feat(cloudflare): Cloudflare Access (zero-trust) for published domains#4530
Closed
maxsam4 wants to merge 3 commits into
Closed
feat(cloudflare): Cloudflare Access (zero-trust) for published domains#4530maxsam4 wants to merge 3 commits into
maxsam4 wants to merge 3 commits into
Conversation
Adds an organization-scoped Cloudflare integration: a settings page to store a scoped API token + account ID (plus optional default zone/tunnel), a "Test connection" action, and full CRUD. All procedures are admin-gated (adminProcedure, not withPermission — `cloudflare` is an enterprise-only resource whose checkPermission bypass would otherwise grant members). The API token is redacted from every response and never logged, the account id is URL-encoded and inputs are trimmed, and every mutation is written to the audit log (with the audit-log UI label/filter wired up for the new resource type). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Closes Dokploy#4309 Lets a domain be published through Cloudflare Tunnel instead of (or alongside) direct Traefik exposure, in two modes: a Dokploy-managed "shared" tunnel with an auto-deployed cloudflared connector, or an existing remotely-managed tunnel. Provisioning upserts a per-host ingress rule (preserving any unknown rules and keeping the catch-all last) plus a proxied, Dokploy-tagged CNAME, and is idempotent with compensating cleanup on partial failure. The web->websecure redirect is suppressed for published domains, which terminate TLS at the Cloudflare edge and reach Traefik over plain HTTP. Cloudflare state is torn down before the domain row is removed on every path — single delete, application/compose/project cascade, and compose import — with shared tunnels/connectors reaped only once their last route is gone. The connector token is mounted as a read-only file (never in `docker inspect`, never persisted to the DB or logged). Account/zone/ tunnel id path segments are URL-encoded, all publishing is owner/admin- gated, and the selected integration is verified to belong to the caller's organization. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Adds optional Cloudflare Access protection for a Cloudflare-published domain: a self-hosted Access application with an allow policy built from email and email-domain include rules, configured from a per-domain editor in the dashboard. Provisioning is idempotent with compensating cleanup, admin-gated, and scoped to the caller's organization; account/app/policy id path segments are URL-encoded and the session duration is format-validated. Access is torn down before the domain row is deleted (including the cascade paths), and is re-pointed when a published domain's host/tunnel/integration changes so a protected domain stays protected across target changes. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
dosubot
Bot
added
size:XXL
Author
|
Superseded by #4532 — rebased onto the latest |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What is this PR about?
Part 3 of 3 of a native Cloudflare integration (builds on #4529). Optionally places a published domain behind Cloudflare Access (Zero Trust) — a login gate with no auth code in the app itself.
self_hostedAccess application + allow policy (email/email_domaininclude rules), with a configurable session duration. Idempotent create/update/delete across the domain lifecycle (incl. cascade deletes). Admin-gated, audit-logged.0172. Tested.Stacked PR
Stack: #4528 -> #4529 (Tunnel, Closes #4309) -> this PR. GitHub PRs must target
canary, so this diff re-includes #4528/#4529 until they merge — please review per-commit and merge last.Checklist
canarybranch.Issues related (if applicable)
Closes #4515