Это видео недоступно.
Сожалеем об этом.
Accessing Synology Services with a Cloudflare Tunnel is AWESOME
HTML-код
- Опубликовано: 14 авг 2024
- Accessing services using a Cloudflare Tunnel (Zero Trust Network) is an easy, and secure way to access any local service remotely.
🎯 Tutorials, comparisons, reviews: www.wundertech...
✅ Docker Compose: www.wundertech...
✅ Purchase a Domain (Affiliate Link): www.wundertech...
✅ Cloudflare Tunnel Privacy Concerns (@christianlempa): • You should NOT use Clo...
🚀 Hire Me: www.wundertech...
⚡Best Synology NAS Devices: www.wundertech...
⚡Product Recommendations: link.wundertec...
🔔 Subscribe for more tech-related tutorials and overviews: link.wundertec...
DISCLAIMER: The information in this video has been self-taught through years of technical tinkering. While we do our best to provide accurate, useful information, we make no guarantee that our viewers will achieve the same level of success. WunderTech does not assume liability nor responsibility to any person or entity with respect to damage caused directly or indirectly from its content or associated media. Use at your own risk.
WunderTech is a trade name of WunderTech, LLC.
0:00 Intro
0:40 Cloudflare Tunnels (Zero Trust Network)
1:20 Configuring Cloudflare for a New Domain
3:53 Cloudflare Tunnel Configuration (Docker)
5:44 Adding a Service for Remote Access
7:47 Adding Authentication for Remote Access
8:45 Creating Access Groups
10:40 Adding Security/Authentication to a Service
13:16 Accessing our Services using Authentication
15:03 Zero Trust Network Privacy Concerns
Great video and easy to follow along tutorial. I had one hiccup because of the way I had my Synology firewall configured - it was blocking the IP address of the Cloudflared container. I had Cloudflare tunnel setup and all Synology services were working only to find out that the Synology Drive client will not work using Cloudflare tunnel. This was a deal killer for me. It is worth mentioning this limitation in any future tutorials covering Cloudflare tunnels.
Thanks a lot, Amazing.
Please do a more in depth video of what other stuff you can do with cloudflare.
Thanks
Great video Frank. This was a great refresher for me. Not much has changed since I did my vid on this topic. Great job!
Thanks, Tony! I appreciate you watching! It's a really great tool, very impressive how easy it is to set up and configure.
the biggest problem is that it is impossible to upload files larger than 150 MB. how to solve this?
On cloudflare i can't sync photos with videos over 100mb, with direct connect i can, i use both options, one for sync and one for speed
Great Video! I would be happy to learn more about the Cloudflare possibilities. Greetings from Switzerland
Excellent video Frank. I think Cloudflare tunnels is absolutely the best remote access option even before considering other security layers you can configure on top of the tunnel like Cloudflare firewall rules etc. ever since i switched to Cloudflare tunnels, i never looked back
Thanks for the feedback, Avi! I just started using them so I don't have any opinion on long-term usage, but it's great to hear you've had a positive experience and I appreciate you sharing. Thank you for watching!!
Awesome video...will definetly do that 🙂 FYI: You missed a "L" in your Project name in Container Manager.
Didn't even realize that - thank you very much and thank you for watching!!
Thank you for your video! It works great when opening through the browser. But can I connect my Drive Client with it? I tried by creating domains for dsm and drive however the client still show "Connection failed. Check the network settings and try again" (rough translation. i'm using different language for drive client). Have anyone tried this before? What am I doing wrong?
It looks very cool. I tried it and I liked it because the speed is very incredibly fast. But how to protect a public address? I can do protection, but I need to connect via WebDAV. how to do it?
This was a very good video, thanks for this. If you want please also get more advanced on other stuff 🙂
Excellent. I'd like to learn more about Cloudflare. Thanks
This is an awesome video... not many content makers go into security overlays and specific sub-domains! Question though...if you were going to expose Immich say to a few family members android phones would you trust a CF Tunnel? or would you set up tailscale on their phones and insist they VPN into your home network?
Thanks! In my opinion, a VPN would be better for that. I'm not sure how the uploading/downloading of files would be in terms of the Cloudflare TOS, but even outside of that, a VPN just works well in scenarios like that.
Interesting option. Thanks for the great vids!
Brill vid I love cloudflare tunnels so useful thank you
It’s very tempting just because of the simplicity. I just know that if cloudflare gets hacked down the line I’ll regret not sticking with my own vpn
I still feel it's better to run your own Wireguard VPN and not rely on 3rd parties. Even with using port forwarding, Wireguard uses UDP ports and will just drop off any connection attempts to it if it doesn't match the key making it very secure.
But Synology’s kernel is too old and doesn’t have WireGuard module. You either need to install a 3rd party Synology package to patch the module, which is sketchy, or use a separate Linux box for WireGuard.
@@chekiechen Just install via docker which is now known as 'container manager' in Synology.
It’s what I use with the built in Wireguard VPN server of my UDM Pro. I’ve tried all the other overlay networks, cloudflare tunnels and it’s just easier to use the unifi wireguard.
Great vid, thanks Wunder!
I run heavy data requirements for my company. Synology drive, Active back up, plex, etc. Since cloudflare is the middle man. I'm sure they're going to take issue with high data usage. It would be suggested that you'd need to leave open ports for those services? Ex. 6690, 5510, plex ports. I've been toying with this option for some time. But never got around to it because of data requirements.
Correct - there are some services (like media servers) that are banned by Cloudflare's TOS, so it makes sense to review them if you're using them in an enterprise space.
@@WunderTechTutorials Roger that, i'll find other means to accomplish that.
Can you do a video on how to set up Cloudflare tunnel using docker on UGreen Nasync? Docker options are different on ugos OS. I don't see a way to add compose file info, unlike Synology docker which has project tab.
I'm trying to get this to work for my SFTP service on DSM, but it's not working. FileZilla won't connect to the domain. But connects to the ip if I open the port. Regular HTTP DSM interface works fine through the tunnel, but can't get proxied connection to SFTP. Ppl on the forums are saying that you need Cloudflared on both client and server for SFTP to work, but that doesn't work for me. The only other option is paid Cloud Flare with Spectrum? or is there a way to make SFTP work on CF's free service?
I don't think it'll work with SFTP.
Thx
Thank you WunderTech very nice video.
May i Ask is this means that the server side does not require Public IP anymore ?
Please create one subdomain for Homeassistant. Because it gives "400: Bad Request" error
I'm new to the nas world. Is this safe? Safer/better than quick connect?
Great Video as a FREE solution!
Right, so the connection must originate from Docker for it to be agnostic to the assigned public IP.
It must originate from inside the network that has access to the services you want to expose. Docker is convenient, but not required.
I'm curious if this can be used to alleviate issues around exposing a nas hosted plex server that is stuck behind an ISP's double NAT.
Same questions here. So far I have bypass this issue with Tailscale which I like but the only issue is having my family run two apps
It is against their TOS unfortunately to use media servers.
@@WunderTechTutorials Can we do a more advanced config though and enable containers thru CF and Plex via normal methods or do we need to go all in and route everything through CF?
Great video as always, Have had my tunnel setup with host network for a long time. With your method, it create and uses bridge network. I have to use the ip from the bridge network instead of the lan ip i normally use for the nas. Is there any other setting that i missed? Thanks.
Thanks! Do you mean inside of Cloudflare? You can't use the local IP of the NAS?
@@WunderTechTutorials correct. I made sure firewall is off, but it's still not possible to use local IP of NAS. I check the log and it says unable to reach origin service. Though I can use local ip address of other device. i.e. router. just not the NAS itself. the reason I ended up using host network before.
I get a Host Error 502, something about the first report doesn't look like a TLS handshake??? :(
Any tips?
Are you using HTTPS and did you check off the ignore TLS option?
@@WunderTechTutorials yes, Https and ticked off the ignore.
If I set it up to use the 443 port I get a 404 error... All very strange.
Super Video!
Please give us all the options and combination in a yt video
So the ISP provided dynamic IP address is handled by the Synology initiating the tunnel? How much trouble is there when your ISP changes it? I'm pretty sure most providers don't change that often. Xfiniti maybe changes mine monthly.
No, it's a direct connection from Docker to Cloudflare so no IP issues like that.
@@WunderTechTutorials If ur home IP changes, won't that affect the domain routing?
Can I use smb and synologydrive with cloudflare?
Drive yes, SMB no...but yes if you use WebDAV.
@@WunderTechTutorials i used private network and zerotrust hope its save. 🥲
Great video. I use Cloudflare for my domain and my Synology NAS running Docker (for Unify). I would like to set up a Google Photos share for our family. With the setup in your video, it looks like I add family members to my nas and then use Synology photos. What do you think? another question, how do i disaggregate the network on the nas (i have a ds w 4 gbe's). so i only expose part of the nas (for those family members).
I run photos share for my family (+10 members). Quick connect is pretty fast for photos. If you live in the US they wouldn't feel anything. And it's more secure than doing this. I can see other use case but for just photos it's not needed.
@@hassan_ksu Thanks !! ill try use quick connect. i have some family members in Europe, hope it works for them too
Yes, you'd use Synology Photos and then either QuickConnect or something like this for access. The network as you're explaining isn't really a way to increase security - it doesn't work like that.
I wish I knew more about VLANs, I have an RT2600 I don’t know how I would implementing a segregation
I hope to get a Synology router one day to test with and if I do, I'll definitely create a video like that!
Can this works for Plex? I'm asking as plex would use a lot of bandwidth so after how much are they going to say no?
It will not unfortunately - it's against their TOS to stream media.
@@WunderTechTutorials Thanks
@@WunderTechTutorials That's kind of a huge bummer. I guess transferring large files like 20-60gigs would run into the same issue?
WOW, this is so cool! Thank you
Tried to get this to work over and over again.. Keeps telling me "Unable to reach origin host" I went over and over this documentation, To no avail. I'm bummed.
That's on the Cloudflare side I imagine? Is the container running (green) on the NAS side?
@@WunderTechTutorials Not really, it seems to be internal. I run pfsense. PFB/snort disabled along with rules created. It was telling me it couldn't connect to origin server. Tried everything, TLS/HTTP/HTTPS. I tried it at my office on a basic router, worked flawlessly. So it's apparent that PFSENSE is blocking LAN side, not WAN side. But i cannot find the logs. (and yes, it's showing healthy)
@@rephlexc I am having the same issue. I use Unifi gear but the cloudflare tunnel on my Synology NAS starts then will stop running - multiple errors are in the container log regarding can't access different things with Cloudflare. EDIT: my problem I just figured out. It was the firewall running on my Synology NAS. I disabled it completely for troubleshooting and the Cloudflare connector resolved immediately. Guess I need to add an exception in the Synology firewall rules for the IP of the Cloudfared container.
@@dereknoll yeah, at first i thought it was my geofense i made to only allow my country. So I disabled completely. Made no difference. So far, I've tried on 3 Different synology at two different locations. Still cannot get to work. I installed on Debian baremetal. Works great.. AYE!!!!
@@dereknoll yeah, i've been battling this for a week. Ironically, i installed it on my clients 1621+ works perfectly using his methods. Only thing I can think of that could be causing issue for me is that I used bonded links to much switch.
Thanks
Looks like a Synology reverse proxy config with extra steps
It functions very similarly on the surface but if you've never used Cloudflare, there are a ton of security controls, bot protections, analytics (seeing which country/IP connections are coming from), etc. Not the best option for everyone but a decent option for a lot of people.
👍 Frank
I asked someone once; how do I make my usb drive accessible when I’m out? Get a synology nas they said. I’ve stumbled my way through many, many hours of knowledge bases, tutorials, manuals, channels, and have got it to work. No idea if it’s optimal. No idea if it’s as secure if it could be. Most of it is double Dutch and lingo. I found it infuriating that most synology informed to assume that you were across IT. Thank goodness for channels like yours, but still I feel like a deer in the headlights. There has to be a simple interface lying in wait to take care of setting it up and then doing day to day monitoring, and I don’t mean DSM with its 85 million options.
It is definitely like drinking out of a firehose in the beginning, but it slowly starts to make more sense as time goes on. Take it slow and break it up into chunks - that's what worked for me many years ago!
Do you actually use this to have someone backup their stuff, you know, what a NAS is most used for? I mean, something like Plex ia also a no go.
Overall, I think it's a tool totally dependent on the requirements. Just like a VPN is a great option for some and bad option for others.
Those Trerms of service though
Absolutely - the biggest requirement for using this is understanding the TOS and potential privacy concerns.
@@WunderTechTutorialsWould like if you could show other options such as authentik in front of a reverse proxy which would be a "self hosted" version of authentication without the privacy concerns.
It’s not awesome it’s shit . You can’t upload files larger than 100mb. Just in case you are here watching that tutorial and wasting your time just to find out what I just said in the first sentence . amen
I don't think that one thing makes it a bad product. Bad at certain things? Sure, but there are poor use-cases for legitimately every single option out there depending on your requirements.
This doesn't look much different than what a tabletop watchguard firewall will already do for you, no dependency on cloudflare needed. Yes, watchguard isn't free.. actually closer to $100/month for their security services and business features. And, yes, they have their own cloud powered stuff too and the hardware is just embedded system running custom code on top of linux with various open source projects pre-integrated plus other commercial stuff. But, definitely more reliable than cloudflare..
There are definitely more and potentially better options out there, but I think this is a good option for home users (assuming they're okay with the TOS).
Or... you can use any domain hosting site with DDNS and self hosted NGINX PM with a Let'sEncrypt wildcard cert. No?