Cloudflare Developers•9mo ago

is it possible to interface tunnels with workers?

is it possible to make calls from workers to tunnels without necessarily exposing the tunnels directly to the internet via a domain?

18 Replies

Erisa•9mo ago

Not really, the closest you can get is protecting the tunnel hostnames with Access and adding a Service Token as a secret to the Worker

ecc0OP•9mo ago

very interesting, i haven't worked with Access at all. can you give a quick summary of how that would be done? is there a library available to the workers that works with Access?

Erisa•9mo ago

You just create a Service Token: https://developers.cloudflare.com/cloudflare-one/identity/service-tokens/ And then add the ID and secret of the token to your Worker env/secrets and send all your requests with CF-Access-Client-Id and CF-Access-Client-Secret headers Its not the most perfect security in the world (relies on a static secret) but its as good as you can get

ecc0OP•9mo ago

alright, i've figured out how to create a service token. and I think i can figure out how to set those headers. but how do i set a tunnel to be protected by the service token?

Erisa•9mo ago

As an aside, if you do this then make sure the tunnel Public Hostname as the "Protect with Access" option enabled has well as the Access policy existing https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/origin-configuration/#access-settings

ecc0OP•9mo ago

ah, i see it: