So you thought reverse proxies were amazing? Well they are! They’re used everywhere. But I want to introduce you to a way to run your services with zero ports exposed so your machine blocks all inbound connections. Best part is Cloudflare will act as a proxy so you attackers won’t even speak to your server, they’ll be speaking with Cloudflare!
Cloudflare is a service which can do A LOT. I really mean a lot. We’re going to be using their zero trust platform. Let’s first take a look at how it works.
If you don’t know what a NAS is then completely ignore that part it’s not something you’ll likely be using.
As you can see we run a Cloudflare Docker container on our machine. This Docker container has no ports exposed because it actually just sends an outbound connection to Cloudflare and ensures it stays persistent.
When I was first learning about this it took me a while to wrap by head around it but essentially when you create an outbound connection with a keep alive you can then communicate back and forth with Cloudflare. Think of it like when you request to visit a website, you send an outbound connection to their web server, the server sends you the HTML files or whatever back and the connection is closed. For this to happen you didn’t need to open up any ports on your firewall because nobody was connecting to you, you connected to them which opens up a bidirectional communication stream and then they send data back.
What Cloudflare does is use the Cloudflare Docker container to send an outbound connection to Cloudflare. Then when Cloudflare get a request come in that’s meant for your server they send it back down that persistent connection – which doesn’t really close.
Other cool benefits of Cloudflare
By adding your domain to Cloudflare you are provided with automatic DDOS protection and if there’s a vulnerable script tag running on you’ll site they’ll swap it out for a secure one. Better yet they will cache your site and add it to loads of nodes all around the world so that your site runs blazingly fast anywhere and everywhere. Isn’t that cool B-) .