cf-tunnel-gate

CF Tunnel Gate is a secure Reverse Proxy, Web Application Firewall (WAF), and Intrusion Prevention System(WAF), designed for self-hosted projects and backed with Cloudflare Tunnels. This project combines a number of common open source tools in a single Docker Compose application preconfigured for easy setup with just a few environment varables.
Basic usage for most use cases is covered below, please see each project for additional configuration information.

For more detailed information and insights about the project, check out this dev.to post.

Backing Containers:

• cloudflare/cloudflared
• binbashing/owasp-crs-ngxblocker
• binbashing/fail2ban-cf-iplist

Installation

Cloudflare setup:

1. Create a Cloudflare Tunnel (How-to).

• Set the tunnel Service to https://cf-tunnel-gate:8443 (Section 2, Step 2 of the above How-to)

2. Generate a Cloudflare API Key with the following permissions (How-to).

• Account:Account Filter Lists:Edit
• Account:Account Filter Lists:Read
• Account:Account Settings: Read

3. Create a Cloudflare Custom IP List named fail2ban (How-to)

4. Create A Cloudflare Custom WAF Rule which block traffic from IPs in the fail2ban custom list. (How-to)

Local setup:

1. Make sure you have Docker, Docker Compose and git installed

2. Clone the CF Tunnel Gate repository git clone https://github.com/binbashing/cf-tunnel-gate.git

3. Using .env.example as a template create your .env file and set the necessary values.

4. Start the containers with docker compose up -d

5. Test that your proxied service is available via your tunnel URL.

6. Configure nightly updates. A simple cron to run docker compose restart or restart of the host is recommended to get regular updates.