0:00
hope everyone's having a wonderful day let's get started
0:05
go ahead and i'm gonna forgot to take my vitamins this morning and i chuck them really quick
0:19
there we go okay excellent oh there we go now the chat's
0:25
working sunshine cottage thanks for coming on
0:33
just a couple thumbs up let me know the audio and video is um good hopefully it's good should be good
0:40
mr cole franco is here scott is in the house
0:46
donna i took my vitamins no headache yet
0:52
david thanks for coming on david yada guinness smart man smart man
1:00
so i'm drinking i i like drinking like water and i throw like those like little packets of like electrolytes
1:06
and we got this sample pack and this particular flavor is lemon and habanero
1:13
it is absolutely disgusting um i don't recommend it um so if you see lemon
1:18
habanero electrolyte powder mix yeah pass on it just pass
1:29
mr workman is in the house what's up dad
1:34
okay um so today
1:40
today we um this this live stream has been on my hey i'm gonna do a live stream on this
1:46
someday list right and so we're gonna learn how to um use probably a new tool for you maybe
1:54
um i've done some live streams and i've talked about on hangouts extensively and i think i did a
1:59
conference talk on cloudflare as well um i think um
2:04
so yeah i as you probably know i'm a huge fan of cloudflare i think they they've done a
2:11
stupendous job um and yeah i use them a lot in fact i
2:16
use um what i'm showing you today the cloud floor access i'm actually using that to manage the back end of weaver
2:22
space and it's pretty cool it's very very cool
2:27
now a couple people replied to me hey mark thanks for joining from belgium um
2:34
that hey joe why why are you going to be doing the live stream on cloudflare
2:39
because you have page safe like isn't that just going to like cannibalize page safe or something and
2:44
um page safe is amazing i love it it's one of my favorite stacks and um yeah it's true i guess you could
2:51
say that cloudflare you know access could replace page safe potentially pagesafe still has its place though i
2:57
mean it page safe is one of my favorite things you just drag it on the page you can change your passcode and boom it's
3:02
done right i mean it's super simple um it is secure uh and uh
3:08
and i i like the look of page safe right the little turning lock thing i i still love that and i me i made that so many
3:15
years ago right but uh still one of my favorite things page save does a few other things like stack safe and whatnot so um but yeah uh
3:23
you know page save is awesome and uh but hey cloudflare access is pretty cool too so um it's all about
3:29
having the right tools that you might need in your toolbox page safe is one of them
3:35
i'm about to teach you how to use cloudflare access as well and hopefully that's another tool that
3:41
you're going to have in your toolbox it works i think really really great for
3:46
total cms admin areas as well um it's super simple if you want to like block off an entire part of your website
3:53
um so yeah and and actually there's like zero work you have to do
4:00
inside rapidweaver to get it all working which is kind of crazy um i'm i may never even open up
4:07
rapidweaver today period okay just to show you that um we can configure cloudflare access
4:14
without the need of actually using rapidweaver at all so it's kind of interesting
4:21
um so i am not going to go over like the ins
4:27
and outs of how to set up cloudflare okay um maybe i'll do that i i've done
4:33
cloud for live streams but i i i have had some requests for that i'm not gonna do that today so if you don't know how
4:39
to set up cloudflare on your domain i'm not gonna go through that today okay i am gonna assume you have your website
4:46
set up on cloudflare okay um uh josh
4:51
um has josh oh i don't even remem olmen ullman man i forget his last name
4:57
now uh he's always on the hangouts he's actually volunteered to hop on a live stream and help him set up cloudflare
5:03
can i do like a live one-on-one sort of thing with cloudflare maybe we'll do that one day uh if you like that idea
5:10
let me know um maybe we'll put put it up on the priority list but
5:16
for right now we're going to dive in and uh i have to admit another thing i'm
5:22
kind of on purpose i actually um i didn't really prepare much so i have an idea of what i'm going to be doing
5:28
today but um i kind of wanted to dive in um so that i make mess-ups as well
5:34
and hopefully hopefully i'll make some mess up so that you can see me fix them and figure them out so it's kind of the fun of doing it
5:39
all live right is uh is not having everything cookie cutter um so sometimes
5:45
that's good though but let's go ahead let me share my screen
5:51
um okay uh what we're going to do is uh
5:58
what i think we're going to do is we're going to we're going to go ahead oh i have shoot i have page safe on this page okay i'm
6:03
going to have to open up rapidly for just to remove page safe from this i don't even know page save is on there
6:10
okay let's just do this let me open up wrapper really quick let me open up my sandbox project
6:24
i'm only going to wrap you over to remove to republish this this project so that i don't have page safe on there
6:29
because what's the point of learning something something new that logs you know with login when i already
6:36
got page save on the page okay uh let's just go ahead and uh my page is
6:41
blank actually now let's just go ahead and add a little bit of content just that we have something up there to
6:46
see and
6:52
come on there we go
6:57
all right let's just do i'm just gonna do this just do
7:05
homepage all right and uh i was using this for pwa let's go
7:11
ahead and what's this all right we'll leave out i'm gonna add a new page really quick just go so we
7:17
can do this uh sub page
7:22
okay uh actually here let's call this admin we're going to call this admin really
7:28
quick that
7:33
this all right extract that
7:39
admin just so we have a couple dummy pages
7:45
to uh to work with here let's just go ahead and republish all files
7:54
actually hold on let's cancel that i want to make sure that what i have in here it's blank good all right just go
8:01
ahead and republish all files
8:23
done okay um now that's that uh let's save that
8:30
let's refresh this page voila okay now we just have a generic page
8:36
okay um and then i created i think it was slash admin okay and that has the admin page okay
8:44
um so this is uh if you want to follow along it's just my sandbox sandbox.joeworkman.net
8:51
um and nothing really special there uh but what we're going to do now is um
8:58
let's go ahead and do yeah let's open up a new tab
9:04
okay and we're going to log into cloudflare
9:13
i guess actually let's go ahead and allow that
9:22
hey come on use my watch here excellent magic of one password
9:35
oh what hold on one second
9:46
oh they emailed me at the pass code my goodness give me a second here go ahead and
9:53
play the jeopardy theme music [Music]
9:59
let's just go ahead and let me in case this all opens up here come on mail
10:05
fun times login token there it is
10:11
copy that paste it log in
10:21
okay hey we're back now okay um so now i'm logged into my cloudflare account i'm
10:27
just gonna go to joe workman.net and we're going to go into there
10:35
sweet okay
10:44
so um actually before we start like diving and implementing it let me just show you
10:50
what cloudflare access gives us right so as i said before um i use this on weaver space right now
10:57
uh on not on the community on my actual website to lock down the admin side so if you were to go to weavers dot space
11:06
slash admin i could type there we go
11:16
you would see that i now have access to the back end of weaver space okay and
11:21
yes this is total cms2 i think i've given a little previews of this before we're not going to dive into that the
11:27
whole point of this was um you know hey i have i'm logged in it didn't prompt me for a login okay
11:34
and uh that's because i was already authenticated okay and what this does is
11:40
um this i actually use um what cloud for access does is it allows you to integrate with different
11:45
authentication engines um mostly oauth and third-party authenticators
11:51
i uh i'm using github as my authentication engine so if i were to go ahead and
11:56
um or actually here let's open up like something like firefox where i'm pretty sure i'm not logged into github right now
12:03
let's see if i go to github.com
12:11
yeah so i'm not logged into github on firefox right um so let's go ahead and go here and go to
12:18
weavers.space slash admin
12:24
oops helps if i spell it right weavers admin
12:32
and if you notice here it takes me to the github login page right so it's it noticed hey you're not logged
12:39
in you need to log in okay um and i can go ahead and log in with firefox
12:45
don't save oh jesus
12:52
i guess okay let's go ahead and i need to enable authentication through the github
12:57
app one second let me just do that just so that we're all copacetic and you can prove to you that it works
13:04
uh 99 approve github lies like a a mobile authentication thing
13:11
um which is kind of nice which means that you you can you know get features like that as well for your website um if
13:17
you were to use that and there we go boom and now i'm logged in and i can go to products or go to wherever right like
13:22
for example if i go to streams this is where i manage like a lot of the live stream stuff and create all the emails
13:28
and all that jazz that you guys get emailed on right so um okay cool so let's go ahead and quit
13:34
firefox so that just shows you kind of how things work um
13:40
and i did all of that without having to add a single thing onto
13:45
my website okay and just to prove you i've never set up at least at least i'm pretty sure
13:51
i've never set up um access on joerickman.net or sandbox.joeworkman.net
13:57
so um we're gonna do is i i think in order for this to work
14:03
um i need to enable um right now sandbox is set to be dns only
14:08
um i need to be able to actually turn on the little orange cloud so it
14:14
needs to be proxied through cloudflare okay so that's one step in order for access to work you have to enable the
14:21
proxy okay it has to be proxy through cloudflare or else it's not going to work okay so um so
14:29
yeah uh we'll test that later on uh after i get access all set up we'll turn off proxy and it should break it um or
14:36
it should stop it working from working so it'll be an interesting test so right now if you notice right here um so if
14:43
you look at sandbox it needs to be proxied so this little orange square right so this this sandbox url right
14:49
here needs to be proxied okay now with that done we're gonna go to the access tab
14:55
okay now uh one thing i should also note is cloudflare access is
15:02
free like it's kind of crazy like it's free for a certain amount and it's like a lot i
15:09
think any rapid ever user should be able to comfortably use cloudflare access
15:14
and not be worried about their client needing more let's look at cloud flare
15:23
access pricing let's just look at the pricing for cloudflare access
15:33
um
15:38
products should have had at least this page up huh application
15:48
it's somewhere
15:56
access there we go um
16:04
where's pricing get started use cases integrate pricing there we go man they don't make it easy
16:10
do they okay so uh let's see free plan 50 users
16:18
so you can have 50 separate users logged in um for zero and one
16:24
once you go over 50 it then gets pricey at seven dollars a user so um you
16:31
go from free to 350 bucks if you need 51 users right so um so there you go um
16:38
really cool though um you'll see how really great it is okay so if you need less than 50 users
16:45
which i'm pretty sure most rep sites built rapidly we're going to have less than 50 users
16:52
okay so here we uh go to the access tab okay and you can choose your login
16:58
method um i guess maybe i had tested this before because i have github here already if you click plus you'll you'll see that
17:05
you can authenticate with all kinds of different things so if you want facebook or linkedin or google i'm not sure what
17:10
all these some of these other ones are um i've seen one login and od oidc
17:15
before the open id thing i didn't even know those were still a thing actually uh g
17:21
g suite g suite um so yeah there we go lots of different services um i just predict i picked
17:28
google you can actually add multiple as well so if you want to give people options um i would i
17:33
i'm a simple guy kind of guy i would just pick one right and just say you have to use this one that's it
17:38
okay um i do like github um but again for your clients maybe github doesn't make sense or for yourself it doesn't
17:44
make sense so you would use facebook or google or linkedin right um i don't necessarily trust google or facebook so
17:50
um i would choose maybe linkedin even though that's now microsoft but yeah whatever
17:56
um so yeah you have a lot of different service providers here that you can do
18:01
and you can also do a one-time pin which
18:07
basically what that does is um every time you log in it emails you a code and
18:12
then you type in that you get that code and type in and then it authenticates you okay um that's all handled 100
18:18
inside cloudflare um i don't i find that a little bit annoying myself um
18:24
so yeah anyway uh there we go next is uh you you you put in your login
18:31
page right so uh you can change that if you wanted um so like i
18:36
basically it's like a sub domain okay so like i have weavers.cloudflare access
18:42
setup as my domain um it doesn't really matter um just leave it as that okay
18:49
all right so you can customize your login page as well i didn't even i think this is new they didn't have this when i did this
18:56
um oh you can put in a logo and customize your background colors interesting um
19:02
very cool they didn't have that when i initially set that up so that's kind of interesting although if you're already
19:08
logged in like it just kind of logs in automatically but that's nice to see that they have that a little at least a
19:13
little bit of customization which is kind of cool okay
19:18
um next up is where we can create our access policies so you can create a
19:24
policy here and then you could say my admin site or let's just do
19:32
sandbox live stream
19:38
test okay um now i'm doing this on my subdomain right so i'm going to be doing
19:44
this on sandbox.joeworkm.net and what's kind of interesting here is uh this is where if if i only wanted to
19:50
lock down the admin page so let's go ahead and i will only want to lock down everything inside admin
19:56
okay and then you can set up your session duration okay um so let's say i set it up in uh
20:03
you know however you want a week okay um
20:08
policy name but here this this where you can like you know uh my policy i guess
20:17
uh and then you can allow or deny various things and then here's where you can um
20:24
where you can set up authentication so this is where you set in emails okay or you can say or or you can pick access
20:32
groups as well i'm gonna i'm gonna set up something simple here and i'm just gonna set emails and i'm gonna put in my email
20:38
address okay so um so now if i authenticate with
20:43
github and github authenticates and it says that this is my email address
20:49
it will log me in purely by doing this that's it okay now um
20:56
i haven't played around with all these other things you can actually also do um i think emails ending in so if you want
21:03
to authenticate everybody in a particular email domain there you go
21:08
right so example if i were to do um workmanmail.com
21:15
okay um anyone that has an email of workmanmail.com so me my dad my kids my
21:23
wife right they would be able to uh log in as long as they authenticated with github
21:29
pretty cool right um so let's stick with that okay and uh
21:34
maybe once i get all the save my dad can try to log in i assume you have a github account dad i don't maybe not but um
21:41
yeah so there we go and then you can add different rules right but let's just keep it simple for
21:46
right now i think that's good okay um so we're gonna allow that uh let's look at the advanced settings i don't
21:52
even know it's here um allow control allow credentials oh this
21:58
is all core settings i'm going to leave all these as the default okay
22:04
so we're just going to save that now okay
22:09
now before earlier if you noticed inside when i created my access policy it gave
22:14
me the ability to choose an access group okay so this at this point you can like choose let's say you wanted different
22:21
levels of admin right so you wanted to create like user groups you could do that so you can create like group one of
22:27
users and group two of users and either you can um you know add particular email addresses into
22:34
those groups okay i'm not gonna go that granular i just want either i'm logged in or i'm not logged in
22:41
okay um [Music] and you know what the rest of this i'm
22:47
just gonna leave it as is okay so uh what i'm gonna do right now is um
22:55
i'm going to i'm going to go to firefox again
23:03
because i don't want to log out of my uh let's go to github i'm going to log out
23:08
of github on firefox so i'm going to sign out
23:13
all right oops all right and let's go to
23:20
sandbox.jewelry.net if you notice i can get to the homepage and then if i go to slash admin
23:31
oh it lets me in oh what did i do wrong oh okay what did i do wrong
23:47
i thought that's all we had to do
23:58
sandbox.net admin
24:20
let's see if i go to here
24:26
oh interesting oh right what i'm gonna do here is i'm
24:32
gonna change um so weavers.weavers.cloudflare access this login domain is the same domain i have
24:39
on weaver space so um here i'm just gonna do sandbox test
24:45
um that i think that could be the sandbox test
24:51
uh done
24:59
make sure you update your callback url and all your identity provider configurations and your new login page
25:04
domain okay do that
25:14
not live man see look at that told you i was gonna mess up guys
25:25
oh you just oh someone just refreshing is asking for authentication
25:31
oh i wonder if it's a cache thing oh i wonder if it's uh let's
25:37
it could be that my session is cached or something like that let's go ahead and
25:44
how do you clear cache inside uh so inside firefox i don't even know
25:52
nope that's the that brings up that oh disable cache
26:01
i don't know here we're in here let's go sandboxes jordan.net
26:06
admin oh now it's working
26:15
unable to find your access organization oh no i broke it
26:23
now let's change it let's try changes back
26:43
unable to find it it appears you have attempted to please enter a valid team name
26:49
oh okay
26:59
let's just launch zero trust let's see what this is this is teams the teams thing
27:07
they've changed since i've been in it a little bit
27:15
all right access okay i kind of remember this thing being in here
27:24
right here look sandbox okay admin self-hosted sign policies
27:34
this looks like to be all the stuff i already did let's see my policy
27:40
authentication is github
27:50
that's all the event this is all the same stuff that was in the other view
27:58
no i don't want that i don't want tunnels okay don't need any of that
28:04
let's go back to this
28:14
okay so create your login page did that instant auth here let's turn that off
28:20
turn it back on
28:34
oh this is okay so i guess i i didn't add this before that was actually
28:39
interesting so here i had gone ahead and um to set up github they have instructions
28:46
here right so i had gone in and put in my github my client id and my secret code okay which i'm not gonna share on
28:52
my live stream obviously um so yeah good idea uh good thing i
28:57
clicked on that i guess facebook's gonna be the same thing so if you use facebook you'd have to add in your oauth id and
29:03
then your oauth secret which they have you know um instructions here on how to get those
29:09
so that's good good thing i clicked on that um i customized the page here
29:15
organization name log i don't have a logo right now it's fine
29:21
um or here let's go ahead and let's try to be nice let's go to transmit i think
29:26
i have a logo uploaded
29:39
oh yeah boom uber space logo right
29:44
oh it's that one yeah that works okay let's do copy url uh let's customize this page
29:52
i'm going to put in that okay
30:03
organization name sandbox let's do
30:09
live stream testing
30:16
save
30:21
all right so now if i go here welcome back log in to your applications
30:28
behind access log in oh now it works i wonder if it just took some time
30:34
okay um so now it's it's asking you know there and i click on github and i'm already authenticated with github
30:41
um oh they're unable to find your access organization appears you have attempted to reach
30:46
invalid url all right hold on one second let's go
30:52
ahead and admin admin works
30:59
but i think let's get rid of that
31:09
i wonder if some of those changes just took a little bit of time to oh there we okay so now i went to sandbox oh interesting so now i went to
31:15
sandbox admin i'm thinking i was just maybe a little impatient and things didn't then didn't
31:22
update as instantly as i expected them to all right so now i can go to github here oh unable to find your access
31:29
organization okay so now it's still got the same error so okay
31:35
maybe i need some sort of uh users includes oh look i have brett here for oh brett
31:41
was helping me test this out years ago when i was first doing it
31:47
all right you know what i'm gonna do i'm gonna i'm gonna delete everything um i because i had some of this stuff
31:54
i'm just gonna delete it all okay
32:06
hopefully all the stuff i'm doing i'm not going to completely break yes delete it
32:13
access group cannot be deleted please remove the group from the policy first i don't know what policy this is
32:22
created two years ago expires that a year ago well maybe is that this access token
32:28
let's delete that generate a service token
32:48
we'll copy this now i'm not sure exactly what it's used for but there we go expires in a year
32:54
short lived certificates events oh look oh revoke session i'm going to
33:01
revoke i'm going to revoke
33:07
all access requests oh interesting they have like all these various access levels and stuff
33:14
i'm actually a little curious if i just totally broke my weaver space admin i mean it's just mine but
33:28
oh no i totally i totally broke my weaver space login right now
33:35
that's that's hilarious not so hilarious um
33:41
all right i'm going to change this back to weavers done
33:48
all right totally just broke broke my login that's funny
33:53
okay um let's go ahead and edit this
33:59
what's this all right brett you're gone if you're here all right anyone so any email
34:06
ending in workman mail okay save
34:11
uh and then we have create access policy so let's do this so
34:17
um admin we have sandbox dot
34:22
oops sandbox slash admin uh session duration 24 hours
34:28
um admin users
34:34
decision allow access group users let's do it that way i think that
34:40
probably makes more sense save all right so admin users includes access
34:48
groups users and then users includes anyone with workmanmail.com
35:00
okay edit access app launch
35:06
i don't know what that is all right let's
35:12
let's see if i uh viewers dot space
35:21
slash admin
35:32
and i i totally broke it now
35:38
fun times
35:44
man i had visions of this just going super smoothly i had set this up before for somebody else and it worked great
36:07
not logged in github
36:33
that's weird that in firefox it's like catching the page
36:38
but when i went here let's close that close that
36:55
oh now it's just straight letting me in
37:01
what did i do wrong
37:08
oh i turned off instant off that's right now
37:24
wow that's craziness
37:41
revoke existing tokens
37:46
add a log out oh you can add a logout bar interesting
37:57
okay that didn't work
38:02
wow so here sandbox.net slash admin
38:10
let's just do everything anywhere
38:15
save
38:21
access groups is anyone with workman mail uh generate service anthony your tool
38:27
scripts and bots i really need this is for like automation and getting access via you know some sort of
38:35
api um i deleted that i wonder if i'm using that anywhere else
38:41
okay short live certificates don't need those events access created token
38:49
current monthly users 26 and yep my son logged in three days ago i logged in 22 minutes ago
39:03
interesting
39:21
i'm going to log out of get up here sign out i'm logged out
39:30
clear my cache oh
39:56
okay so here um all right so now i interesting so i have multiple
40:02
cloudflare access things set up here is if you look at the
40:07
browser tooltip down on the bottom this one is weaver space slash admin this one is the future.weavers.space which i
40:14
don't even think exists anymore and then this is sandbox it's kind of interesting even though it's it's across multiple
40:20
cloudflare accounts um very interesting actually this is very interesting um i did learn something new
40:27
today um so now that because i have cloudflare access configured across multiple sites
40:32
this can and they're all configured to use this same um domain um it kind of shows me different
40:39
login pages kind of cool actually interesting idea so now if i click on this one
40:45
it takes me to the home page um what should it have
41:28
interesting
41:34
i'm going to head over to websites
41:56
here i have okay access groups users work with mail
42:04
servers token
42:10
oh
42:17
oh interesting i was playing around okay
42:23
so i learned some i just learned something so apparently this access um a lot of it is
42:29
kind of global across your accounts actually so that's very interesting um so i thought it was all
42:35
managed individually per domain but it's not it's like shared which is
42:41
interesting so um if you are if you have a centralized cloudflare account and you're managing it for yourself and all
42:48
your clients um definitely be aware of that because that 50 user total is going to apply to
42:54
i think the total of all the the sites in that domain right so uh very interesting make sure that so if
43:01
you want to make sure every client is kind of siloed you want to make sure they have their own cloudflare account maybe
43:08
um very interesting i did not know that
43:14
um so eye opening
43:25
very interesting and you guys are probably bored off your mind while i troubleshoot this
43:31
sorry uh let's go back to uh
43:37
sandbox
43:46
some things are so it looks like like the login method here is is
43:52
definitely synced right um the access policies are
43:57
different very interesting
44:04
it's definitely some sort of because like these access service tokens that was that was the same when i went to the
44:10
weaver space domain so very interesting murphy is working overtime yes it is
44:18
the wonders of doing things live right dr bob
44:24
i hope you're recording this for backwards engineering yeah exactly guess wrong [Laughter]
44:33
okay um
44:38
nothing like breaking my sight live
44:52
i'm not using that
45:04
let's try this expires immediately
45:12
so i have users oh cancel i don't want to delete that so i have a user's group emails ending
45:19
in workman mail um just go ahead and i'm going to change this i'm just going to add it just for
45:25
just for mine for right now just to change something up here
45:43
and i think i think i added it so the entire domain should be
45:48
should be that
46:05
i don't necessarily want to
46:11
delete my github authentication
46:19
all right so what we're going to do here is let's i'm going to click on that and oh well it takes me there
46:32
but i'm not logged into github so it shouldn't have
46:53
wait what that image isn't even on the homepage
47:01
there we have some gremlins here because
47:11
what i can do here i'm going to do file new private window let's go to sandbox.joking.net
47:19
oh look and the private window is working so it must be some sort of caching
47:24
jesus oh i wonder i wonder if
47:31
um no there's no service workers
47:37
browser cache is a son of a right jesus christ so now it asked me for a login
47:46
oh it's gonna ask me for this again let me go ahead and use my github app and
48:00
and 16 approved
48:09
there we go jesus here i'm going to go ahead and i'm going
48:16
to quit safari i'm going gonna relaunch it
48:24
by the way guys if you notice up at the top of my live stream i have like the keyboard combos if i ever hit like a is
48:29
that annoying or is it useful for you guys i'm thinking because i use so many keyboard combinations to do stuff that
48:35
it could be potentially annoying for you guys let me know if you like that or not i don't know
48:41
um maybe i shouldn't have it up here at the very top right because like for example i use this keyboard combination
48:48
i mean it's all the keys plus an s to launch safari right so yeah
48:53
um okay so let's go to sandbox again
49:02
that it's still letting me in though oh it's because i am i authenticate i
49:08
authenticated with github i wonder if it's now
49:15
no i'm not right look at that
49:42
if i do this if i didn't uh oh new private window
49:54
look it works it works exactly how i would expect it to work in a private window
50:08
i wonder if i go to
50:14
let's delete that
50:21
ah it was a cookie
50:32
look it it is a cookie so it's stored in authorization cookie and it's because
50:37
so um all right darn cookies
50:44
uh it's because i had the the session thing saved let's go back to my cloudflare
50:55
and i knew i knew so if you guys look so um let me back up in dev tools if you go to
51:01
storage you can see all your cookies right and so if i delete this and if i refresh this page um watch if
51:08
you if you could catch it on the live stream look at this url and it will redirect to weavers.there
51:14
weavers.cloudflooraccess.com it authenticates and it puts me through here right
51:21
okay now the question is why is it allowing the authentication
51:27
because i'm not logged into github but if i use a private window it
51:34
actually prompts me to log into github which is what i would expect right oh jesus
51:44
52 prove hey
51:51
boom [Music]
51:56
interesting
52:02
another one jesus can be annoying sometimes can't it
52:25
approve [Music] there we go
52:44
hmm so if i go to
52:50
firefox now right
52:55
that's just craziness
53:01
oh so firefox when i was testing pwa
53:07
i i was testing pwa obviously on on sandbox.jewelry.net and it it had stored there we go it had
53:15
stored that in the in the cache which is interesting so that was a test version that that
53:21
answers that which is kind of funky um now let's go ahead and am i logged
53:27
into github here
53:32
not okay and if i go to
53:39
storage look at the cookies there's my authentication
53:44
cookie from cloudflare
53:49
how did it know that it's me
54:01
delete all session cookies
54:14
i'm just going to delete all this stuff here
54:26
all right that's paypal stuff
54:31
all right
54:38
very interesting it still sees that i am i'm logged in
54:44
why works perfect in the let's try a new private window here
54:52
so if i go to sandbox.js.net takes me to github exactly how it should
54:58
how it should work without a private window so it's still logging me in for some
55:03
reason um well at least it's not i know it's not safari it's everything
55:10
so let's go ahead and go here
55:19
oh i'm already in it access all right
55:31
so i got a sandbox admin users allow
55:36
users
55:43
cancel this and me
55:49
cancel
55:59
don't even think i need this
56:22
i thought i revoked this one
56:43
like still there i got that didn't revoke it
56:49
i guess it just says those are my current my current month oh these are my current monthly users all the people
56:55
that have logged in so you could revoke a session but it's still there duh so that this way you can see
57:01
you know who's logged in in my current month because you're allowed 50 users per month right so these are all the
57:07
people that have logged in this month um onto my my things got it
57:13
and then here you can see all the people that logged in some people that tried to log in
57:20
a few minutes ago during the live stream all right and policy changes these you can see all the policy changes
57:28
so if you guys just in the uh oh so travis just said he's he tried it so if you guys go to
57:35
sandbox.joeworkman.net do you get the login screen even without a private browser um
57:42
so yeah i'm in a private browser and uh i mean here let me if i log out of
57:48
github oh i'm not even logged in but i authenticated it's probably
57:54
probably some sort of
58:00
here i'm just going to
58:10
yeah saving it somewhere how can i clear like
58:18
if we go to websites where can you like privacy
58:25
and there's website data
58:34
oops
58:43
all right remove all remove now
58:48
oh i just i just trashed oh no i didn't did okay i wonder if it's seen cloudflare as well
58:55
oh cloudflare access look at that it probably stored the stored it under cloudflare access
59:01
interesting i'm going to remove all of those just so you can kind of be
59:06
copacetic and let's look at github i'm just trying to get to uh
59:12
oops
59:22
here i'm going to remove all that as well okay
59:28
so now let's go ahead and just be safe i'm going to just restart
59:52
now it works it must have been a cached website data somewhere right so uh
59:58
i had everything set up properly probably in the first 10 minutes but um there we go so now i'm going to log into
1:00:04
github we sign in uh it's going to ask for authentication
1:00:12
36 approve
1:00:21
boom there we go darn it man okay uh let me go ahead and log back into cloudflare
1:00:43
okay so it it guys uh it looks like in the chat it was working for you guys um
1:00:48
and it was something the website it was like you know the cookie the session data was stored in my browser and once i
1:00:54
cleared that data it it required that i authenticate again just kind of show you that you know it it's kind of
1:01:01
interesting that uh you know the authentication worked um and because before i had it set to one i had it set
1:01:08
to one week so that it allowed me to keep logging in for a week right um
1:01:14
so yeah if if you're on a machine that you don't want you want to make sure is you know definitely locked down make
1:01:20
sure that you set that to be not one week because as you see there
1:01:25
i would have i thought if i would have logged out of github on my on my browser that it would have logged me out of
1:01:32
um my site as well but obviously that's not true um
1:01:37
where did i set the access tokens to like a week where was that is that in here
1:01:46
oh oh here so now it's set to expire immediately but when i when i initially created it i did a week right so that
1:01:53
created this token on my browser that allowed me to log in for a week okay so
1:01:59
man i spent like an hour and and i think all the issues that i was
1:02:04
having was because of a um a browser caching
1:02:10
cookie issue um but hopefully you see this now so let me just review this again okay
1:02:17
you go ahead you set up your login domain um i did we did learn that the users
1:02:23
across is i i'm pretty certain uh from what i've seen today that it's
1:02:29
universal across your cloudflare account so it's not 50 users per domain it's 50
1:02:34
users for all of the domains in your cloudflare account okay and they kind of
1:02:40
share this login page domain it seems like okay uh you can create as many login
1:02:46
methods as you want um here i'm using github i do like it i actually kind of like the little
1:02:52
authentication you know token via the ios app it's nice
1:02:58
um you can customize your login screen okay give it a logo and change the colors
1:03:03
okay um and then here you define your access policies so in your access policies this
1:03:10
is where you define um the domains and the paths so for example if i only wanted to do slash
1:03:17
admin okay um and let's say no duration expires immediately and i want to do access
1:03:24
groups users now any in here you could do specific emails or email ending in
1:03:31
to be honest it's probably better to use the groups and kind of keep those two things separate um just for scalability
1:03:37
in the future right so here i'm gonna save this so now that i saved this you should be
1:03:43
able to go to sandbox.joeworker.net without logging in but if you go to slash admin it should prompt you to log
1:03:50
in okay um and then in our access groups um you can create as many groups as you want
1:03:56
here i have said emails with joe uh my email i'm actually gonna change that back to uh emails ending in
1:04:03
uh workmanmail.com
1:04:09
okay and i'm gonna save that that way my son can log in and do his work again
1:04:15
um you don't need to worry about the access app launch or service tokens or short-lived certificates okay
1:04:22
um that's it so in reality if you were setting this up new it would
1:04:29
probably take you 20 minutes okay um maybe even less and again i i did all
1:04:35
this without ever logging into rapidweaver to change anything
1:04:40
um so yeah just just kind of uh
1:04:46
can someone verify in the chat that if you go to sandbox.jorgan.net now oh i guess i could just do a new private
1:04:52
window huh and we'll go to sandbox dot joergen.net
1:04:59
and it lets me it lets me in but if i go to slash admin
1:05:06
it tries to authenticate right cool so private windows for the win should
1:05:11
have should have thought about that a half hour ago
1:05:19
okay so there we go sorry for all the troubleshooting and kind of going around
1:05:24
and around and around um and i'm actually going to verify that i can log into my admin portal again while i'm
1:05:31
here
1:05:49
yeah i can log into my admin portal again okay
1:05:54
cool
1:06:02
man i feel i feel really dumb now
1:06:08
but as you see uh you know how had i set this all up from scratch and not had an existing you know workflow that i was
1:06:14
already using that probably i probably wouldn't have ran into any of that um but uh yeah go through the steps that i
1:06:21
i outlined and um hopefully it should work out well for you um
1:06:27
so yeah anyway hopefully if you guys weren't too bored off your minds um and you learn something new i do think
1:06:32
cloudflare i mean it's clarify access is it's really nice i do like it um
1:06:38
you know you don't need to worry about it especially for temporary things like you don't need if you're like i temporarily
1:06:44
temporarily want to lock down an entire site maybe right and um you know you don't want to have
1:06:49
to worry about you may be throwing page safe on a page and you know having it in a partial across your entire site
1:06:56
that will work um and that gives you some additional abilities that access might not give you
1:07:03
but um access is quick and dirty you can lock down an entire website um and then
1:07:08
have on an authentication engine through any you know those those login methods so um it's a good tool to have in your
1:07:15
arsenal um and uh yeah let's see if there are any questions there um
1:07:21
so then would you have a client open cloudflare account then have them share that with us um yeah that's probably best so you know
1:07:28
because of the whole limit on the number of users unless you're like i'm helping a buddy
1:07:34
out and he just needs one login or something like that right but if you were doing this seriously um yeah you
1:07:40
might want to have you know a a cloudflare account for your client um that way it's all separate anyway
1:07:47
right so your your customer has their own cloudflare account and and whatnot um so yeah maybe post in freelancing group
1:07:54
and ask what other people do right um is it better to have all your clients into your account um if
1:08:00
you want to use access and you have less than 50 clients and they only need one login that could work right
1:08:06
um but you could again you could you know have some issues i don't know
1:08:12
but uh i guess you know it doesn't hurt having that level of
1:08:18
uh you know walled accounts so that all your clients have their accounts this client has his account so on and so
1:08:24
forth right um it's not a bad idea uh when i view the man it's asking for
1:08:30
okay okay so guys i think we're done uh that was
1:08:39
uh cloudflare access hope you enjoyed that um hopefully we'll see you at the hangouts on
1:08:46
on friday if you have any more questions about this or troubleshooting you want to play around let me know
1:08:52
um i'm pretty sure i had all the configurations for this done in like the first 15 minutes and then it was just
1:08:59
yeah browser caching issues julie so um okay take care guys
1:09:05
hopefully we'll see you on friday and we'll see you on the community take care bye