cloudflare tunnel + traefik internal/external network access


Dec 16, 2012
Hi folks,

I installed cloudflare tunnel and set up for a few of my running apps. I as well have traefik installed and seems to work just fine.
For all apps I needed to use a fqdn instead of the truenas ip and port and i wanted a certificate.
So I created the the apps and checked the ingress option as defined bellow:
Screenshot 2024-02-22 at 19.26.57.png

Once this was done, I log into cloudflare, defined the tunnel and made sure it works: Access -> zero trust -> Tunnels.
Truenas tunnel is active. Inside the tunnel Instead of defining a Willard I defined each hosts individually like:

Screenshot 2024-02-22 at 19.31.43.png

Screenshot 2024-02-22 at 19.22.46.png

Now all works great. from internal works. I can access the plex server pretty nicely.

Screenshot 2024-02-22 at 19.29.06.png

the problem is that from outside the network, everyone will be able to access the same :) and i don't want it.
So I did is to define a self hostef application in Cloudflare: Access -> Application -> SelfHosted and added my email address as log in mechanism + the code cloudflare will generate for you and send it to your inbox:
Screenshot 2024-02-22 at 19.36.32.png

All works great but one thing: once I activate the email authentication it applies to requests from internal LAN and outside LAN.
I need to keep the email authentication for requests coming from outside my LAN but remove it for internal use.
Any idea how I can do this?

Thanks in advance


  • 1708621441392.png
    27.3 KB · Views: 41
  • Screenshot 2024-02-22 at 19.22.12.png
    Screenshot 2024-02-22 at 19.22.12.png
    186 KB · Views: 40
  • Screenshot 2024-02-22 at 19.29.06.png
    Screenshot 2024-02-22 at 19.29.06.png
    10.8 KB · Views: 41