When to use cloudflare tunnel + nginx or just nginx + cloudflare dns

We are running a kubernetes cluster for prod traffic with customers around the country. Our current setup is nginx load balancer + lets encrypt + external dns. We are switching DNS over to cloudflare for the WAF and ddos protection. Our two options are two use nginx and block all traffic not from cloudflare ips, or to close the nginx to external traffic and route it all through a cloudflare tunnel. What would the recommendation be here? We are very security conscious as we have sensitive data, but would prefer not to compromise on latency/throughput.
3 Replies
banjomine
banjomineOP9mo ago
Awesome thanks! Any advice on how best to connect it to an nginx load balancer? I have the load balancer setup and routing, and want to maintain it through the tunnel does that mess up the routing? since the routing happens on the load balancer
Cyb3r-Jak3
Cyb3r-Jak39mo ago
One thing to keep in mind is the hostnames / host header for routing.
banjomine
banjomineOP9mo ago
Yeah -- how would I ensure that they're maintained? gotcha -- and in this case should I just not use any tls? Or still use tls from internal (nginx) to cloudflared? If I still use it should i do certs through cloudflared? Thanks all in aks so same vnet
Want results from more Discord servers?
Add your server