CF tunnels are a way to bypass NAT but they are not really secure. There’s no authentication, just a WAF and some bot detection. It’s not really comparable with a VPN or Tailscale.
Comment on as a noob, should I connect jellyfin with tailscale using OIDC?
Postmortal_Pop@lemmy.world 2 days ago
I actually found it far easier to connect it through cloudflared tunnel service. Grab a cheap domain name through them and then just follow the guide on their website. Took me longer to type this message than it did to get running and I’ve managed to fail at setting up the Arr suite 3 times now despite it basically being copy paste.
I paid maybe 15 bucks total to have someone else doing all the hard work for the next 5 years and all I have to do is go to my website and log in. No VPN, no port forwarding, and it works on every platform.
lemmyvore@feddit.nl 2 days ago
KairuByte@lemmy.dbzer0.com 2 days ago
Cloudflare tunnels have a zero trust option to them. You can authenticate through a number of sources, including arbitrary OIDC.
eager_eagle@lemmy.world 2 days ago not true, you can enable authentication
irmadlad@lemmy.world 2 days ago Jellyfin and Cloudflare Tunnels/Zero Trust might present some problems. Yes, it will undoubtedly work, however, streaming video through Cloudflare Tunnels/Zero Trust is against the TOS. Now, I suspect that if you had one user, you’d probably slide by. 10 users streaming large video files at a sustained rate would probably raise a red flag. I stream audio through Cloudflare Tunnels/Zero Trust and have had no issues, tho I am the only user. There are other alternatives to Cloudflare Tunnels/Zero Trust such as NetBird, ZeroTier, Headscale, or Tailscale. Just something to consider.
- eager_eagle@lemmy.world 2 days ago
I believe that’s not in their terms for years now, at least in my untrained eyes
- irmadlad@lemmy.world 2 days ago
I’ve read blogs that talk about video streaming/TOS issues. Personally, I have had no issues. Just figured I’d throw it out there.
"As long as the media is not being distributed publicly or cached on Cloudflare’s network, and you are only using Cloudflare to proxy encrypted traffic to your own origin server, this is acceptable use. Community thread quote ~ 2025
Cloudflare distinguishes between protected internal endpoints versus public-facing content delivery. The former is generally acceptable on free tiers when combined with Zero Trust authentication. There have been no updates to the TOS since this was posted:
…so, my guess is that it’s still in effect unless superseded by an update. However, it seems arbitrarily enforced searching reddit for data. Again, just a cautionary comment.
- eager_eagle@lemmy.world 2 days ago
that section 2.8 was removed blog.cloudflare.com/updated-tos/
new terms www.cloudflare.com/terms/
worth mentioning the old TOS banned video streaming across cloudflare products, but I don’t see a similar umbrella restriction in the current base terms, or in the terms of cloudflare zero trust.
also, make sure you have the rights to transmit the content and are not infringing anyone’s intellectual property rights, ofc 😇