When to use cloudflare tunnel + nginx or just nginx + cloudflare dns
We are running a kubernetes cluster for prod traffic with customers around the country. Our current setup is nginx load balancer + lets encrypt + external dns. We are switching DNS over to cloudflare for the WAF and ddos protection. Our two options are two use nginx and block all traffic not from cloudflare ips, or to close the nginx to external traffic and route it all through a cloudflare tunnel. What would the recommendation be here? We are very security conscious as we have sensitive data, but would prefer not to compromise on latency/throughput.
3 Replies
Awesome thanks! Any advice on how best to connect it to an nginx load balancer? I have the load balancer setup and routing, and want to maintain it through the tunnel
does that mess up the routing?
since the routing happens on the load balancer
One thing to keep in mind is the hostnames / host header for routing.
Yeah -- how would I ensure that they're maintained?
gotcha -- and in this case should I just not use any tls? Or still use tls from internal (nginx) to cloudflared? If I still use it should i do certs through cloudflared? Thanks
all in aks
so same vnet