Cloudflare and passwords sent to servers
by axolinx from LinuxQuestions.org on (#6PBEQ)
Question for networking gurus who understand about how TLS and Cloudflare work.
I have a Nextcloud instance running in docker and ubuntu server. Been using Let's Encrypt from the beginning. I had this server setup with a subdomain
cloud.mydomain.com and the subdomain set straight to the server's IP address from the domain's DNS pannel.
Now i setup a Cloudflare account and pointed the domain DNS settings to cloudflare.
The subdomain to my nextcloud server is set as "Proxied" in cloudflare's DNS panel.
Everything working fine.
Now my question is this...
The SSL certificate was already set as i mentioned, and i see Let's encrypt if i click in the padlock next to the URL of my nextcloud instance when i access my server's nextcloud web portal. I see the same certificate whether I set the subdomain in Cloudflare to proxied or DNS-only mode.
So is there anyway cloudflare can see the login credentials being sent from the client to the server?
I setup cloudflare with SSL/TLS encryption mode in Full (strict) mode.
Additionally, i setup a different server in a different location (IP), using the Cloudflare zero trust tunnel client. So any subdomains i add to that and any local service i open in that server without any certificates installed (http) are automatically protected by "Google Trust Services" certificates provided by cloudflare. In this case, i am aware the login credentials sent to this specific server are read in plain text by cloudflare, so nothing sensitive here.
I am just concerned about the nextcloud server.
Thanks for any input.
I have a Nextcloud instance running in docker and ubuntu server. Been using Let's Encrypt from the beginning. I had this server setup with a subdomain
cloud.mydomain.com and the subdomain set straight to the server's IP address from the domain's DNS pannel.
Now i setup a Cloudflare account and pointed the domain DNS settings to cloudflare.
The subdomain to my nextcloud server is set as "Proxied" in cloudflare's DNS panel.
Everything working fine.
Now my question is this...
The SSL certificate was already set as i mentioned, and i see Let's encrypt if i click in the padlock next to the URL of my nextcloud instance when i access my server's nextcloud web portal. I see the same certificate whether I set the subdomain in Cloudflare to proxied or DNS-only mode.
So is there anyway cloudflare can see the login credentials being sent from the client to the server?
I setup cloudflare with SSL/TLS encryption mode in Full (strict) mode.
Additionally, i setup a different server in a different location (IP), using the Cloudflare zero trust tunnel client. So any subdomains i add to that and any local service i open in that server without any certificates installed (http) are automatically protected by "Google Trust Services" certificates provided by cloudflare. In this case, i am aware the login credentials sent to this specific server are read in plain text by cloudflare, so nothing sensitive here.
I am just concerned about the nextcloud server.
Thanks for any input.