Transcript

00:00 hope everyone's having a wonderful day let's get started
00:05 go ahead and i'm gonna forgot to take my vitamins this morning and i chuck them really quick
00:19 there we go okay excellent oh there we go now the chat's
00:25 working sunshine cottage thanks for coming on
00:33 just a couple thumbs up let me know the audio and video is um good hopefully it's good should be good
00:40 mr cole franco is here scott is in the house
00:46 donna i took my vitamins no headache yet
00:52 david thanks for coming on david yada guinness smart man smart man
01:00 so i'm drinking i i like drinking like water and i throw like those like little packets of like electrolytes
01:06 and we got this sample pack and this particular flavor is lemon and habanero
01:13 it is absolutely disgusting um i don't recommend it um so if you see lemon
01:18 habanero electrolyte powder mix yeah pass on it just pass
01:29 mr workman is in the house what's up dad
01:34 okay um so today
01:40 today we um this this live stream has been on my hey i'm gonna do a live stream on this
01:46 someday list right and so we're gonna learn how to um use probably a new tool for you maybe
01:54 um i've done some live streams and i've talked about on hangouts extensively and i think i did a
01:59 conference talk on cloudflare as well um i think um
02:04 so yeah i as you probably know i'm a huge fan of cloudflare i think they they've done a
02:11 stupendous job um and yeah i use them a lot in fact i
02:16 use um what i'm showing you today the cloud floor access i'm actually using that to manage the back end of weaver
02:22 space and it's pretty cool it's very very cool
02:27 now a couple people replied to me hey mark thanks for joining from belgium um
02:34 that hey joe why why are you going to be doing the live stream on cloudflare
02:39 because you have page safe like isn't that just going to like cannibalize page safe or something and
02:44 um page safe is amazing i love it it's one of my favorite stacks and um yeah it's true i guess you could
02:51 say that cloudflare you know access could replace page safe potentially pagesafe still has its place though i
02:57 mean it page safe is one of my favorite things you just drag it on the page you can change your passcode and boom it's
03:02 done right i mean it's super simple um it is secure uh and uh
03:08 and i i like the look of page safe right the little turning lock thing i i still love that and i me i made that so many
03:15 years ago right but uh still one of my favorite things page save does a few other things like stack safe and whatnot so um but yeah uh
03:23 you know page save is awesome and uh but hey cloudflare access is pretty cool too so um it's all about
03:29 having the right tools that you might need in your toolbox page safe is one of them
03:35 i'm about to teach you how to use cloudflare access as well and hopefully that's another tool that
03:41 you're going to have in your toolbox it works i think really really great for
03:46 total cms admin areas as well um it's super simple if you want to like block off an entire part of your website
03:53 um so yeah and and actually there's like zero work you have to do
04:00 inside rapidweaver to get it all working which is kind of crazy um i'm i may never even open up
04:07 rapidweaver today period okay just to show you that um we can configure cloudflare access
04:14 without the need of actually using rapidweaver at all so it's kind of interesting
04:21 um so i am not going to go over like the ins
04:27 and outs of how to set up cloudflare okay um maybe i'll do that i i've done
04:33 cloud for live streams but i i i have had some requests for that i'm not gonna do that today so if you don't know how
04:39 to set up cloudflare on your domain i'm not gonna go through that today okay i am gonna assume you have your website
04:46 set up on cloudflare okay um uh josh
04:51 um has josh oh i don't even remem olmen ullman man i forget his last name
04:57 now uh he's always on the hangouts he's actually volunteered to hop on a live stream and help him set up cloudflare
05:03 can i do like a live one-on-one sort of thing with cloudflare maybe we'll do that one day uh if you like that idea
05:10 let me know um maybe we'll put put it up on the priority list but
05:16 for right now we're going to dive in and uh i have to admit another thing i'm
05:22 kind of on purpose i actually um i didn't really prepare much so i have an idea of what i'm going to be doing
05:28 today but um i kind of wanted to dive in um so that i make mess-ups as well
05:34 and hopefully hopefully i'll make some mess up so that you can see me fix them and figure them out so it's kind of the fun of doing it
05:39 all live right is uh is not having everything cookie cutter um so sometimes
05:45 that's good though but let's go ahead let me share my screen
05:51 um okay uh what we're going to do is uh
05:58 what i think we're going to do is we're going to we're going to go ahead oh i have shoot i have page safe on this page okay i'm
06:03 going to have to open up rapidly for just to remove page safe from this i don't even know page save is on there
06:10 okay let's just do this let me open up wrapper really quick let me open up my sandbox project
06:24 i'm only going to wrap you over to remove to republish this this project so that i don't have page safe on there
06:29 because what's the point of learning something something new that logs you know with login when i already
06:36 got page save on the page okay uh let's just go ahead and uh my page is
06:41 blank actually now let's just go ahead and add a little bit of content just that we have something up there to
06:46 see and
06:52 come on there we go
06:57 all right let's just do i'm just gonna do this just do
07:05 homepage all right and uh i was using this for pwa let's go
07:11 ahead and what's this all right we'll leave out i'm gonna add a new page really quick just go so we
07:17 can do this uh sub page
07:22 okay uh actually here let's call this admin we're going to call this admin really
07:28 quick that
07:33 this all right extract that
07:39 admin just so we have a couple dummy pages
07:45 to uh to work with here let's just go ahead and republish all files
07:54 actually hold on let's cancel that i want to make sure that what i have in here it's blank good all right just go
08:01 ahead and republish all files
08:23 done okay um now that's that uh let's save that
08:30 let's refresh this page voila okay now we just have a generic page
08:36 okay um and then i created i think it was slash admin okay and that has the admin page okay
08:44 um so this is uh if you want to follow along it's just my sandbox sandbox.joeworkman.net
08:51 um and nothing really special there uh but what we're going to do now is um
08:58 let's go ahead and do yeah let's open up a new tab
09:04 okay and we're going to log into cloudflare
09:13 i guess actually let's go ahead and allow that
09:22 hey come on use my watch here excellent magic of one password
09:35 oh what hold on one second
09:46 oh they emailed me at the pass code my goodness give me a second here go ahead and
09:53 play the jeopardy theme music
09:59 let's just go ahead and let me in case this all opens up here come on mail
10:05 fun times login token there it is
10:11 copy that paste it log in
10:21 okay hey we're back now okay um so now i'm logged into my cloudflare account i'm
10:27 just gonna go to joe workman.net and we're going to go into there
10:35 sweet okay
10:44 so um actually before we start like diving and implementing it let me just show you
10:50 what cloudflare access gives us right so as i said before um i use this on weaver space right now
10:57 uh on not on the community on my actual website to lock down the admin side so if you were to go to weavers dot space
11:06 slash admin i could type there we go
11:16 you would see that i now have access to the back end of weaver space okay and
11:21 yes this is total cms2 i think i've given a little previews of this before we're not going to dive into that the
11:27 whole point of this was um you know hey i have i'm logged in it didn't prompt me for a login okay
11:34 and uh that's because i was already authenticated okay and what this does is
11:40 um this i actually use um what cloud for access does is it allows you to integrate with different
11:45 authentication engines um mostly oauth and third-party authenticators
11:51 i uh i'm using github as my authentication engine so if i were to go ahead and
11:56 um or actually here let's open up like something like firefox where i'm pretty sure i'm not logged into github right now
12:03 let's see if i go to github.com
12:11 yeah so i'm not logged into github on firefox right um so let's go ahead and go here and go to
12:18 weavers.space slash admin
12:24 oops helps if i spell it right weavers admin
12:32 and if you notice here it takes me to the github login page right so it's it noticed hey you're not logged
12:39 in you need to log in okay um and i can go ahead and log in with firefox
12:45 don't save oh jesus
12:52 i guess okay let's go ahead and i need to enable authentication through the github
12:57 app one second let me just do that just so that we're all copacetic and you can prove to you that it works
13:04 uh 99 approve github lies like a a mobile authentication thing
13:11 um which is kind of nice which means that you you can you know get features like that as well for your website um if
13:17 you were to use that and there we go boom and now i'm logged in and i can go to products or go to wherever right like
13:22 for example if i go to streams this is where i manage like a lot of the live stream stuff and create all the emails
13:28 and all that jazz that you guys get emailed on right so um okay cool so let's go ahead and quit
13:34 firefox so that just shows you kind of how things work um
13:40 and i did all of that without having to add a single thing onto
13:45 my website okay and just to prove you i've never set up at least at least i'm pretty sure
13:51 i've never set up um access on joerickman.net or sandbox.joeworkman.net
13:57 so um we're gonna do is i i think in order for this to work
14:03 um i need to enable um right now sandbox is set to be dns only
14:08 um i need to be able to actually turn on the little orange cloud so it
14:14 needs to be proxied through cloudflare okay so that's one step in order for access to work you have to enable the
14:21 proxy okay it has to be proxy through cloudflare or else it's not going to work okay so um so
14:29 yeah uh we'll test that later on uh after i get access all set up we'll turn off proxy and it should break it um or
14:36 it should stop it working from working so it'll be an interesting test so right now if you notice right here um so if
14:43 you look at sandbox it needs to be proxied so this little orange square right so this this sandbox url right
14:49 here needs to be proxied okay now with that done we're gonna go to the access tab
14:55 okay now uh one thing i should also note is cloudflare access is
15:02 free like it's kind of crazy like it's free for a certain amount and it's like a lot i
15:09 think any rapid ever user should be able to comfortably use cloudflare access
15:14 and not be worried about their client needing more let's look at cloud flare
15:23 access pricing let's just look at the pricing for cloudflare access
15:33 um
15:38 products should have had at least this page up huh application
15:48 it's somewhere
15:56 access there we go um
16:04 where's pricing get started use cases integrate pricing there we go man they don't make it easy
16:10 do they okay so uh let's see free plan 50 users
16:18 so you can have 50 separate users logged in um for zero and one
16:24 once you go over 50 it then gets pricey at seven dollars a user so um you
16:31 go from free to 350 bucks if you need 51 users right so um so there you go um
16:38 really cool though um you'll see how really great it is okay so if you need less than 50 users
16:45 which i'm pretty sure most rep sites built rapidly we're going to have less than 50 users
16:52 okay so here we uh go to the access tab okay and you can choose your login
16:58 method um i guess maybe i had tested this before because i have github here already if you click plus you'll you'll see that
17:05 you can authenticate with all kinds of different things so if you want facebook or linkedin or google i'm not sure what
17:10 all these some of these other ones are um i've seen one login and od oidc
17:15 before the open id thing i didn't even know those were still a thing actually uh g
17:21 g suite g suite um so yeah there we go lots of different services um i just predict i picked
17:28 google you can actually add multiple as well so if you want to give people options um i would i
17:33 i'm a simple guy kind of guy i would just pick one right and just say you have to use this one that's it
17:38 okay um i do like github um but again for your clients maybe github doesn't make sense or for yourself it doesn't
17:44 make sense so you would use facebook or google or linkedin right um i don't necessarily trust google or facebook so
17:50 um i would choose maybe linkedin even though that's now microsoft but yeah whatever
17:56 um so yeah you have a lot of different service providers here that you can do
18:01 and you can also do a one-time pin which
18:07 basically what that does is um every time you log in it emails you a code and
18:12 then you type in that you get that code and type in and then it authenticates you okay um that's all handled 100
18:18 inside cloudflare um i don't i find that a little bit annoying myself um
18:24 so yeah anyway uh there we go next is uh you you you put in your login
18:31 page right so uh you can change that if you wanted um so like i
18:36 basically it's like a sub domain okay so like i have weavers.cloudflare access
18:42 setup as my domain um it doesn't really matter um just leave it as that okay
18:49 all right so you can customize your login page as well i didn't even i think this is new they didn't have this when i did this
18:56 um oh you can put in a logo and customize your background colors interesting um
19:02 very cool they didn't have that when i initially set that up so that's kind of interesting although if you're already
19:08 logged in like it just kind of logs in automatically but that's nice to see that they have that a little at least a
19:13 little bit of customization which is kind of cool okay
19:18 um next up is where we can create our access policies so you can create a
19:24 policy here and then you could say my admin site or let's just do
19:32 sandbox live stream
19:38 test okay um now i'm doing this on my subdomain right so i'm going to be doing
19:44 this on sandbox.joeworkm.net and what's kind of interesting here is uh this is where if if i only wanted to
19:50 lock down the admin page so let's go ahead and i will only want to lock down everything inside admin
19:56 okay and then you can set up your session duration okay um so let's say i set it up in uh
20:03 you know however you want a week okay um
20:08 policy name but here this this where you can like you know uh my policy i guess
20:17 uh and then you can allow or deny various things and then here's where you can um
20:24 where you can set up authentication so this is where you set in emails okay or you can say or or you can pick access
20:32 groups as well i'm gonna i'm gonna set up something simple here and i'm just gonna set emails and i'm gonna put in my email
20:38 address okay so um so now if i authenticate with
20:43 github and github authenticates and it says that this is my email address
20:49 it will log me in purely by doing this that's it okay now um
20:56 i haven't played around with all these other things you can actually also do um i think emails ending in so if you want
21:03 to authenticate everybody in a particular email domain there you go
21:08 right so example if i were to do um workmanmail.com
21:15 okay um anyone that has an email of workmanmail.com so me my dad my kids my
21:23 wife right they would be able to uh log in as long as they authenticated with github
21:29 pretty cool right um so let's stick with that okay and uh
21:34 maybe once i get all the save my dad can try to log in i assume you have a github account dad i don't maybe not but um
21:41 yeah so there we go and then you can add different rules right but let's just keep it simple for
21:46 right now i think that's good okay um so we're gonna allow that uh let's look at the advanced settings i don't
21:52 even know it's here um allow control allow credentials oh this
21:58 is all core settings i'm going to leave all these as the default okay
22:04 so we're just going to save that now okay
22:09 now before earlier if you noticed inside when i created my access policy it gave
22:14 me the ability to choose an access group okay so this at this point you can like choose let's say you wanted different
22:21 levels of admin right so you wanted to create like user groups you could do that so you can create like group one of
22:27 users and group two of users and either you can um you know add particular email addresses into
22:34 those groups okay i'm not gonna go that granular i just want either i'm logged in or i'm not logged in
22:41 okay um and you know what the rest of this i'm
22:47 just gonna leave it as is okay so uh what i'm gonna do right now is um
22:55 i'm going to i'm going to go to firefox again
23:03 because i don't want to log out of my uh let's go to github i'm going to log out
23:08 of github on firefox so i'm going to sign out
23:13 all right oops all right and let's go to
23:20 sandbox.jewelry.net if you notice i can get to the homepage and then if i go to slash admin
23:31 oh it lets me in oh what did i do wrong oh okay what did i do wrong
23:47 i thought that's all we had to do
23:58 sandbox.net admin
24:20 let's see if i go to here
24:26 oh interesting oh right what i'm gonna do here is i'm
24:32 gonna change um so weavers.weavers.cloudflare access this login domain is the same domain i have
24:39 on weaver space so um here i'm just gonna do sandbox test
24:45 um that i think that could be the sandbox test
24:51 uh done
24:59 make sure you update your callback url and all your identity provider configurations and your new login page
25:04 domain okay do that
25:14 not live man see look at that told you i was gonna mess up guys
25:25 oh you just oh someone just refreshing is asking for authentication
25:31 oh i wonder if it's a cache thing oh i wonder if it's uh let's
25:37 it could be that my session is cached or something like that let's go ahead and
25:44 how do you clear cache inside uh so inside firefox i don't even know
25:52 nope that's the that brings up that oh disable cache
26:01 i don't know here we're in here let's go sandboxes jordan.net
26:06 admin oh now it's working
26:15 unable to find your access organization oh no i broke it
26:23 now let's change it let's try changes back
26:43 unable to find it it appears you have attempted to please enter a valid team name
26:49 oh okay
26:59 let's just launch zero trust let's see what this is this is teams the teams thing
27:07 they've changed since i've been in it a little bit
27:15 all right access okay i kind of remember this thing being in here
27:24 right here look sandbox okay admin self-hosted sign policies
27:34 this looks like to be all the stuff i already did let's see my policy
27:40 authentication is github
27:50 that's all the event this is all the same stuff that was in the other view
27:58 no i don't want that i don't want tunnels okay don't need any of that
28:04 let's go back to this
28:14 okay so create your login page did that instant auth here let's turn that off
28:20 turn it back on
28:34 oh this is okay so i guess i i didn't add this before that was actually
28:39 interesting so here i had gone ahead and um to set up github they have instructions
28:46 here right so i had gone in and put in my github my client id and my secret code okay which i'm not gonna share on
28:52 my live stream obviously um so yeah good idea uh good thing i
28:57 clicked on that i guess facebook's gonna be the same thing so if you use facebook you'd have to add in your oauth id and
29:03 then your oauth secret which they have you know um instructions here on how to get those
29:09 so that's good good thing i clicked on that um i customized the page here
29:15 organization name log i don't have a logo right now it's fine
29:21 um or here let's go ahead and let's try to be nice let's go to transmit i think
29:26 i have a logo uploaded
29:39 oh yeah boom uber space logo right
29:44 oh it's that one yeah that works okay let's do copy url uh let's customize this page
29:52 i'm going to put in that okay
30:03 organization name sandbox let's do
30:09 live stream testing
30:16 save
30:21 all right so now if i go here welcome back log in to your applications
30:28 behind access log in oh now it works i wonder if it just took some time
30:34 okay um so now it's it's asking you know there and i click on github and i'm already authenticated with github
30:41 um oh they're unable to find your access organization appears you have attempted to reach
30:46 invalid url all right hold on one second let's go
30:52 ahead and admin admin works
30:59 but i think let's get rid of that
31:09 i wonder if some of those changes just took a little bit of time to oh there we okay so now i went to sandbox oh interesting so now i went to
31:15 sandbox admin i'm thinking i was just maybe a little impatient and things didn't then didn't
31:22 update as instantly as i expected them to all right so now i can go to github here oh unable to find your access
31:29 organization okay so now it's still got the same error so okay
31:35 maybe i need some sort of uh users includes oh look i have brett here for oh brett
31:41 was helping me test this out years ago when i was first doing it
31:47 all right you know what i'm gonna do i'm gonna i'm gonna delete everything um i because i had some of this stuff
31:54 i'm just gonna delete it all okay
32:06 hopefully all the stuff i'm doing i'm not going to completely break yes delete it
32:13 access group cannot be deleted please remove the group from the policy first i don't know what policy this is
32:22 created two years ago expires that a year ago well maybe is that this access token
32:28 let's delete that generate a service token
32:48 we'll copy this now i'm not sure exactly what it's used for but there we go expires in a year
32:54 short lived certificates events oh look oh revoke session i'm going to
33:01 revoke i'm going to revoke
33:07 all access requests oh interesting they have like all these various access levels and stuff
33:14 i'm actually a little curious if i just totally broke my weaver space admin i mean it's just mine but
33:28 oh no i totally i totally broke my weaver space login right now
33:35 that's that's hilarious not so hilarious um
33:41 all right i'm going to change this back to weavers done
33:48 all right totally just broke broke my login that's funny
33:53 okay um let's go ahead and edit this
33:59 what's this all right brett you're gone if you're here all right anyone so any email
34:06 ending in workman mail okay save
34:11 uh and then we have create access policy so let's do this so
34:17 um admin we have sandbox dot
34:22 oops sandbox slash admin uh session duration 24 hours
34:28 um admin users
34:34 decision allow access group users let's do it that way i think that
34:40 probably makes more sense save all right so admin users includes access
34:48 groups users and then users includes anyone with workmanmail.com
35:00 okay edit access app launch
35:06 i don't know what that is all right let's
35:12 let's see if i uh viewers dot space
35:21 slash admin
35:32 and i i totally broke it now
35:38 fun times
35:44 man i had visions of this just going super smoothly i had set this up before for somebody else and it worked great
36:07 not logged in github
36:33 that's weird that in firefox it's like catching the page
36:38 but when i went here let's close that close that
36:55 oh now it's just straight letting me in
37:01 what did i do wrong
37:08 oh i turned off instant off that's right now
37:24 wow that's craziness
37:41 revoke existing tokens
37:46 add a log out oh you can add a logout bar interesting
37:57 okay that didn't work
38:02 wow so here sandbox.net slash admin
38:10 let's just do everything anywhere
38:15 save
38:21 access groups is anyone with workman mail uh generate service anthony your tool
38:27 scripts and bots i really need this is for like automation and getting access via you know some sort of
38:35 api um i deleted that i wonder if i'm using that anywhere else
38:41 okay short live certificates don't need those events access created token
38:49 current monthly users 26 and yep my son logged in three days ago i logged in 22 minutes ago
39:03 interesting
39:21 i'm going to log out of get up here sign out i'm logged out
39:30 clear my cache oh
39:56 okay so here um all right so now i interesting so i have multiple
40:02 cloudflare access things set up here is if you look at the
40:07 browser tooltip down on the bottom this one is weaver space slash admin this one is the future.weavers.space which i
40:14 don't even think exists anymore and then this is sandbox it's kind of interesting even though it's it's across multiple
40:20 cloudflare accounts um very interesting actually this is very interesting um i did learn something new
40:27 today um so now that because i have cloudflare access configured across multiple sites
40:32 this can and they're all configured to use this same um domain um it kind of shows me different
40:39 login pages kind of cool actually interesting idea so now if i click on this one
40:45 it takes me to the home page um what should it have
41:28 interesting
41:34 i'm going to head over to websites
41:56 here i have okay access groups users work with mail
42:04 servers token
42:10 oh
42:17 oh interesting i was playing around okay
42:23 so i learned some i just learned something so apparently this access um a lot of it is
42:29 kind of global across your accounts actually so that's very interesting um so i thought it was all
42:35 managed individually per domain but it's not it's like shared which is
42:41 interesting so um if you are if you have a centralized cloudflare account and you're managing it for yourself and all
42:48 your clients um definitely be aware of that because that 50 user total is going to apply to
42:54 i think the total of all the the sites in that domain right so uh very interesting make sure that so if
43:01 you want to make sure every client is kind of siloed you want to make sure they have their own cloudflare account maybe
43:08 um very interesting i did not know that
43:14 um so eye opening
43:25 very interesting and you guys are probably bored off your mind while i troubleshoot this
43:31 sorry uh let's go back to uh
43:37 sandbox
43:46 some things are so it looks like like the login method here is is
43:52 definitely synced right um the access policies are
43:57 different very interesting
44:04 it's definitely some sort of because like these access service tokens that was that was the same when i went to the
44:10 weaver space domain so very interesting murphy is working overtime yes it is
44:18 the wonders of doing things live right dr bob
44:24 i hope you're recording this for backwards engineering yeah exactly guess wrong
44:33 okay um
44:38 nothing like breaking my sight live
44:52 i'm not using that
45:04 let's try this expires immediately
45:12 so i have users oh cancel i don't want to delete that so i have a user's group emails ending
45:19 in workman mail um just go ahead and i'm going to change this i'm just going to add it just for
45:25 just for mine for right now just to change something up here
45:43 and i think i think i added it so the entire domain should be
45:48 should be that
46:05 i don't necessarily want to
46:11 delete my github authentication
46:19 all right so what we're going to do here is let's i'm going to click on that and oh well it takes me there
46:32 but i'm not logged into github so it shouldn't have
46:53 wait what that image isn't even on the homepage
47:01 there we have some gremlins here because
47:11 what i can do here i'm going to do file new private window let's go to sandbox.joking.net
47:19 oh look and the private window is working so it must be some sort of caching
47:24 jesus oh i wonder i wonder if
47:31 um no there's no service workers
47:37 browser cache is a son of a right jesus christ so now it asked me for a login
47:46 oh it's gonna ask me for this again let me go ahead and use my github app and
48:00 and 16 approved
48:09 there we go jesus here i'm going to go ahead and i'm going
48:16 to quit safari i'm going gonna relaunch it
48:24 by the way guys if you notice up at the top of my live stream i have like the keyboard combos if i ever hit like a is
48:29 that annoying or is it useful for you guys i'm thinking because i use so many keyboard combinations to do stuff that
48:35 it could be potentially annoying for you guys let me know if you like that or not i don't know
48:41 um maybe i shouldn't have it up here at the very top right because like for example i use this keyboard combination
48:48 i mean it's all the keys plus an s to launch safari right so yeah
48:53 um okay so let's go to sandbox again
49:02 that it's still letting me in though oh it's because i am i authenticate i
49:08 authenticated with github i wonder if it's now
49:15 no i'm not right look at that
49:42 if i do this if i didn't uh oh new private window
49:54 look it works it works exactly how i would expect it to work in a private window
50:08 i wonder if i go to
50:14 let's delete that
50:21 ah it was a cookie
50:32 look it it is a cookie so it's stored in authorization cookie and it's because
50:37 so um all right darn cookies
50:44 uh it's because i had the the session thing saved let's go back to my cloudflare
50:55 and i knew i knew so if you guys look so um let me back up in dev tools if you go to
51:01 storage you can see all your cookies right and so if i delete this and if i refresh this page um watch if
51:08 you if you could catch it on the live stream look at this url and it will redirect to weavers.there
51:14 weavers.cloudflooraccess.com it authenticates and it puts me through here right
51:21 okay now the question is why is it allowing the authentication
51:27 because i'm not logged into github but if i use a private window it
51:34 actually prompts me to log into github which is what i would expect right oh jesus
51:44 52 prove hey
51:51 boom
51:56 interesting
52:02 another one jesus can be annoying sometimes can't it
52:25 approve there we go
52:44 hmm so if i go to
52:50 firefox now right
52:55 that's just craziness
53:01 oh so firefox when i was testing pwa
53:07 i i was testing pwa obviously on on sandbox.jewelry.net and it it had stored there we go it had
53:15 stored that in the in the cache which is interesting so that was a test version that that
53:21 answers that which is kind of funky um now let's go ahead and am i logged
53:27 into github here
53:32 not okay and if i go to
53:39 storage look at the cookies there's my authentication
53:44 cookie from cloudflare
53:49 how did it know that it's me
54:01 delete all session cookies
54:14 i'm just going to delete all this stuff here
54:26 all right that's paypal stuff
54:31 all right
54:38 very interesting it still sees that i am i'm logged in
54:44 why works perfect in the let's try a new private window here
54:52 so if i go to sandbox.js.net takes me to github exactly how it should
54:58 how it should work without a private window so it's still logging me in for some
55:03 reason um well at least it's not i know it's not safari it's everything
55:10 so let's go ahead and go here
55:19 oh i'm already in it access all right
55:31 so i got a sandbox admin users allow
55:36 users
55:43 cancel this and me
55:49 cancel
55:59 don't even think i need this
56:22 i thought i revoked this one
56:43 like still there i got that didn't revoke it
56:49 i guess it just says those are my current my current month oh these are my current monthly users all the people
56:55 that have logged in so you could revoke a session but it's still there duh so that this way you can see
57:01 you know who's logged in in my current month because you're allowed 50 users per month right so these are all the
57:07 people that have logged in this month um onto my my things got it
57:13 and then here you can see all the people that logged in some people that tried to log in
57:20 a few minutes ago during the live stream all right and policy changes these you can see all the policy changes
57:28 so if you guys just in the uh oh so travis just said he's he tried it so if you guys go to
57:35 sandbox.joeworkman.net do you get the login screen even without a private browser um
57:42 so yeah i'm in a private browser and uh i mean here let me if i log out of
57:48 github oh i'm not even logged in but i authenticated it's probably
57:54 probably some sort of
58:00 here i'm just going to
58:10 yeah saving it somewhere how can i clear like
58:18 if we go to websites where can you like privacy
58:25 and there's website data
58:34 oops
58:43 all right remove all remove now
58:48 oh i just i just trashed oh no i didn't did okay i wonder if it's seen cloudflare as well
58:55 oh cloudflare access look at that it probably stored the stored it under cloudflare access
59:01 interesting i'm going to remove all of those just so you can kind of be
59:06 copacetic and let's look at github i'm just trying to get to uh
59:12 oops
59:22 here i'm going to remove all that as well okay
59:28 so now let's go ahead and just be safe i'm going to just restart
59:52 now it works it must have been a cached website data somewhere right so uh
59:58 i had everything set up properly probably in the first 10 minutes but um there we go so now i'm going to log into
01:00:04 github we sign in uh it's going to ask for authentication
01:00:12 36 approve
01:00:21 boom there we go darn it man okay uh let me go ahead and log back into cloudflare
01:00:43 okay so it it guys uh it looks like in the chat it was working for you guys um
01:00:48 and it was something the website it was like you know the cookie the session data was stored in my browser and once i
01:00:54 cleared that data it it required that i authenticate again just kind of show you that you know it it's kind of
01:01:01 interesting that uh you know the authentication worked um and because before i had it set to one i had it set
01:01:08 to one week so that it allowed me to keep logging in for a week right um
01:01:14 so yeah if if you're on a machine that you don't want you want to make sure is you know definitely locked down make
01:01:20 sure that you set that to be not one week because as you see there
01:01:25 i would have i thought if i would have logged out of github on my on my browser that it would have logged me out of
01:01:32 um my site as well but obviously that's not true um
01:01:37 where did i set the access tokens to like a week where was that is that in here
01:01:46 oh oh here so now it's set to expire immediately but when i when i initially created it i did a week right so that
01:01:53 created this token on my browser that allowed me to log in for a week okay so
01:01:59 man i spent like an hour and and i think all the issues that i was
01:02:04 having was because of a um a browser caching
01:02:10 cookie issue um but hopefully you see this now so let me just review this again okay
01:02:17 you go ahead you set up your login domain um i did we did learn that the users
01:02:23 across is i i'm pretty certain uh from what i've seen today that it's
01:02:29 universal across your cloudflare account so it's not 50 users per domain it's 50
01:02:34 users for all of the domains in your cloudflare account okay and they kind of
01:02:40 share this login page domain it seems like okay uh you can create as many login
01:02:46 methods as you want um here i'm using github i do like it i actually kind of like the little
01:02:52 authentication you know token via the ios app it's nice
01:02:58 um you can customize your login screen okay give it a logo and change the colors
01:03:03 okay um and then here you define your access policies so in your access policies this
01:03:10 is where you define um the domains and the paths so for example if i only wanted to do slash
01:03:17 admin okay um and let's say no duration expires immediately and i want to do access
01:03:24 groups users now any in here you could do specific emails or email ending in
01:03:31 to be honest it's probably better to use the groups and kind of keep those two things separate um just for scalability
01:03:37 in the future right so here i'm gonna save this so now that i saved this you should be
01:03:43 able to go to sandbox.joeworker.net without logging in but if you go to slash admin it should prompt you to log
01:03:50 in okay um and then in our access groups um you can create as many groups as you want
01:03:56 here i have said emails with joe uh my email i'm actually gonna change that back to uh emails ending in
01:04:03 uh workmanmail.com
01:04:09 okay and i'm gonna save that that way my son can log in and do his work again
01:04:15 um you don't need to worry about the access app launch or service tokens or short-lived certificates okay
01:04:22 um that's it so in reality if you were setting this up new it would
01:04:29 probably take you 20 minutes okay um maybe even less and again i i did all
01:04:35 this without ever logging into rapidweaver to change anything
01:04:40 um so yeah just just kind of uh
01:04:46 can someone verify in the chat that if you go to sandbox.jorgan.net now oh i guess i could just do a new private
01:04:52 window huh and we'll go to sandbox dot joergen.net
01:04:59 and it lets me it lets me in but if i go to slash admin
01:05:06 it tries to authenticate right cool so private windows for the win should
01:05:11 have should have thought about that a half hour ago
01:05:19 okay so there we go sorry for all the troubleshooting and kind of going around
01:05:24 and around and around um and i'm actually going to verify that i can log into my admin portal again while i'm
01:05:31 here
01:05:49 yeah i can log into my admin portal again okay
01:05:54 cool
01:06:02 man i feel i feel really dumb now
01:06:08 but as you see uh you know how had i set this all up from scratch and not had an existing you know workflow that i was
01:06:14 already using that probably i probably wouldn't have ran into any of that um but uh yeah go through the steps that i
01:06:21 i outlined and um hopefully it should work out well for you um
01:06:27 so yeah anyway hopefully if you guys weren't too bored off your minds um and you learn something new i do think
01:06:32 cloudflare i mean it's clarify access is it's really nice i do like it um
01:06:38 you know you don't need to worry about it especially for temporary things like you don't need if you're like i temporarily
01:06:44 temporarily want to lock down an entire site maybe right and um you know you don't want to have
01:06:49 to worry about you may be throwing page safe on a page and you know having it in a partial across your entire site
01:06:56 that will work um and that gives you some additional abilities that access might not give you
01:07:03 but um access is quick and dirty you can lock down an entire website um and then
01:07:08 have on an authentication engine through any you know those those login methods so um it's a good tool to have in your
01:07:15 arsenal um and uh yeah let's see if there are any questions there um
01:07:21 so then would you have a client open cloudflare account then have them share that with us um yeah that's probably best so you know
01:07:28 because of the whole limit on the number of users unless you're like i'm helping a buddy
01:07:34 out and he just needs one login or something like that right but if you were doing this seriously um yeah you
01:07:40 might want to have you know a a cloudflare account for your client um that way it's all separate anyway
01:07:47 right so your your customer has their own cloudflare account and and whatnot um so yeah maybe post in freelancing group
01:07:54 and ask what other people do right um is it better to have all your clients into your account um if
01:08:00 you want to use access and you have less than 50 clients and they only need one login that could work right
01:08:06 um but you could again you could you know have some issues i don't know
01:08:12 but uh i guess you know it doesn't hurt having that level of
01:08:18 uh you know walled accounts so that all your clients have their accounts this client has his account so on and so
01:08:24 forth right um it's not a bad idea uh when i view the man it's asking for
01:08:30 okay okay so guys i think we're done uh that was
01:08:39 uh cloudflare access hope you enjoyed that um hopefully we'll see you at the hangouts on
01:08:46 on friday if you have any more questions about this or troubleshooting you want to play around let me know
01:08:52 um i'm pretty sure i had all the configurations for this done in like the first 15 minutes and then it was just
01:08:59 yeah browser caching issues julie so um okay take care guys
01:09:05 hopefully we'll see you on friday and we'll see you on the community take care bye