These are instructions on setting up Access in front of a origin serving WebSockets. This example contains client code for a client that authenticates through Access using mTLS.
In the Cloudflare Dashboard, configure an Access policy that contains a service token. The developer docs has steps on how to do this:
https://developers.cloudflare.com/access/service-auth/mtls-testing/ https://developers.cloudflare.com/access/setting-up-access/configuring-access-policies/
A easy way to test this is using Argo Tunnel. This can be configured following the developer docs here:
https://developers.cloudflare.com/access/setting-up-access/argo-tunnel/
Assuming that is complete, after starting the test WebSocket server both on the default localhost:8000, Argo Tunnel can serve traffic using this command:
cloudflared tunnel --hostname <your-domain-here> --url localhost:8000
running go run client.go
will start the client. For this example, a client certificate is used to authenicate through the Access policy. The default client certificate name is client-ca.pem
, but can be modified using the -cert
flag. The client certificate generated in the docs open may need to be concatenated to provide the full client certificate to the request.
The server can be run with go run main.go
. It will serve WebSocket traffic on port 8000. An addr flag can change the address if desired.