Cloudflare pages app behind ZeroTrust/Access
I have a working Pages app on Cloudflare that I would now like to protect using ZeroTrust Access. I have set it up, and connected to my Google Workspace, created an Access Group with rules etc.
Reading the Docs I have three questions
1) a Pages app I deploy qualifies as a "self-host" app, right?
2) in the "Add an application" page of Zero Trust UI the "self-hosted" option is greyed out and the tooltip says "...can be added one I have an active Zone on cloudflare" - how do I create an active zone? (doc link?)
3) Then I can use the methods & functions described in https://developers.cloudflare.com/pages/functions/plugins/cloudflare-access/ for my Pages app to get GroupId, etc, right?
Cloudflare Docs
Cloudflare Access · Cloudflare Pages docs
The Cloudflare Access Pages Plugin is a middleware to validate Cloudflare Access JWT assertions. It also includes an API to lookup additional …
8 Replies
I don't see anywhere more specific to ask this question, as it's really about ZeroTrust/Access, is there such a place?
An active zone means you have your domain pointed to Cloudflare’s name servers. Though I thought it worked with the pages.dev domains.
But you can create pages.dev via the button under the pages project settings.
Thanks. I have it setup already at a custom domain - in Pages project > Custom Domains.
In Settings I can't see any such setting...
Not sure how to setup an "active zone" 😦
When you go to https://dash.cloudflare.com/ and get to the Websites tab, is your domain there?
If it is - it's an "active zone"
I did just confirm to be sure and you can't add a domain that's not set up as an active zone as a Pages custom domain
So you should have it set up
1. Yes, they are self-hosted.
2. A Zone is a domain. You need to register a domain, either with Cloudflare Registrar, or another registrar. Then, you can add the Cloudflare Nameservers to activate it as a zone.
3. Yes
Thanks for responses - I'm setting that up now as a domain in websites (need to change nameservers and that takes time)
OK, I think I've set that up for my app - now to figure out how to use it..
So far, I’ve just managed to break DNS for my domain 🙂
So, some learning required…
NSURLErrorHTTPTooManyRedirects
If you have TooManyRedirects then change your SSL mode from Flexible to Full (Strict)
I ended up fixing it by (I think) after change of nameservers from my registrar to CF, deleting my site in the dashboard, then recreating..... And things magically worked again....