Tiny Tiny RSS: Community

Cloudflare Access for control and access of TT-RSS

Anyone tried using Cloudflare access for limiting use to TT-Rss.

It can also use other authentication platforms (which would require tt-Rss to pass through authentication.

I do use it, and my firewall and server will only allow Cloudflare IP’s.

I do have to exempt the API for app access though, would be nice to have some sort of solution for that, but it does work well.

Do you have ttrss authentication still used?
And do you run ttrss as a subdomain (ttrss.mydomain.com). Or a subpage (www.mydomain.com/ttrss)

I wouldn’t mind seeing how you’ve set it up in cloudflare, and especially how an app using api access is handled. My first attempt I killed my api access for my phone

I created an access policies for the API and then an access policy for everything else. The API is setup as bypass. As far as the main policy, I don’t think I was able to get it to work with an access group, I vaguely remember having issues. So I just use the emails option under include and put in the emails I want to have access.

I only allow port 80 through from IP’s that belong to cloudflare on my firewall, and I also only allow IP’s that belong to cloudflare with nginx. Not doing so means anyone with your IP bypasses cloudflare access.

This is what my bypass policy looks like.

So does that mean if anyone navigates to the api url, it’s technically not controlled? Especially if the domain is controlled by cloudflare for dns as well?

you don’t need any special rules for tt-rss api endpoint if you’re using cloudflare at default settings, i have my personal website behind it and it just works with the android app.