Hi everyone,
I am seeking advice regarding my home network setup.
I am interested in using a proxy from Cloudflare for my home network. I have a resident IP (static IP) that I would like to mask without experiencing a significant change in network speed (I have a 1 Gbps internet connection). Additionally, I have some local development environments with nginx reverse proxy on my machine using my domain, which needs to be accessible from outside the network (hence the need for a static IP).
Could you please recommend which service from Cloudflare I should use or purchase for this purpose? Does Cloudflare provide the type of proxies I need? I prefer Cloudflare because I plan to use self-hosted applications within a zero-trust service environment.
Note: Can I transfer my .icu domain to Cloudflare? As far as I can see, Cloudflare doesn’t support .icu domains at the moment.
Yeah it’s Cloudflare Warp for the “proxy” use case and Cloudflare Zero Trust Tunnels for the dev environments. The free/small business tier is quite adequate. Not sure about how much overhead Warp will induce on a 1 gigabit connection but they’re independent services so you can just choose to not proxy your home internet traffic via warp and still utilize tunnels
I am doing this with the domain I own and use from my home network. I use both the normal Cloudflare proxied IP’s and the WARP tunnels.
At my office we use Cloudflare business ($2400 a year) to protect our cooperate network and DNS infrastructures.
You can signup for a cloudflare account free, setup proof of domain ownership or even use them as a registrar for some domains, ICA is not one of them. After that you setup the DNS entries you want to protect and set your domain root dns entries to use the cloudflare supplied names they will give you x2 name servers to populate in your registar.
After that you can enable and disable services on a per A or CNAME record basis in cloudflare. The basic accounts have a few rules to help do things like cache content from webservers and optimize java code etc… Then you can use the ‘zero trust’ panel to configure WARP and network access. You can even use SAML authentication in front of of pages and services that don’t support it natively. In my case I use it to add 2FA to key systems, as well as reverse proxy connection back into your network. There is no charge for 99% of what I just listed. Where you start to hit issues is if you need to have them handle lots of traffic, lots of rules, or lots of logging (logging is what I needed and why we pay).
With the default 5 rules, I was able to reduce the attack surface of our forward facing websites by more then 95%. Between bot protection and geo locking services, to locking out URI paths such as ‘https://*/wp-admin’ to only trusted IP’s its been a huge help.
You don’t need a static IP if you use a CF tunnel+ imo it’s easier to setup and more secure
yes, you can, and you can try https://github.com/seadfeng/cloudflare-proxy-sites to Mirror Any Website using cloudflare worker
U can definitely use a .icu domain but can’t renew it from cloudflare.
thank you for answer, but i don’t see any options for poxy in Cloudflare Warp, only application that sets DNS, but i am already have it, and also i want to set proxy for all home network via router/switch.
What do you mean by “proxy”? HTTP proxy, a VPN in the IP masking sense, or reverse proxy? WARP and Cloudflare Tunnel are part of the “Zero Trust” product suite and have a different dashboard. For the reverse proxy use case behind a firewall, you want Cloudflare Tunnel. For HTTP proxy, DNS filtering, or VPN, you want Cloudflare WARP. WARP contains an encrypted DNS gateway, HTTP proxy, and VPN product under its umbrella, where one or all of those products can be enabled when using WARP. It’s a bit confusing but browsing around the Zero Trust dashboard will make it make a bit more sense of what the various products do.
Thank you for answer. I want to mask IP address for all home network, can i use WARP on my router or only locally on machine where it is installed?
Up to how you want to design your network. “Gateway with WARP” acts like a VPN (and you can install it as a wireguard config if the consumer version is enough). I’d probably recommend device though since then you can easily turn it on/off when needed as the overhead may be annoying and increase latency, as with all VPNs. If you wanted to install it network-wide then unless using the consumer wireguard config you’ll probably need to route traffic via a Linux server acting as a second gateway unless your router is Linux and allows easy root cli access. Warp isn’t for FreeBSD as far as I can tell.