Cloudflare integration with Workers and Access
I’m relatively new to web dev but it seems like I can generally improve many aspects of my project by working through Cloudflare.
Currently my project is a Java App running in a Docker container on a dedicated server. I’m using Cloudflare tunnel to proxy the traffic through a non standard port and the DNS is also managed by CF. I have around 193GB and growing video, audio, documents, and 3D models that reside on the dedi. I’m looking into moving those to R2 storage. Q1: Do I need to cache these files locally on my machine or can they be streamed directly from R2?
Secondly - my researching also put me across workers and access. From what I understand I can use Workers to handle the Google Auth and return a session token for the site but I’m unsure how to approach this or how I’m supposed to trust the session token or if I’m misunderstanding this. I do know that once I can trust the email and account that’s accessing the site - I’m in a better position to limit who has admin dashboard acccess via reauthenticating them via CF Access, since I trust my own authentication about as much as I would a toddler with a primed nuclear launch button.
I’m mostly looking to see if I’m on the right track, while the project has purpose -it’s quite a bit of a learning curve for me as practically all other websites I’ve made have been static.
Thanks ☺️
3 Replies
Do I need to cache these files locally on my machine or can they be streamed directly from R2?Depends on what you are doing with them 🙂 Video files and images can be served directly from R2. But if you want to work with them because you want to edit them and stuff like that you would need to download them, process them and re-upload. Not sure that answers your question though. It might help to search for your use case in combination with S3. This service from AWS is similar to R2 and much older. Generally most things that S3 is capable of R2 can also do. Not very helpful but also not much info to go of. You second question is using workers and access. You can indeed let a worker perform the OAuth dance, you don't even need workers if there is nothing special and you could use zero trust instead as a managed option, although you pay per user there which might not be what you need. Then onto the point how your application can know and trust which user is authenticated. This works the same for your own worker or zero trust (usually) and it works with JWT token. They can be validated locally to be valid and created by Cloudflare/your worker and the information therein provides information about the authenticated user. So your app could have a middleware that reads that JWT and validates it and sets up the correct user to be authenticated for example. That is how it generally works. Hopefully this helps a little bit in your understanding.
Yes - esp the workers. JWTs was the gap I was missing.
The files are videos for streaming to the end user. I’m aware of CF Stream but it’s a bit too pricey for my budget. I’m unsure if that changes anything. The R2 would basically act as file storage.
As long as you don't need YouTube level resolution selection and just want to serve the video files as they are to the user R2 is perfectly suitable. You would Cloudflare Stream if you want to on-demand transcode the video files basically. But you can do that work yourself and store the results on R2.