[Feature request] Cloudflare Support

[HuJK]

Is it possible to use Cloudflare Origin CA and Cloudflare proxy instead of letsencrypt?

This can also solve the issue of traffic to China and Australia cuz Cloudflare will choose nearest datacenter from your vm.

But fail2ban must reconfigure to use CF-Connecting-IP instead of origin IP
https://guides.wp-bullet.com/integrate-fail2ban-cloudflare-api-v4-guide/

And also block all traffics comes from anywhere other than cloudflare https://www.cloudflare.com/zh-tw/ips/ .

[dadatuputi]

That's a pretty neat idea. I'll see if I can work that in next time I work on the project. You can also try and get it going and submit a PR. Thanks

[HuJK]

I made a cloudflare version and I use it now.
https://github.com/HuJK/bitwarden_gcloud_cloudflare

It uses

gcloud compute firewall-rules create cloudflare-webs \
  --allow=tcp:80,tcp:8080,tcp:8880,tcp:2052,tcp:2082,tcp:2086,tcp:2095,tcp:443,tcp:2053,tcp:2083,tcp:2087,tcp:2096,tcp:8443,udp:80,udp:8080,udp:8880,udp:2052,udp:2082,udp:2086,udp:2095,udp:443,udp:2053,udp:2083,udp:2087,udp:2096,udp:8443 \
  --source-ranges $(curl https://www.cloudflare.com/ips-v4 | sed -z 's/\n/,/g') \
  --target-tags=cloudflare-webs

instead of iptables to blocks all traffics not from cloudflare.

But I didn't finish fall2ban and auto backup yet, so it's not a finished project, so I didn't submit PR.

[carceneaux]

While I agree this is pretty cool, I prefer the Let's Encrypt approach as it allows for a wider range of DNS providers to be used.

I don't use CloudFlare and that wasn't a big deal in this project as I only had to sacrifice dynamic DNS for this project to work out of the box.

Either way, it's not a huge deal. Just adding my 2 cents...

[dadatuputi]

I agree with @carceneaux and close this for now. I'll link this issue from the README so others can modify if they want a pure Cloudflare option.