About Stacks Guru
Stacks Guru is born from the need to search the vast number of videos out there on stacks built for Stacks Pro and the Stacks 5 plugin for Rapidweaver.
We have scraped over 500 videos to get the transcripts for each in order to make the spoken word searchable.
Please use this free tool to help you learn and discover the awesome power that Stacks and the stacks made for Stacks have to offer.
Stacks Guru
Video Reference
Leave a Tip!
Every little bit helps to keep this going. I'll be doing my very best to keep up with the likes of Joe when it comes all the videos he posts!
Easy and FREE Logins with Cloudflare Access
Cloudflare Access is a very powerful way to add logins and authentication to your websites. For a vast majority of use cases, you can use it for FREE! In this live stream I will show you how to get it all setup and integrated with our websites.
Transcript
hope everyone's having a wonderful day let's get started
go ahead and i'm gonna forgot to take my vitamins this morning and i chuck them really quick
there we go okay excellent oh there we go now the chat's
working sunshine cottage thanks for coming on
just a couple thumbs up let me know the audio and video is um good hopefully it's good should be good
mr cole franco is here scott is in the house
donna i took my vitamins no headache yet
david thanks for coming on david yada guinness smart man smart man
so i'm drinking i i like drinking like water and i throw like those like little packets of like electrolytes
and we got this sample pack and this particular flavor is lemon and habanero
it is absolutely disgusting um i don't recommend it um so if you see lemon
habanero electrolyte powder mix yeah pass on it just pass
mr workman is in the house what's up dad
okay um so today
today we um this this live stream has been on my hey i'm gonna do a live stream on this
someday list right and so we're gonna learn how to um use probably a new tool for you maybe
um i've done some live streams and i've talked about on hangouts extensively and i think i did a
conference talk on cloudflare as well um i think um
so yeah i as you probably know i'm a huge fan of cloudflare i think they they've done a
stupendous job um and yeah i use them a lot in fact i
use um what i'm showing you today the cloud floor access i'm actually using that to manage the back end of weaver
space and it's pretty cool it's very very cool
now a couple people replied to me hey mark thanks for joining from belgium um
that hey joe why why are you going to be doing the live stream on cloudflare
because you have page safe like isn't that just going to like cannibalize page safe or something and
um page safe is amazing i love it it's one of my favorite stacks and um yeah it's true i guess you could
say that cloudflare you know access could replace page safe potentially pagesafe still has its place though i
mean it page safe is one of my favorite things you just drag it on the page you can change your passcode and boom it's
done right i mean it's super simple um it is secure uh and uh
and i i like the look of page safe right the little turning lock thing i i still love that and i me i made that so many
years ago right but uh still one of my favorite things page save does a few other things like stack safe and whatnot so um but yeah uh
you know page save is awesome and uh but hey cloudflare access is pretty cool too so um it's all about
having the right tools that you might need in your toolbox page safe is one of them
i'm about to teach you how to use cloudflare access as well and hopefully that's another tool that
you're going to have in your toolbox it works i think really really great for
total cms admin areas as well um it's super simple if you want to like block off an entire part of your website
um so yeah and and actually there's like zero work you have to do
inside rapidweaver to get it all working which is kind of crazy um i'm i may never even open up
rapidweaver today period okay just to show you that um we can configure cloudflare access
without the need of actually using rapidweaver at all so it's kind of interesting
um so i am not going to go over like the ins
and outs of how to set up cloudflare okay um maybe i'll do that i i've done
cloud for live streams but i i i have had some requests for that i'm not gonna do that today so if you don't know how
to set up cloudflare on your domain i'm not gonna go through that today okay i am gonna assume you have your website
set up on cloudflare okay um uh josh
um has josh oh i don't even remem olmen ullman man i forget his last name
now uh he's always on the hangouts he's actually volunteered to hop on a live stream and help him set up cloudflare
can i do like a live one-on-one sort of thing with cloudflare maybe we'll do that one day uh if you like that idea
let me know um maybe we'll put put it up on the priority list but
for right now we're going to dive in and uh i have to admit another thing i'm
kind of on purpose i actually um i didn't really prepare much so i have an idea of what i'm going to be doing
today but um i kind of wanted to dive in um so that i make mess-ups as well
and hopefully hopefully i'll make some mess up so that you can see me fix them and figure them out so it's kind of the fun of doing it
all live right is uh is not having everything cookie cutter um so sometimes
that's good though but let's go ahead let me share my screen
um okay uh what we're going to do is uh
what i think we're going to do is we're going to we're going to go ahead oh i have shoot i have page safe on this page okay i'm
going to have to open up rapidly for just to remove page safe from this i don't even know page save is on there
okay let's just do this let me open up wrapper really quick let me open up my sandbox project
i'm only going to wrap you over to remove to republish this this project so that i don't have page safe on there
because what's the point of learning something something new that logs you know with login when i already
got page save on the page okay uh let's just go ahead and uh my page is
blank actually now let's just go ahead and add a little bit of content just that we have something up there to
see and
come on there we go
all right let's just do i'm just gonna do this just do
homepage all right and uh i was using this for pwa let's go
ahead and what's this all right we'll leave out i'm gonna add a new page really quick just go so we
can do this uh sub page
okay uh actually here let's call this admin we're going to call this admin really
quick that
this all right extract that
admin just so we have a couple dummy pages
to uh to work with here let's just go ahead and republish all files
actually hold on let's cancel that i want to make sure that what i have in here it's blank good all right just go
ahead and republish all files
done okay um now that's that uh let's save that
let's refresh this page voila okay now we just have a generic page
okay um and then i created i think it was slash admin okay and that has the admin page okay
um so this is uh if you want to follow along it's just my sandbox sandbox.joeworkman.net
um and nothing really special there uh but what we're going to do now is um
let's go ahead and do yeah let's open up a new tab
okay and we're going to log into cloudflare
i guess actually let's go ahead and allow that
hey come on use my watch here excellent magic of one password
oh what hold on one second
oh they emailed me at the pass code my goodness give me a second here go ahead and
play the jeopardy theme music [Music]
let's just go ahead and let me in case this all opens up here come on mail
fun times login token there it is
copy that paste it log in
okay hey we're back now okay um so now i'm logged into my cloudflare account i'm
just gonna go to joe workman.net and we're going to go into there
sweet okay
so um actually before we start like diving and implementing it let me just show you
what cloudflare access gives us right so as i said before um i use this on weaver space right now
uh on not on the community on my actual website to lock down the admin side so if you were to go to weavers dot space
slash admin i could type there we go
you would see that i now have access to the back end of weaver space okay and
yes this is total cms2 i think i've given a little previews of this before we're not going to dive into that the
whole point of this was um you know hey i have i'm logged in it didn't prompt me for a login okay
and uh that's because i was already authenticated okay and what this does is
um this i actually use um what cloud for access does is it allows you to integrate with different
authentication engines um mostly oauth and third-party authenticators
i uh i'm using github as my authentication engine so if i were to go ahead and
um or actually here let's open up like something like firefox where i'm pretty sure i'm not logged into github right now
let's see if i go to github.com
yeah so i'm not logged into github on firefox right um so let's go ahead and go here and go to
weavers.space slash admin
oops helps if i spell it right weavers admin
and if you notice here it takes me to the github login page right so it's it noticed hey you're not logged
in you need to log in okay um and i can go ahead and log in with firefox
don't save oh jesus
i guess okay let's go ahead and i need to enable authentication through the github
app one second let me just do that just so that we're all copacetic and you can prove to you that it works
uh 99 approve github lies like a a mobile authentication thing
um which is kind of nice which means that you you can you know get features like that as well for your website um if
you were to use that and there we go boom and now i'm logged in and i can go to products or go to wherever right like
for example if i go to streams this is where i manage like a lot of the live stream stuff and create all the emails
and all that jazz that you guys get emailed on right so um okay cool so let's go ahead and quit
firefox so that just shows you kind of how things work um
and i did all of that without having to add a single thing onto
my website okay and just to prove you i've never set up at least at least i'm pretty sure
i've never set up um access on joerickman.net or sandbox.joeworkman.net
so um we're gonna do is i i think in order for this to work
um i need to enable um right now sandbox is set to be dns only
um i need to be able to actually turn on the little orange cloud so it
needs to be proxied through cloudflare okay so that's one step in order for access to work you have to enable the
proxy okay it has to be proxy through cloudflare or else it's not going to work okay so um so
yeah uh we'll test that later on uh after i get access all set up we'll turn off proxy and it should break it um or
it should stop it working from working so it'll be an interesting test so right now if you notice right here um so if
you look at sandbox it needs to be proxied so this little orange square right so this this sandbox url right
here needs to be proxied okay now with that done we're gonna go to the access tab
okay now uh one thing i should also note is cloudflare access is
free like it's kind of crazy like it's free for a certain amount and it's like a lot i
think any rapid ever user should be able to comfortably use cloudflare access
and not be worried about their client needing more let's look at cloud flare
access pricing let's just look at the pricing for cloudflare access
um
products should have had at least this page up huh application
it's somewhere
access there we go um
where's pricing get started use cases integrate pricing there we go man they don't make it easy
do they okay so uh let's see free plan 50 users
so you can have 50 separate users logged in um for zero and one
once you go over 50 it then gets pricey at seven dollars a user so um you
go from free to 350 bucks if you need 51 users right so um so there you go um
really cool though um you'll see how really great it is okay so if you need less than 50 users
which i'm pretty sure most rep sites built rapidly we're going to have less than 50 users
okay so here we uh go to the access tab okay and you can choose your login
method um i guess maybe i had tested this before because i have github here already if you click plus you'll you'll see that
you can authenticate with all kinds of different things so if you want facebook or linkedin or google i'm not sure what
all these some of these other ones are um i've seen one login and od oidc
before the open id thing i didn't even know those were still a thing actually uh g
g suite g suite um so yeah there we go lots of different services um i just predict i picked
google you can actually add multiple as well so if you want to give people options um i would i
i'm a simple guy kind of guy i would just pick one right and just say you have to use this one that's it
okay um i do like github um but again for your clients maybe github doesn't make sense or for yourself it doesn't
make sense so you would use facebook or google or linkedin right um i don't necessarily trust google or facebook so
um i would choose maybe linkedin even though that's now microsoft but yeah whatever
um so yeah you have a lot of different service providers here that you can do
and you can also do a one-time pin which
basically what that does is um every time you log in it emails you a code and
then you type in that you get that code and type in and then it authenticates you okay um that's all handled 100
inside cloudflare um i don't i find that a little bit annoying myself um
so yeah anyway uh there we go next is uh you you you put in your login
page right so uh you can change that if you wanted um so like i
basically it's like a sub domain okay so like i have weavers.cloudflare access
setup as my domain um it doesn't really matter um just leave it as that okay
all right so you can customize your login page as well i didn't even i think this is new they didn't have this when i did this
um oh you can put in a logo and customize your background colors interesting um
very cool they didn't have that when i initially set that up so that's kind of interesting although if you're already
logged in like it just kind of logs in automatically but that's nice to see that they have that a little at least a
little bit of customization which is kind of cool okay
um next up is where we can create our access policies so you can create a
policy here and then you could say my admin site or let's just do
sandbox live stream
test okay um now i'm doing this on my subdomain right so i'm going to be doing
this on sandbox.joeworkm.net and what's kind of interesting here is uh this is where if if i only wanted to
lock down the admin page so let's go ahead and i will only want to lock down everything inside admin
okay and then you can set up your session duration okay um so let's say i set it up in uh
you know however you want a week okay um
policy name but here this this where you can like you know uh my policy i guess
uh and then you can allow or deny various things and then here's where you can um
where you can set up authentication so this is where you set in emails okay or you can say or or you can pick access
groups as well i'm gonna i'm gonna set up something simple here and i'm just gonna set emails and i'm gonna put in my email
address okay so um so now if i authenticate with
github and github authenticates and it says that this is my email address
it will log me in purely by doing this that's it okay now um
i haven't played around with all these other things you can actually also do um i think emails ending in so if you want
to authenticate everybody in a particular email domain there you go
right so example if i were to do um workmanmail.com
okay um anyone that has an email of workmanmail.com so me my dad my kids my
wife right they would be able to uh log in as long as they authenticated with github
pretty cool right um so let's stick with that okay and uh
maybe once i get all the save my dad can try to log in i assume you have a github account dad i don't maybe not but um
yeah so there we go and then you can add different rules right but let's just keep it simple for
right now i think that's good okay um so we're gonna allow that uh let's look at the advanced settings i don't
even know it's here um allow control allow credentials oh this
is all core settings i'm going to leave all these as the default okay
so we're just going to save that now okay
now before earlier if you noticed inside when i created my access policy it gave
me the ability to choose an access group okay so this at this point you can like choose let's say you wanted different
levels of admin right so you wanted to create like user groups you could do that so you can create like group one of
users and group two of users and either you can um you know add particular email addresses into
those groups okay i'm not gonna go that granular i just want either i'm logged in or i'm not logged in
okay um [Music] and you know what the rest of this i'm
just gonna leave it as is okay so uh what i'm gonna do right now is um
i'm going to i'm going to go to firefox again
because i don't want to log out of my uh let's go to github i'm going to log out
of github on firefox so i'm going to sign out
all right oops all right and let's go to
sandbox.jewelry.net if you notice i can get to the homepage and then if i go to slash admin
oh it lets me in oh what did i do wrong oh okay what did i do wrong
i thought that's all we had to do
sandbox.net admin
let's see if i go to here
oh interesting oh right what i'm gonna do here is i'm
gonna change um so weavers.weavers.cloudflare access this login domain is the same domain i have
on weaver space so um here i'm just gonna do sandbox test
um that i think that could be the sandbox test
uh done
make sure you update your callback url and all your identity provider configurations and your new login page
domain okay do that
not live man see look at that told you i was gonna mess up guys
oh you just oh someone just refreshing is asking for authentication
oh i wonder if it's a cache thing oh i wonder if it's uh let's
it could be that my session is cached or something like that let's go ahead and
how do you clear cache inside uh so inside firefox i don't even know
nope that's the that brings up that oh disable cache
i don't know here we're in here let's go sandboxes jordan.net
admin oh now it's working
unable to find your access organization oh no i broke it
now let's change it let's try changes back
unable to find it it appears you have attempted to please enter a valid team name
oh okay
let's just launch zero trust let's see what this is this is teams the teams thing
they've changed since i've been in it a little bit
all right access okay i kind of remember this thing being in here
right here look sandbox okay admin self-hosted sign policies
this looks like to be all the stuff i already did let's see my policy
authentication is github
that's all the event this is all the same stuff that was in the other view
no i don't want that i don't want tunnels okay don't need any of that
let's go back to this
okay so create your login page did that instant auth here let's turn that off
turn it back on
oh this is okay so i guess i i didn't add this before that was actually
interesting so here i had gone ahead and um to set up github they have instructions
here right so i had gone in and put in my github my client id and my secret code okay which i'm not gonna share on
my live stream obviously um so yeah good idea uh good thing i
clicked on that i guess facebook's gonna be the same thing so if you use facebook you'd have to add in your oauth id and
then your oauth secret which they have you know um instructions here on how to get those
so that's good good thing i clicked on that um i customized the page here
organization name log i don't have a logo right now it's fine
um or here let's go ahead and let's try to be nice let's go to transmit i think
i have a logo uploaded
oh yeah boom uber space logo right
oh it's that one yeah that works okay let's do copy url uh let's customize this page
i'm going to put in that okay
organization name sandbox let's do
live stream testing
save
all right so now if i go here welcome back log in to your applications
behind access log in oh now it works i wonder if it just took some time
okay um so now it's it's asking you know there and i click on github and i'm already authenticated with github
um oh they're unable to find your access organization appears you have attempted to reach
invalid url all right hold on one second let's go
ahead and admin admin works
but i think let's get rid of that
i wonder if some of those changes just took a little bit of time to oh there we okay so now i went to sandbox oh interesting so now i went to
sandbox admin i'm thinking i was just maybe a little impatient and things didn't then didn't
update as instantly as i expected them to all right so now i can go to github here oh unable to find your access
organization okay so now it's still got the same error so okay
maybe i need some sort of uh users includes oh look i have brett here for oh brett
was helping me test this out years ago when i was first doing it
all right you know what i'm gonna do i'm gonna i'm gonna delete everything um i because i had some of this stuff
i'm just gonna delete it all okay
hopefully all the stuff i'm doing i'm not going to completely break yes delete it
access group cannot be deleted please remove the group from the policy first i don't know what policy this is
created two years ago expires that a year ago well maybe is that this access token
let's delete that generate a service token
we'll copy this now i'm not sure exactly what it's used for but there we go expires in a year
short lived certificates events oh look oh revoke session i'm going to
revoke i'm going to revoke
all access requests oh interesting they have like all these various access levels and stuff
i'm actually a little curious if i just totally broke my weaver space admin i mean it's just mine but
oh no i totally i totally broke my weaver space login right now
that's that's hilarious not so hilarious um
all right i'm going to change this back to weavers done
all right totally just broke broke my login that's funny
okay um let's go ahead and edit this
what's this all right brett you're gone if you're here all right anyone so any email
ending in workman mail okay save
uh and then we have create access policy so let's do this so
um admin we have sandbox dot
oops sandbox slash admin uh session duration 24 hours
um admin users
decision allow access group users let's do it that way i think that
probably makes more sense save all right so admin users includes access
groups users and then users includes anyone with workmanmail.com
okay edit access app launch
i don't know what that is all right let's
let's see if i uh viewers dot space
slash admin
and i i totally broke it now
fun times
man i had visions of this just going super smoothly i had set this up before for somebody else and it worked great
not logged in github
that's weird that in firefox it's like catching the page
but when i went here let's close that close that
oh now it's just straight letting me in
what did i do wrong
oh i turned off instant off that's right now
wow that's craziness
revoke existing tokens
add a log out oh you can add a logout bar interesting
okay that didn't work
wow so here sandbox.net slash admin
let's just do everything anywhere
save
access groups is anyone with workman mail uh generate service anthony your tool
scripts and bots i really need this is for like automation and getting access via you know some sort of
api um i deleted that i wonder if i'm using that anywhere else
okay short live certificates don't need those events access created token
current monthly users 26 and yep my son logged in three days ago i logged in 22 minutes ago
interesting
i'm going to log out of get up here sign out i'm logged out
clear my cache oh
okay so here um all right so now i interesting so i have multiple
cloudflare access things set up here is if you look at the
browser tooltip down on the bottom this one is weaver space slash admin this one is the future.weavers.space which i
don't even think exists anymore and then this is sandbox it's kind of interesting even though it's it's across multiple
cloudflare accounts um very interesting actually this is very interesting um i did learn something new
today um so now that because i have cloudflare access configured across multiple sites
this can and they're all configured to use this same um domain um it kind of shows me different
login pages kind of cool actually interesting idea so now if i click on this one
it takes me to the home page um what should it have
interesting
i'm going to head over to websites
here i have okay access groups users work with mail
servers token
oh
oh interesting i was playing around okay
so i learned some i just learned something so apparently this access um a lot of it is
kind of global across your accounts actually so that's very interesting um so i thought it was all
managed individually per domain but it's not it's like shared which is
interesting so um if you are if you have a centralized cloudflare account and you're managing it for yourself and all
your clients um definitely be aware of that because that 50 user total is going to apply to
i think the total of all the the sites in that domain right so uh very interesting make sure that so if
you want to make sure every client is kind of siloed you want to make sure they have their own cloudflare account maybe
um very interesting i did not know that
um so eye opening
very interesting and you guys are probably bored off your mind while i troubleshoot this
sorry uh let's go back to uh
sandbox
some things are so it looks like like the login method here is is
definitely synced right um the access policies are
different very interesting
it's definitely some sort of because like these access service tokens that was that was the same when i went to the
weaver space domain so very interesting murphy is working overtime yes it is
the wonders of doing things live right dr bob
i hope you're recording this for backwards engineering yeah exactly guess wrong [Laughter]
okay um
nothing like breaking my sight live
i'm not using that
let's try this expires immediately
so i have users oh cancel i don't want to delete that so i have a user's group emails ending
in workman mail um just go ahead and i'm going to change this i'm just going to add it just for
just for mine for right now just to change something up here
and i think i think i added it so the entire domain should be
should be that
i don't necessarily want to
delete my github authentication
all right so what we're going to do here is let's i'm going to click on that and oh well it takes me there
but i'm not logged into github so it shouldn't have
wait what that image isn't even on the homepage
there we have some gremlins here because
what i can do here i'm going to do file new private window let's go to sandbox.joking.net
oh look and the private window is working so it must be some sort of caching
jesus oh i wonder i wonder if
um no there's no service workers
browser cache is a son of a right jesus christ so now it asked me for a login
oh it's gonna ask me for this again let me go ahead and use my github app and
and 16 approved
there we go jesus here i'm going to go ahead and i'm going
to quit safari i'm going gonna relaunch it
by the way guys if you notice up at the top of my live stream i have like the keyboard combos if i ever hit like a is
that annoying or is it useful for you guys i'm thinking because i use so many keyboard combinations to do stuff that
it could be potentially annoying for you guys let me know if you like that or not i don't know
um maybe i shouldn't have it up here at the very top right because like for example i use this keyboard combination
i mean it's all the keys plus an s to launch safari right so yeah
um okay so let's go to sandbox again
that it's still letting me in though oh it's because i am i authenticate i
authenticated with github i wonder if it's now
no i'm not right look at that
if i do this if i didn't uh oh new private window
look it works it works exactly how i would expect it to work in a private window
i wonder if i go to
let's delete that
ah it was a cookie
look it it is a cookie so it's stored in authorization cookie and it's because
so um all right darn cookies
uh it's because i had the the session thing saved let's go back to my cloudflare
and i knew i knew so if you guys look so um let me back up in dev tools if you go to
storage you can see all your cookies right and so if i delete this and if i refresh this page um watch if
you if you could catch it on the live stream look at this url and it will redirect to weavers.there
weavers.cloudflooraccess.com it authenticates and it puts me through here right
okay now the question is why is it allowing the authentication
because i'm not logged into github but if i use a private window it
actually prompts me to log into github which is what i would expect right oh jesus
52 prove hey
boom [Music]
interesting
another one jesus can be annoying sometimes can't it
approve [Music] there we go
hmm so if i go to
firefox now right
that's just craziness
oh so firefox when i was testing pwa
i i was testing pwa obviously on on sandbox.jewelry.net and it it had stored there we go it had
stored that in the in the cache which is interesting so that was a test version that that
answers that which is kind of funky um now let's go ahead and am i logged
into github here
not okay and if i go to
storage look at the cookies there's my authentication
cookie from cloudflare
how did it know that it's me
delete all session cookies
i'm just going to delete all this stuff here
all right that's paypal stuff
all right
very interesting it still sees that i am i'm logged in
why works perfect in the let's try a new private window here
so if i go to sandbox.js.net takes me to github exactly how it should
how it should work without a private window so it's still logging me in for some
reason um well at least it's not i know it's not safari it's everything
so let's go ahead and go here
oh i'm already in it access all right
so i got a sandbox admin users allow
users
cancel this and me
cancel
don't even think i need this
i thought i revoked this one
like still there i got that didn't revoke it
i guess it just says those are my current my current month oh these are my current monthly users all the people
that have logged in so you could revoke a session but it's still there duh so that this way you can see
you know who's logged in in my current month because you're allowed 50 users per month right so these are all the
people that have logged in this month um onto my my things got it
and then here you can see all the people that logged in some people that tried to log in
a few minutes ago during the live stream all right and policy changes these you can see all the policy changes
so if you guys just in the uh oh so travis just said he's he tried it so if you guys go to
sandbox.joeworkman.net do you get the login screen even without a private browser um
so yeah i'm in a private browser and uh i mean here let me if i log out of
github oh i'm not even logged in but i authenticated it's probably
probably some sort of
here i'm just going to
yeah saving it somewhere how can i clear like
if we go to websites where can you like privacy
and there's website data
oops
all right remove all remove now
oh i just i just trashed oh no i didn't did okay i wonder if it's seen cloudflare as well
oh cloudflare access look at that it probably stored the stored it under cloudflare access
interesting i'm going to remove all of those just so you can kind of be
copacetic and let's look at github i'm just trying to get to uh
oops
here i'm going to remove all that as well okay
so now let's go ahead and just be safe i'm going to just restart
now it works it must have been a cached website data somewhere right so uh
i had everything set up properly probably in the first 10 minutes but um there we go so now i'm going to log into
github we sign in uh it's going to ask for authentication
36 approve
boom there we go darn it man okay uh let me go ahead and log back into cloudflare
okay so it it guys uh it looks like in the chat it was working for you guys um
and it was something the website it was like you know the cookie the session data was stored in my browser and once i
cleared that data it it required that i authenticate again just kind of show you that you know it it's kind of
interesting that uh you know the authentication worked um and because before i had it set to one i had it set
to one week so that it allowed me to keep logging in for a week right um
so yeah if if you're on a machine that you don't want you want to make sure is you know definitely locked down make
sure that you set that to be not one week because as you see there
i would have i thought if i would have logged out of github on my on my browser that it would have logged me out of
um my site as well but obviously that's not true um
where did i set the access tokens to like a week where was that is that in here
oh oh here so now it's set to expire immediately but when i when i initially created it i did a week right so that
created this token on my browser that allowed me to log in for a week okay so
man i spent like an hour and and i think all the issues that i was
having was because of a um a browser caching
cookie issue um but hopefully you see this now so let me just review this again okay
you go ahead you set up your login domain um i did we did learn that the users
across is i i'm pretty certain uh from what i've seen today that it's
universal across your cloudflare account so it's not 50 users per domain it's 50
users for all of the domains in your cloudflare account okay and they kind of
share this login page domain it seems like okay uh you can create as many login
methods as you want um here i'm using github i do like it i actually kind of like the little
authentication you know token via the ios app it's nice
um you can customize your login screen okay give it a logo and change the colors
okay um and then here you define your access policies so in your access policies this
is where you define um the domains and the paths so for example if i only wanted to do slash
admin okay um and let's say no duration expires immediately and i want to do access
groups users now any in here you could do specific emails or email ending in
to be honest it's probably better to use the groups and kind of keep those two things separate um just for scalability
in the future right so here i'm gonna save this so now that i saved this you should be
able to go to sandbox.joeworker.net without logging in but if you go to slash admin it should prompt you to log
in okay um and then in our access groups um you can create as many groups as you want
here i have said emails with joe uh my email i'm actually gonna change that back to uh emails ending in
uh workmanmail.com
okay and i'm gonna save that that way my son can log in and do his work again
um you don't need to worry about the access app launch or service tokens or short-lived certificates okay
um that's it so in reality if you were setting this up new it would
probably take you 20 minutes okay um maybe even less and again i i did all
this without ever logging into rapidweaver to change anything
um so yeah just just kind of uh
can someone verify in the chat that if you go to sandbox.jorgan.net now oh i guess i could just do a new private
window huh and we'll go to sandbox dot joergen.net
and it lets me it lets me in but if i go to slash admin
it tries to authenticate right cool so private windows for the win should
have should have thought about that a half hour ago
okay so there we go sorry for all the troubleshooting and kind of going around
and around and around um and i'm actually going to verify that i can log into my admin portal again while i'm
here
yeah i can log into my admin portal again okay
cool
man i feel i feel really dumb now
but as you see uh you know how had i set this all up from scratch and not had an existing you know workflow that i was
already using that probably i probably wouldn't have ran into any of that um but uh yeah go through the steps that i
i outlined and um hopefully it should work out well for you um
so yeah anyway hopefully if you guys weren't too bored off your minds um and you learn something new i do think
cloudflare i mean it's clarify access is it's really nice i do like it um
you know you don't need to worry about it especially for temporary things like you don't need if you're like i temporarily
temporarily want to lock down an entire site maybe right and um you know you don't want to have
to worry about you may be throwing page safe on a page and you know having it in a partial across your entire site
that will work um and that gives you some additional abilities that access might not give you
but um access is quick and dirty you can lock down an entire website um and then
have on an authentication engine through any you know those those login methods so um it's a good tool to have in your
arsenal um and uh yeah let's see if there are any questions there um
so then would you have a client open cloudflare account then have them share that with us um yeah that's probably best so you know
because of the whole limit on the number of users unless you're like i'm helping a buddy
out and he just needs one login or something like that right but if you were doing this seriously um yeah you
might want to have you know a a cloudflare account for your client um that way it's all separate anyway
right so your your customer has their own cloudflare account and and whatnot um so yeah maybe post in freelancing group
and ask what other people do right um is it better to have all your clients into your account um if
you want to use access and you have less than 50 clients and they only need one login that could work right
um but you could again you could you know have some issues i don't know
but uh i guess you know it doesn't hurt having that level of
uh you know walled accounts so that all your clients have their accounts this client has his account so on and so
forth right um it's not a bad idea uh when i view the man it's asking for
okay okay so guys i think we're done uh that was
uh cloudflare access hope you enjoyed that um hopefully we'll see you at the hangouts on
on friday if you have any more questions about this or troubleshooting you want to play around let me know
um i'm pretty sure i had all the configurations for this done in like the first 15 minutes and then it was just
yeah browser caching issues julie so um okay take care guys
hopefully we'll see you on friday and we'll see you on the community take care bye
go ahead and i'm gonna forgot to take my vitamins this morning and i chuck them really quick
there we go okay excellent oh there we go now the chat's
working sunshine cottage thanks for coming on
just a couple thumbs up let me know the audio and video is um good hopefully it's good should be good
mr cole franco is here scott is in the house
donna i took my vitamins no headache yet
david thanks for coming on david yada guinness smart man smart man
so i'm drinking i i like drinking like water and i throw like those like little packets of like electrolytes
and we got this sample pack and this particular flavor is lemon and habanero
it is absolutely disgusting um i don't recommend it um so if you see lemon
habanero electrolyte powder mix yeah pass on it just pass
mr workman is in the house what's up dad
okay um so today
today we um this this live stream has been on my hey i'm gonna do a live stream on this
someday list right and so we're gonna learn how to um use probably a new tool for you maybe
um i've done some live streams and i've talked about on hangouts extensively and i think i did a
conference talk on cloudflare as well um i think um
so yeah i as you probably know i'm a huge fan of cloudflare i think they they've done a
stupendous job um and yeah i use them a lot in fact i
use um what i'm showing you today the cloud floor access i'm actually using that to manage the back end of weaver
space and it's pretty cool it's very very cool
now a couple people replied to me hey mark thanks for joining from belgium um
that hey joe why why are you going to be doing the live stream on cloudflare
because you have page safe like isn't that just going to like cannibalize page safe or something and
um page safe is amazing i love it it's one of my favorite stacks and um yeah it's true i guess you could
say that cloudflare you know access could replace page safe potentially pagesafe still has its place though i
mean it page safe is one of my favorite things you just drag it on the page you can change your passcode and boom it's
done right i mean it's super simple um it is secure uh and uh
and i i like the look of page safe right the little turning lock thing i i still love that and i me i made that so many
years ago right but uh still one of my favorite things page save does a few other things like stack safe and whatnot so um but yeah uh
you know page save is awesome and uh but hey cloudflare access is pretty cool too so um it's all about
having the right tools that you might need in your toolbox page safe is one of them
i'm about to teach you how to use cloudflare access as well and hopefully that's another tool that
you're going to have in your toolbox it works i think really really great for
total cms admin areas as well um it's super simple if you want to like block off an entire part of your website
um so yeah and and actually there's like zero work you have to do
inside rapidweaver to get it all working which is kind of crazy um i'm i may never even open up
rapidweaver today period okay just to show you that um we can configure cloudflare access
without the need of actually using rapidweaver at all so it's kind of interesting
um so i am not going to go over like the ins
and outs of how to set up cloudflare okay um maybe i'll do that i i've done
cloud for live streams but i i i have had some requests for that i'm not gonna do that today so if you don't know how
to set up cloudflare on your domain i'm not gonna go through that today okay i am gonna assume you have your website
set up on cloudflare okay um uh josh
um has josh oh i don't even remem olmen ullman man i forget his last name
now uh he's always on the hangouts he's actually volunteered to hop on a live stream and help him set up cloudflare
can i do like a live one-on-one sort of thing with cloudflare maybe we'll do that one day uh if you like that idea
let me know um maybe we'll put put it up on the priority list but
for right now we're going to dive in and uh i have to admit another thing i'm
kind of on purpose i actually um i didn't really prepare much so i have an idea of what i'm going to be doing
today but um i kind of wanted to dive in um so that i make mess-ups as well
and hopefully hopefully i'll make some mess up so that you can see me fix them and figure them out so it's kind of the fun of doing it
all live right is uh is not having everything cookie cutter um so sometimes
that's good though but let's go ahead let me share my screen
um okay uh what we're going to do is uh
what i think we're going to do is we're going to we're going to go ahead oh i have shoot i have page safe on this page okay i'm
going to have to open up rapidly for just to remove page safe from this i don't even know page save is on there
okay let's just do this let me open up wrapper really quick let me open up my sandbox project
i'm only going to wrap you over to remove to republish this this project so that i don't have page safe on there
because what's the point of learning something something new that logs you know with login when i already
got page save on the page okay uh let's just go ahead and uh my page is
blank actually now let's just go ahead and add a little bit of content just that we have something up there to
see and
come on there we go
all right let's just do i'm just gonna do this just do
homepage all right and uh i was using this for pwa let's go
ahead and what's this all right we'll leave out i'm gonna add a new page really quick just go so we
can do this uh sub page
okay uh actually here let's call this admin we're going to call this admin really
quick that
this all right extract that
admin just so we have a couple dummy pages
to uh to work with here let's just go ahead and republish all files
actually hold on let's cancel that i want to make sure that what i have in here it's blank good all right just go
ahead and republish all files
done okay um now that's that uh let's save that
let's refresh this page voila okay now we just have a generic page
okay um and then i created i think it was slash admin okay and that has the admin page okay
um so this is uh if you want to follow along it's just my sandbox sandbox.joeworkman.net
um and nothing really special there uh but what we're going to do now is um
let's go ahead and do yeah let's open up a new tab
okay and we're going to log into cloudflare
i guess actually let's go ahead and allow that
hey come on use my watch here excellent magic of one password
oh what hold on one second
oh they emailed me at the pass code my goodness give me a second here go ahead and
play the jeopardy theme music [Music]
let's just go ahead and let me in case this all opens up here come on mail
fun times login token there it is
copy that paste it log in
okay hey we're back now okay um so now i'm logged into my cloudflare account i'm
just gonna go to joe workman.net and we're going to go into there
sweet okay
so um actually before we start like diving and implementing it let me just show you
what cloudflare access gives us right so as i said before um i use this on weaver space right now
uh on not on the community on my actual website to lock down the admin side so if you were to go to weavers dot space
slash admin i could type there we go
you would see that i now have access to the back end of weaver space okay and
yes this is total cms2 i think i've given a little previews of this before we're not going to dive into that the
whole point of this was um you know hey i have i'm logged in it didn't prompt me for a login okay
and uh that's because i was already authenticated okay and what this does is
um this i actually use um what cloud for access does is it allows you to integrate with different
authentication engines um mostly oauth and third-party authenticators
i uh i'm using github as my authentication engine so if i were to go ahead and
um or actually here let's open up like something like firefox where i'm pretty sure i'm not logged into github right now
let's see if i go to github.com
yeah so i'm not logged into github on firefox right um so let's go ahead and go here and go to
weavers.space slash admin
oops helps if i spell it right weavers admin
and if you notice here it takes me to the github login page right so it's it noticed hey you're not logged
in you need to log in okay um and i can go ahead and log in with firefox
don't save oh jesus
i guess okay let's go ahead and i need to enable authentication through the github
app one second let me just do that just so that we're all copacetic and you can prove to you that it works
uh 99 approve github lies like a a mobile authentication thing
um which is kind of nice which means that you you can you know get features like that as well for your website um if
you were to use that and there we go boom and now i'm logged in and i can go to products or go to wherever right like
for example if i go to streams this is where i manage like a lot of the live stream stuff and create all the emails
and all that jazz that you guys get emailed on right so um okay cool so let's go ahead and quit
firefox so that just shows you kind of how things work um
and i did all of that without having to add a single thing onto
my website okay and just to prove you i've never set up at least at least i'm pretty sure
i've never set up um access on joerickman.net or sandbox.joeworkman.net
so um we're gonna do is i i think in order for this to work
um i need to enable um right now sandbox is set to be dns only
um i need to be able to actually turn on the little orange cloud so it
needs to be proxied through cloudflare okay so that's one step in order for access to work you have to enable the
proxy okay it has to be proxy through cloudflare or else it's not going to work okay so um so
yeah uh we'll test that later on uh after i get access all set up we'll turn off proxy and it should break it um or
it should stop it working from working so it'll be an interesting test so right now if you notice right here um so if
you look at sandbox it needs to be proxied so this little orange square right so this this sandbox url right
here needs to be proxied okay now with that done we're gonna go to the access tab
okay now uh one thing i should also note is cloudflare access is
free like it's kind of crazy like it's free for a certain amount and it's like a lot i
think any rapid ever user should be able to comfortably use cloudflare access
and not be worried about their client needing more let's look at cloud flare
access pricing let's just look at the pricing for cloudflare access
um
products should have had at least this page up huh application
it's somewhere
access there we go um
where's pricing get started use cases integrate pricing there we go man they don't make it easy
do they okay so uh let's see free plan 50 users
so you can have 50 separate users logged in um for zero and one
once you go over 50 it then gets pricey at seven dollars a user so um you
go from free to 350 bucks if you need 51 users right so um so there you go um
really cool though um you'll see how really great it is okay so if you need less than 50 users
which i'm pretty sure most rep sites built rapidly we're going to have less than 50 users
okay so here we uh go to the access tab okay and you can choose your login
method um i guess maybe i had tested this before because i have github here already if you click plus you'll you'll see that
you can authenticate with all kinds of different things so if you want facebook or linkedin or google i'm not sure what
all these some of these other ones are um i've seen one login and od oidc
before the open id thing i didn't even know those were still a thing actually uh g
g suite g suite um so yeah there we go lots of different services um i just predict i picked
google you can actually add multiple as well so if you want to give people options um i would i
i'm a simple guy kind of guy i would just pick one right and just say you have to use this one that's it
okay um i do like github um but again for your clients maybe github doesn't make sense or for yourself it doesn't
make sense so you would use facebook or google or linkedin right um i don't necessarily trust google or facebook so
um i would choose maybe linkedin even though that's now microsoft but yeah whatever
um so yeah you have a lot of different service providers here that you can do
and you can also do a one-time pin which
basically what that does is um every time you log in it emails you a code and
then you type in that you get that code and type in and then it authenticates you okay um that's all handled 100
inside cloudflare um i don't i find that a little bit annoying myself um
so yeah anyway uh there we go next is uh you you you put in your login
page right so uh you can change that if you wanted um so like i
basically it's like a sub domain okay so like i have weavers.cloudflare access
setup as my domain um it doesn't really matter um just leave it as that okay
all right so you can customize your login page as well i didn't even i think this is new they didn't have this when i did this
um oh you can put in a logo and customize your background colors interesting um
very cool they didn't have that when i initially set that up so that's kind of interesting although if you're already
logged in like it just kind of logs in automatically but that's nice to see that they have that a little at least a
little bit of customization which is kind of cool okay
um next up is where we can create our access policies so you can create a
policy here and then you could say my admin site or let's just do
sandbox live stream
test okay um now i'm doing this on my subdomain right so i'm going to be doing
this on sandbox.joeworkm.net and what's kind of interesting here is uh this is where if if i only wanted to
lock down the admin page so let's go ahead and i will only want to lock down everything inside admin
okay and then you can set up your session duration okay um so let's say i set it up in uh
you know however you want a week okay um
policy name but here this this where you can like you know uh my policy i guess
uh and then you can allow or deny various things and then here's where you can um
where you can set up authentication so this is where you set in emails okay or you can say or or you can pick access
groups as well i'm gonna i'm gonna set up something simple here and i'm just gonna set emails and i'm gonna put in my email
address okay so um so now if i authenticate with
github and github authenticates and it says that this is my email address
it will log me in purely by doing this that's it okay now um
i haven't played around with all these other things you can actually also do um i think emails ending in so if you want
to authenticate everybody in a particular email domain there you go
right so example if i were to do um workmanmail.com
okay um anyone that has an email of workmanmail.com so me my dad my kids my
wife right they would be able to uh log in as long as they authenticated with github
pretty cool right um so let's stick with that okay and uh
maybe once i get all the save my dad can try to log in i assume you have a github account dad i don't maybe not but um
yeah so there we go and then you can add different rules right but let's just keep it simple for
right now i think that's good okay um so we're gonna allow that uh let's look at the advanced settings i don't
even know it's here um allow control allow credentials oh this
is all core settings i'm going to leave all these as the default okay
so we're just going to save that now okay
now before earlier if you noticed inside when i created my access policy it gave
me the ability to choose an access group okay so this at this point you can like choose let's say you wanted different
levels of admin right so you wanted to create like user groups you could do that so you can create like group one of
users and group two of users and either you can um you know add particular email addresses into
those groups okay i'm not gonna go that granular i just want either i'm logged in or i'm not logged in
okay um [Music] and you know what the rest of this i'm
just gonna leave it as is okay so uh what i'm gonna do right now is um
i'm going to i'm going to go to firefox again
because i don't want to log out of my uh let's go to github i'm going to log out
of github on firefox so i'm going to sign out
all right oops all right and let's go to
sandbox.jewelry.net if you notice i can get to the homepage and then if i go to slash admin
oh it lets me in oh what did i do wrong oh okay what did i do wrong
i thought that's all we had to do
sandbox.net admin
let's see if i go to here
oh interesting oh right what i'm gonna do here is i'm
gonna change um so weavers.weavers.cloudflare access this login domain is the same domain i have
on weaver space so um here i'm just gonna do sandbox test
um that i think that could be the sandbox test
uh done
make sure you update your callback url and all your identity provider configurations and your new login page
domain okay do that
not live man see look at that told you i was gonna mess up guys
oh you just oh someone just refreshing is asking for authentication
oh i wonder if it's a cache thing oh i wonder if it's uh let's
it could be that my session is cached or something like that let's go ahead and
how do you clear cache inside uh so inside firefox i don't even know
nope that's the that brings up that oh disable cache
i don't know here we're in here let's go sandboxes jordan.net
admin oh now it's working
unable to find your access organization oh no i broke it
now let's change it let's try changes back
unable to find it it appears you have attempted to please enter a valid team name
oh okay
let's just launch zero trust let's see what this is this is teams the teams thing
they've changed since i've been in it a little bit
all right access okay i kind of remember this thing being in here
right here look sandbox okay admin self-hosted sign policies
this looks like to be all the stuff i already did let's see my policy
authentication is github
that's all the event this is all the same stuff that was in the other view
no i don't want that i don't want tunnels okay don't need any of that
let's go back to this
okay so create your login page did that instant auth here let's turn that off
turn it back on
oh this is okay so i guess i i didn't add this before that was actually
interesting so here i had gone ahead and um to set up github they have instructions
here right so i had gone in and put in my github my client id and my secret code okay which i'm not gonna share on
my live stream obviously um so yeah good idea uh good thing i
clicked on that i guess facebook's gonna be the same thing so if you use facebook you'd have to add in your oauth id and
then your oauth secret which they have you know um instructions here on how to get those
so that's good good thing i clicked on that um i customized the page here
organization name log i don't have a logo right now it's fine
um or here let's go ahead and let's try to be nice let's go to transmit i think
i have a logo uploaded
oh yeah boom uber space logo right
oh it's that one yeah that works okay let's do copy url uh let's customize this page
i'm going to put in that okay
organization name sandbox let's do
live stream testing
save
all right so now if i go here welcome back log in to your applications
behind access log in oh now it works i wonder if it just took some time
okay um so now it's it's asking you know there and i click on github and i'm already authenticated with github
um oh they're unable to find your access organization appears you have attempted to reach
invalid url all right hold on one second let's go
ahead and admin admin works
but i think let's get rid of that
i wonder if some of those changes just took a little bit of time to oh there we okay so now i went to sandbox oh interesting so now i went to
sandbox admin i'm thinking i was just maybe a little impatient and things didn't then didn't
update as instantly as i expected them to all right so now i can go to github here oh unable to find your access
organization okay so now it's still got the same error so okay
maybe i need some sort of uh users includes oh look i have brett here for oh brett
was helping me test this out years ago when i was first doing it
all right you know what i'm gonna do i'm gonna i'm gonna delete everything um i because i had some of this stuff
i'm just gonna delete it all okay
hopefully all the stuff i'm doing i'm not going to completely break yes delete it
access group cannot be deleted please remove the group from the policy first i don't know what policy this is
created two years ago expires that a year ago well maybe is that this access token
let's delete that generate a service token
we'll copy this now i'm not sure exactly what it's used for but there we go expires in a year
short lived certificates events oh look oh revoke session i'm going to
revoke i'm going to revoke
all access requests oh interesting they have like all these various access levels and stuff
i'm actually a little curious if i just totally broke my weaver space admin i mean it's just mine but
oh no i totally i totally broke my weaver space login right now
that's that's hilarious not so hilarious um
all right i'm going to change this back to weavers done
all right totally just broke broke my login that's funny
okay um let's go ahead and edit this
what's this all right brett you're gone if you're here all right anyone so any email
ending in workman mail okay save
uh and then we have create access policy so let's do this so
um admin we have sandbox dot
oops sandbox slash admin uh session duration 24 hours
um admin users
decision allow access group users let's do it that way i think that
probably makes more sense save all right so admin users includes access
groups users and then users includes anyone with workmanmail.com
okay edit access app launch
i don't know what that is all right let's
let's see if i uh viewers dot space
slash admin
and i i totally broke it now
fun times
man i had visions of this just going super smoothly i had set this up before for somebody else and it worked great
not logged in github
that's weird that in firefox it's like catching the page
but when i went here let's close that close that
oh now it's just straight letting me in
what did i do wrong
oh i turned off instant off that's right now
wow that's craziness
revoke existing tokens
add a log out oh you can add a logout bar interesting
okay that didn't work
wow so here sandbox.net slash admin
let's just do everything anywhere
save
access groups is anyone with workman mail uh generate service anthony your tool
scripts and bots i really need this is for like automation and getting access via you know some sort of
api um i deleted that i wonder if i'm using that anywhere else
okay short live certificates don't need those events access created token
current monthly users 26 and yep my son logged in three days ago i logged in 22 minutes ago
interesting
i'm going to log out of get up here sign out i'm logged out
clear my cache oh
okay so here um all right so now i interesting so i have multiple
cloudflare access things set up here is if you look at the
browser tooltip down on the bottom this one is weaver space slash admin this one is the future.weavers.space which i
don't even think exists anymore and then this is sandbox it's kind of interesting even though it's it's across multiple
cloudflare accounts um very interesting actually this is very interesting um i did learn something new
today um so now that because i have cloudflare access configured across multiple sites
this can and they're all configured to use this same um domain um it kind of shows me different
login pages kind of cool actually interesting idea so now if i click on this one
it takes me to the home page um what should it have
interesting
i'm going to head over to websites
here i have okay access groups users work with mail
servers token
oh
oh interesting i was playing around okay
so i learned some i just learned something so apparently this access um a lot of it is
kind of global across your accounts actually so that's very interesting um so i thought it was all
managed individually per domain but it's not it's like shared which is
interesting so um if you are if you have a centralized cloudflare account and you're managing it for yourself and all
your clients um definitely be aware of that because that 50 user total is going to apply to
i think the total of all the the sites in that domain right so uh very interesting make sure that so if
you want to make sure every client is kind of siloed you want to make sure they have their own cloudflare account maybe
um very interesting i did not know that
um so eye opening
very interesting and you guys are probably bored off your mind while i troubleshoot this
sorry uh let's go back to uh
sandbox
some things are so it looks like like the login method here is is
definitely synced right um the access policies are
different very interesting
it's definitely some sort of because like these access service tokens that was that was the same when i went to the
weaver space domain so very interesting murphy is working overtime yes it is
the wonders of doing things live right dr bob
i hope you're recording this for backwards engineering yeah exactly guess wrong [Laughter]
okay um
nothing like breaking my sight live
i'm not using that
let's try this expires immediately
so i have users oh cancel i don't want to delete that so i have a user's group emails ending
in workman mail um just go ahead and i'm going to change this i'm just going to add it just for
just for mine for right now just to change something up here
and i think i think i added it so the entire domain should be
should be that
i don't necessarily want to
delete my github authentication
all right so what we're going to do here is let's i'm going to click on that and oh well it takes me there
but i'm not logged into github so it shouldn't have
wait what that image isn't even on the homepage
there we have some gremlins here because
what i can do here i'm going to do file new private window let's go to sandbox.joking.net
oh look and the private window is working so it must be some sort of caching
jesus oh i wonder i wonder if
um no there's no service workers
browser cache is a son of a right jesus christ so now it asked me for a login
oh it's gonna ask me for this again let me go ahead and use my github app and
and 16 approved
there we go jesus here i'm going to go ahead and i'm going
to quit safari i'm going gonna relaunch it
by the way guys if you notice up at the top of my live stream i have like the keyboard combos if i ever hit like a is
that annoying or is it useful for you guys i'm thinking because i use so many keyboard combinations to do stuff that
it could be potentially annoying for you guys let me know if you like that or not i don't know
um maybe i shouldn't have it up here at the very top right because like for example i use this keyboard combination
i mean it's all the keys plus an s to launch safari right so yeah
um okay so let's go to sandbox again
that it's still letting me in though oh it's because i am i authenticate i
authenticated with github i wonder if it's now
no i'm not right look at that
if i do this if i didn't uh oh new private window
look it works it works exactly how i would expect it to work in a private window
i wonder if i go to
let's delete that
ah it was a cookie
look it it is a cookie so it's stored in authorization cookie and it's because
so um all right darn cookies
uh it's because i had the the session thing saved let's go back to my cloudflare
and i knew i knew so if you guys look so um let me back up in dev tools if you go to
storage you can see all your cookies right and so if i delete this and if i refresh this page um watch if
you if you could catch it on the live stream look at this url and it will redirect to weavers.there
weavers.cloudflooraccess.com it authenticates and it puts me through here right
okay now the question is why is it allowing the authentication
because i'm not logged into github but if i use a private window it
actually prompts me to log into github which is what i would expect right oh jesus
52 prove hey
boom [Music]
interesting
another one jesus can be annoying sometimes can't it
approve [Music] there we go
hmm so if i go to
firefox now right
that's just craziness
oh so firefox when i was testing pwa
i i was testing pwa obviously on on sandbox.jewelry.net and it it had stored there we go it had
stored that in the in the cache which is interesting so that was a test version that that
answers that which is kind of funky um now let's go ahead and am i logged
into github here
not okay and if i go to
storage look at the cookies there's my authentication
cookie from cloudflare
how did it know that it's me
delete all session cookies
i'm just going to delete all this stuff here
all right that's paypal stuff
all right
very interesting it still sees that i am i'm logged in
why works perfect in the let's try a new private window here
so if i go to sandbox.js.net takes me to github exactly how it should
how it should work without a private window so it's still logging me in for some
reason um well at least it's not i know it's not safari it's everything
so let's go ahead and go here
oh i'm already in it access all right
so i got a sandbox admin users allow
users
cancel this and me
cancel
don't even think i need this
i thought i revoked this one
like still there i got that didn't revoke it
i guess it just says those are my current my current month oh these are my current monthly users all the people
that have logged in so you could revoke a session but it's still there duh so that this way you can see
you know who's logged in in my current month because you're allowed 50 users per month right so these are all the
people that have logged in this month um onto my my things got it
and then here you can see all the people that logged in some people that tried to log in
a few minutes ago during the live stream all right and policy changes these you can see all the policy changes
so if you guys just in the uh oh so travis just said he's he tried it so if you guys go to
sandbox.joeworkman.net do you get the login screen even without a private browser um
so yeah i'm in a private browser and uh i mean here let me if i log out of
github oh i'm not even logged in but i authenticated it's probably
probably some sort of
here i'm just going to
yeah saving it somewhere how can i clear like
if we go to websites where can you like privacy
and there's website data
oops
all right remove all remove now
oh i just i just trashed oh no i didn't did okay i wonder if it's seen cloudflare as well
oh cloudflare access look at that it probably stored the stored it under cloudflare access
interesting i'm going to remove all of those just so you can kind of be
copacetic and let's look at github i'm just trying to get to uh
oops
here i'm going to remove all that as well okay
so now let's go ahead and just be safe i'm going to just restart
now it works it must have been a cached website data somewhere right so uh
i had everything set up properly probably in the first 10 minutes but um there we go so now i'm going to log into
github we sign in uh it's going to ask for authentication
36 approve
boom there we go darn it man okay uh let me go ahead and log back into cloudflare
okay so it it guys uh it looks like in the chat it was working for you guys um
and it was something the website it was like you know the cookie the session data was stored in my browser and once i
cleared that data it it required that i authenticate again just kind of show you that you know it it's kind of
interesting that uh you know the authentication worked um and because before i had it set to one i had it set
to one week so that it allowed me to keep logging in for a week right um
so yeah if if you're on a machine that you don't want you want to make sure is you know definitely locked down make
sure that you set that to be not one week because as you see there
i would have i thought if i would have logged out of github on my on my browser that it would have logged me out of
um my site as well but obviously that's not true um
where did i set the access tokens to like a week where was that is that in here
oh oh here so now it's set to expire immediately but when i when i initially created it i did a week right so that
created this token on my browser that allowed me to log in for a week okay so
man i spent like an hour and and i think all the issues that i was
having was because of a um a browser caching
cookie issue um but hopefully you see this now so let me just review this again okay
you go ahead you set up your login domain um i did we did learn that the users
across is i i'm pretty certain uh from what i've seen today that it's
universal across your cloudflare account so it's not 50 users per domain it's 50
users for all of the domains in your cloudflare account okay and they kind of
share this login page domain it seems like okay uh you can create as many login
methods as you want um here i'm using github i do like it i actually kind of like the little
authentication you know token via the ios app it's nice
um you can customize your login screen okay give it a logo and change the colors
okay um and then here you define your access policies so in your access policies this
is where you define um the domains and the paths so for example if i only wanted to do slash
admin okay um and let's say no duration expires immediately and i want to do access
groups users now any in here you could do specific emails or email ending in
to be honest it's probably better to use the groups and kind of keep those two things separate um just for scalability
in the future right so here i'm gonna save this so now that i saved this you should be
able to go to sandbox.joeworker.net without logging in but if you go to slash admin it should prompt you to log
in okay um and then in our access groups um you can create as many groups as you want
here i have said emails with joe uh my email i'm actually gonna change that back to uh emails ending in
uh workmanmail.com
okay and i'm gonna save that that way my son can log in and do his work again
um you don't need to worry about the access app launch or service tokens or short-lived certificates okay
um that's it so in reality if you were setting this up new it would
probably take you 20 minutes okay um maybe even less and again i i did all
this without ever logging into rapidweaver to change anything
um so yeah just just kind of uh
can someone verify in the chat that if you go to sandbox.jorgan.net now oh i guess i could just do a new private
window huh and we'll go to sandbox dot joergen.net
and it lets me it lets me in but if i go to slash admin
it tries to authenticate right cool so private windows for the win should
have should have thought about that a half hour ago
okay so there we go sorry for all the troubleshooting and kind of going around
and around and around um and i'm actually going to verify that i can log into my admin portal again while i'm
here
yeah i can log into my admin portal again okay
cool
man i feel i feel really dumb now
but as you see uh you know how had i set this all up from scratch and not had an existing you know workflow that i was
already using that probably i probably wouldn't have ran into any of that um but uh yeah go through the steps that i
i outlined and um hopefully it should work out well for you um
so yeah anyway hopefully if you guys weren't too bored off your minds um and you learn something new i do think
cloudflare i mean it's clarify access is it's really nice i do like it um
you know you don't need to worry about it especially for temporary things like you don't need if you're like i temporarily
temporarily want to lock down an entire site maybe right and um you know you don't want to have
to worry about you may be throwing page safe on a page and you know having it in a partial across your entire site
that will work um and that gives you some additional abilities that access might not give you
but um access is quick and dirty you can lock down an entire website um and then
have on an authentication engine through any you know those those login methods so um it's a good tool to have in your
arsenal um and uh yeah let's see if there are any questions there um
so then would you have a client open cloudflare account then have them share that with us um yeah that's probably best so you know
because of the whole limit on the number of users unless you're like i'm helping a buddy
out and he just needs one login or something like that right but if you were doing this seriously um yeah you
might want to have you know a a cloudflare account for your client um that way it's all separate anyway
right so your your customer has their own cloudflare account and and whatnot um so yeah maybe post in freelancing group
and ask what other people do right um is it better to have all your clients into your account um if
you want to use access and you have less than 50 clients and they only need one login that could work right
um but you could again you could you know have some issues i don't know
but uh i guess you know it doesn't hurt having that level of
uh you know walled accounts so that all your clients have their accounts this client has his account so on and so
forth right um it's not a bad idea uh when i view the man it's asking for
okay okay so guys i think we're done uh that was
uh cloudflare access hope you enjoyed that um hopefully we'll see you at the hangouts on
on friday if you have any more questions about this or troubleshooting you want to play around let me know
um i'm pretty sure i had all the configurations for this done in like the first 15 minutes and then it was just
yeah browser caching issues julie so um okay take care guys
hopefully we'll see you on friday and we'll see you on the community take care bye
0
{name}
{rating}
{comment}
