Cloudflare pages app behind ZeroTrust/Access

I have a working Pages app on Cloudflare that I would now like to protect using ZeroTrust Access. I have set it up, and connected to my Google Workspace, created an Access Group with rules etc. Reading the Docs I have three questions 1) a Pages app I deploy qualifies as a "self-host" app, right? 2) in the "Add an application" page of Zero Trust UI the "self-hosted" option is greyed out and the tooltip says "...can be added one I have an active Zone on cloudflare" - how do I create an active zone? (doc link?) 3) Then I can use the methods & functions described in https://developers.cloudflare.com/pages/functions/plugins/cloudflare-access/ for my Pages app to get GroupId, etc, right?
Cloudflare Docs
Cloudflare Access · Cloudflare Pages docs
The Cloudflare Access Pages Plugin is a middleware to validate Cloudflare Access JWT assertions. It also includes an API to lookup additional …
8 Replies
mackenzie
mackenzieOP9mo ago
I don't see anywhere more specific to ask this question, as it's really about ZeroTrust/Access, is there such a place?
Cyb3r-Jak3
Cyb3r-Jak39mo ago
An active zone means you have your domain pointed to Cloudflare’s name servers. Though I thought it worked with the pages.dev domains. But you can create pages.dev via the button under the pages project settings.
mackenzie
mackenzieOP9mo ago
Thanks. I have it setup already at a custom domain - in Pages project > Custom Domains. In Settings I can't see any such setting... Not sure how to setup an "active zone" 😦
Metriusz
Metriusz9mo ago
When you go to https://dash.cloudflare.com/ and get to the Websites tab, is your domain there? If it is - it's an "active zone" I did just confirm to be sure and you can't add a domain that's not set up as an active zone as a Pages custom domain So you should have it set up
Hello, I’m Allie!
1. Yes, they are self-hosted. 2. A Zone is a domain. You need to register a domain, either with Cloudflare Registrar, or another registrar. Then, you can add the Cloudflare Nameservers to activate it as a zone. 3. Yes
mackenzie
mackenzieOP9mo ago
Thanks for responses - I'm setting that up now as a domain in websites (need to change nameservers and that takes time) OK, I think I've set that up for my app - now to figure out how to use it.. So far, I’ve just managed to break DNS for my domain 🙂 So, some learning required… NSURLErrorHTTPTooManyRedirects
Cyb3r-Jak3
Cyb3r-Jak39mo ago
If you have TooManyRedirects then change your SSL mode from Flexible to Full (Strict)
mackenzie
mackenzieOP9mo ago
I ended up fixing it by (I think) after change of nameservers from my registrar to CF, deleting my site in the dashboard, then recreating..... And things magically worked again....
Want results from more Discord servers?
Add your server