    1. Basic Information:

      Policy Name

      Friends and Family

      Action

      Allow

    2. Add rules:

      Selector

      Emails

      Value

      A list of email addresses you wish to allow

  4. Click on Save

hashtag
Everyone Policy

In this step, we will create your generic 'everony' access policy. This policy will be configured to allow ANYONE to authenticate

triangle-exclamation

Any applications using the policy will be accessible to the public internet - use this with caution

  1. Open your Zero Trust dashboard, https://one.dash.cloudflare.com/arrow-up-right

  2. On the left, select Access Controls > Policies

  3. Click on Add a policy

    1. Basic Information:

      Policy Name

      Public Internet

      Action

      Allow

    2. Add rules:

      Selector

      Everyone

  4. Click on Save

hashtag
Set up Wildcard application

This is your 'default' application for your site. Anything set to use policy tld_default in Dockflare will use this application for its Authentication

  1. Open your Zero Trust dashboard, https://one.dash.cloudflare.com/arrow-up-right

  2. On the left, select Access Controls > Applications

  3. Click on Add Application

  4. Select Self Hosted

    1. Application name: Your Domain name

    2. Click on 'Add public hostname'

      1. Subdomain: *

      2. Select your first domain

    3. Access policies: Select existing, then select your Administrator policy

    4. Click on Next

    5. Click on Next

    6. Click on Save

  5. Repeat for each domain

Now all of your subdomains are secured. If you wish to secure your root domain (eg example.com), follow the same but leave subdomain (Bi) blank

PreviousDynamic DNSNextDockFlare (Tunnel management)

Last updated