Originally aired on January 25 @ 5:30 PM - 6:00 PM EDT
Join Jeremy for an overview of how he uses Cloudflare to help secure everything from Minecraft servers, to websites, to his family's home network.
He may still be in high school, but that hasn't kept Jeremy from becoming an expert on all sorts of practical and creative uses of Cloudflare's product suite, including Cloudflare Spectrum, Acccess, Argo Tunnel and more!
Have any sales questions? Contact Melissa at email@example.com
Hey everyone, welcome to Cloudflare TV. My name is Melissa Lowe and I am a business development representative on the sales team here. I'm also joined today with Peter Yoakum who is one of our very best solutions engineers and he and I have the awesome opportunity to interview Jeremy who is an amazing Cloudflare user really and our special guest for today. So we'll kick it off really quick with a real easy question for you Jeremy. Tell us a little bit about you and tell us how you came to learn and start utilizing Cloudflare. So yeah hey guys my name is Jeremy. I'm a high schooler and over this past summer you know everyone's been in quarantine so I really wanted to find a way to be able to it actually all started with me trying to find a way to connect with my friends. So I first found out Cloudflare when I was trying to host Minecraft game servers for my friends and for them to be able to connect to me and play games together through the Internet. So yeah I first my first solutions for this were kind of messy you know of course there's your standard port forwarding which is just forwarding all the traffic from the Internet through your router to your local network and at first when I tried this it was actually really insecure. You know web crawlers found my open ports within hours and started spamming me. Then I looked then I tried to find this these solutions using hot proxy for example which is like this open source piece of software that allows you to take a Minecraft connection and pipe it through a proxy posted on like an AWS server for example. And this solution wasn't really that great as well because you know everything's command line based. I really wanted just like a simple graphical user interface. So that's actually how I did some digging and that's how it came to Cloudflare first and their spectrum app is what one of is what kind of drew me to it. I don't need to explain this to Melissa and Peter but the spectrum app it takes my traffic my Minecraft traffic and accelerates it through Cloudflare's network from anywhere in the world. So I can play with my friends from Australia, Britain, literally anywhere and I'll get and they'll get the lowest ping time and latency possible. So that's kind of kind of why I started doing it. Thanks so much for walking us through that Jeremy. Can you tell us a little bit about where the solutions that you were trying with hot proxy or some of the other reverse proxies you might have attempted where what was kind of some of the challenges that you that you were encountering? Some of the big challenges actually were that hot proxy well it's command line based. That's the first thing and also another thing was it's one instance of hot proxy. So I rented a free server in Chicago or something like that because I was the closest one to me and this is an exaggeration but if I had everyone's connections proxied through Chicago if you lived in Chicago your connection would go from you to Chicago's proxy then to me. That's pretty optimal and it's good but for example if you lived in LA then your connection would go from LA to Chicago back to my server which is in the west and this would cause this is this is an exaggeration but latency would basically doubled in this instance and with Cloudflare you guys have your amazing edge network and data centers in you know almost every like to over 200 cities right so we've got over 200 co-locations we're within 100 milliseconds of 99% of the Internet connected world and that's how you know that's how I get people's ping times from 400 milliseconds to my Minecraft server in Australia all the way down to like you know sub 100 so that's really awesome and it has an added benefit of keeping me safe so all the traffic is proxied through Cloudflare it's like the bouncer to my club you know they have to talk to Cloudflare before they can get to me um and yeah this and this you know kind of segues us into some of the other solutions I've been figuring out for myself with Cloudflare. Sure tell us a little bit about that. Actually Peter before we get too far into that I was wondering so I'm admittedly not a super technical person uh and I just kind of wanted to know Jeremy was this like super difficult to figure out using the Cloudflare side stuff or was it an afternoon for you what did that build out look like um I from when I started this I did not know any networking it was from you know square zero um and with a little bit of Cloudflare documentation and some googling it was I got the Minecraft server working in an afternoon's time um and then after that um you know I looked a and I got all my uh access stuff set up a couple weeks later so that was pretty cool. How are you using Cloudflare access today? So um I wanted to be able to access for example my file server my media server um my home assistant control panel um for example my Grafana metrics dashboard all remotely um and I wanted a safe way to do it without exposing ports to the Internet um for example actually a couple nights ago I wanted to RDP home from a when we were on vacation I wanted to RDP home so I opened up those ports and I logged it onto my computer to do some school stuff and within hours six hours it got found by a web crawler and um I had a security software on my computer that you know quickly found it and blocked it but um it was found by a web crawler and they started brute force attacking my RDP connection so that was pretty um that was pretty interesting and with Cloudflare um I really like it because before you even get to me at all you have to prove to Cloudflare that um you know you are you uh using like Google OAuth or um 2FA email so that's pretty cool. Excellent. Can you tell us a little bit about um what that RDP solution that you had built looked like previously? So previously I um enabled RDP on the PC and forwarded the port. Pretty pretty pretty yeah pretty dangerous and jank um. And what does that look like today? Now I have a little script on my desktop and when I double click it it gets me authenticated with Cloudflare. If my session's expired I just go to Google OAuth click two buttons and I'm logged into RDP. Excellent. Can you tell us a little bit about some of the other solutions or products that you put behind Cloudflare? Yeah do you want me to show you my game panel real quick? Absolutely. Yeah that'd be awesome. Okay so um how do I there we go let's get that going. Um so this is what my game server looks like. Here we have a bunch of instances of Minecraft, of Prometheus monitoring server, and proxies I've been running. So for example here's the server and everything here is I get a terminal, I get a file manager for the server, and this is all open source software that I've self -hosted. And what's really neat about this is it's proxied through Cloudflare using the Cloudflare daemon that sits on my network and it acts as a reverse proxy. So for all my other services for example let's see let's go to Synology Drive for example. I want to play that out. For Synology Drive I have a home media server and all of it's on the local network and Cloudflare which is the daemon that I've installed and ran it acts as a reverse proxy. So I don't even need to do any port forwarding everything goes through Cloudflare and I just at the end I just make rules and I say hey if the domain equals this then send the traffic to this computer. So it's a little bit of a simplification but that's really neat and I like it a lot. Also because that it's much more of an intuitive process I used to use here's some other services that I set up. So this is my Hyper-V manager this is all the virtual machines I've set up with and there you can see is the Cloudflare daemon. I used to use nginx or nginx for my reverse proxy and that was completely command line based. There was no interface there was nothing you could no pretty buttons and I couldn't even get it to work so I'm really really grateful for you guys. So it sounds like some of the Cloudflare solutions helped kind of lower the technical lift for getting you to proxy some of these services that you wanted to make available publicly. Yep. I understand that there were some scripts that you helped write to be able to kind of accommodate your setup. Are you able to tell us a little bit about some of the unique kind of solutions that you've built to kind of configure your Cloudflare setting? Of course. So I am not a business. I have a residential Internet connection so my IP address changes every two weeks and this is just you know this is just my Internet service provider doing its thing and the problem with this is that then when the IP address changes for me every two weeks my all the SRV records all the A records on my Cloudflare dashboard and DNS they would get basically set to the wrong IP addresses and of course I could go manually set that up and manually go and change them every two weeks but I don't know I don't like that I don't like you know it's boring. So you can automate it now. I originally my Google DNS was my DNS of choice until I found out you know Cloudflare was this better service with look I think what was your propagation time again for your DNS service? Our DNS propagation is generally pretty quick though overall the performance of our DNS or authoritative DNS provider we generally rank around the top providers on the Internet. So for a bit of my previous DNS provider when I made a record change it would take up to 48 hours for that to take effect and that was just you know I was experimenting I was new to networking so it was kind of hard for me to learn with something that like it's like you can only test it you can only test your setup once every 48 hours and plus when my IP address changed then I need to go back and set all that again. So with Cloudflare they have a awesome API with amazing documentation that I've been able to set up a quick couple scripts with so that when my IP address changes it goes to Cloudflare and makes a post request and changes all of my records and settings automatically. Awesome it sounds like you've built quite the DevOps tooling yourself. It's actually just a pretty botched together Python script but it works so yeah. Excellent you'd mentioned earlier that you're using Prometheus are you currently using Cloudflare to proxy any of your analytic services or anything? I am actually. So I have a couple services where I just set up with Grafana which is a monitoring software or yeah monitoring software and it can basically show me some metrics of how my network's doing. I have PyHole set up so it's a recursive DNS server self -hosted and it blocks ads for me so that's pretty cool. And then we have some speed test diagnostics. Grafana has this really cool thing called synthetic monitoring so once every hour it pings my servers and checks if they're checks their status basically and my Minecraft metrics are here as well. That's awesome and then everything else this all kind of sits behind that access that you have that you set up Cloudflare to be able to protect this kind of thing so that way whoever can't come in and like see it and use it right? Yeah so if I open up an incognito window here actually and try to go to my metric server you'll get Cloudflare access first and with Google OAuth you know it's the gold standard for authentication these days so yeah it's pretty cool. Got it. Of course also all these services are proxy behind Cloudflare so I have my virtual machines here you can see here is the Cloudflare daemon that's hosting my Argo tunnel and managing all those connections. So actually can you tell me a little bit more about the Cloudflare daemon? Like was it easy to install onto your computer and you see any like interruptions between like turning it on and turning it off that kind of thing? So as far as time it takes to get going the Cloudflare daemon is basically it kind of manages itself honestly whenever any tunnels get interrupted it reconnects automatically. Here we just see one of my servers is down so that's why we have some errors but here are the ingress rules super easy and in this nice json format so or not json sorry in this format so super easy to set up much more intuitive than the you know bizarro oh it wasn't bizarre but it was basically all command line based for my previous Nginx proxy setup. And yeah you know if I wanted to add a new service I would the basic workflow goes like this I get the IP address of my service basically I don't know for example let's grab my other media server so and if I wanted to be able if I wanted this to be accessible you know through the open Internet I would go to Cloudflare I would make a CNAME record and I would just say you know mediaserver.jeremysdomain.com points to my arco tunnel and then with this arco tunnel I can say then you know whenever you get a connection from mediaserver.jeremysdomain.com point it to this IP address and that's kind of the basic workflow once it's set up adding a service literally takes you know five minutes yeah that's it. Nice that's awesome thanks for sharing that. Let's see if I have yeah and if I ever want to access any of my computers remotely I have a little Apache BlackMole server set up so computer seems to be off but there we go I can access all of my or my the two computers in our house through the Internet and usually this would be an awful idea because like you know it's it's basic rudimentary open source software so you know hackers always have their ways of getting through you know simple logins but it's protected by Cloudflare access so I don't have any worries. That's awesome. It's like a little computer in your browser you know you can watch watch YouTube whatever you want. That pterodactyl service is that the games console that you were referencing earlier? Yeah pterodactyl is the open source software that I've been using to self host my games. Excellent. What sorts of other metrics are you tracking with Prometheus or Grafana? With Grafana I've I've been just playing with it recently I'm pretty new to it but I've been tracking my Minecraft server I've been tracking my system memory and CPU usage and I'm working on integrating my media server into it so that's work in progress. Excellent and what sorts of functionality are you looking to do with your media service once you've got that proxy? Hopefully once I get that all set up I'll be able to set up a Plex media server which is a way for your friends and family to watch your movies there's no reason for everyone to have their own subscription for movie services and streaming services. Plex is an all-in-one solution to have everything it's a self-hosted solution and have everything basically go through my media server so besides that I was actually able to use my media server this weekend when I was away on vacation with my family I needed to access files for a video for my school and through the media server I was able to go online grab the files download them and work on my video remotely. Excellent. Are you able to share about any other projects that you're working on? I think we've gone through most of them. Tell me a little bit about what's next then. Actually before we jump into the future I have a couple of questions that have come up while talking to you Jeremy. So I remember you had kind of mentioned to me beforehand that you're actually able to change like the temperature of your house. I am yes. From wherever in the world? From wherever in the world. So you want me to show you that real quick? Yeah let's take a look at that. It's called Home Assistant and it's truly kind of awesome. So home automation currently is kind of like most big companies are moving in that direction but their solutions aren't really they don't connect that well. I'm sure you have some smart thermostat so you can control with your with a phone app and then you have your garage door that you can control the phone app and then your pool that you can control the phone app. So it's not you know then you end up with 10 apps and it's not very connected. So what Home Assistant does is it takes all those things and kind of unifies them into one nice neat dashboard. So we have our home audio set up here. It's playing some maroon 5 right now. We have my bedroom thermostat set up and all those things. And what's really cool is you can integrate basically anything with Home Assistant. Anything that's Internet connected you can integrate connect with it. So that's my little side project recently. And how is how does Cloudflare come into this? So remotely if because I usually access my Home Assistant server through an IP address. So that would be this local IP address 192.168.1.128. And if I tried to do this from a computer outside my local network it wouldn't work. So I've gone over this previously but you can portboard the service and that would just be allowing anyone in the Internet to go to my IP address and see this panel. But then that makes me vulnerable to bot attacks. So then like people can spam the service and like try to brute force the password. Which is you know kind of bad considering you know all your thermostats are on here. All your home media server integrations are on here. So Cloudflare comes in by stepping in the middle of it. So if I go to home there we go. All of it gets proxied through Cloudflare. So again it's the bouncer to my club. It everything has to go through Cloudflare first. Which I think is really neat because you know it's like all of Cloudflare is my personal you know my personal protector. And it's really what it's doing is standing in the middle so. Excellent. And using Cloudflare tunnel you're able to create those outbound connections to Cloudflare's edge without needing to expose ingress ports at your private network. Yeah even with you know even with Nginx the another you know reverse proxy solution. I had to expose you know a couple ports for to get basic functionality. Well Cloudflare basically works. You know there's some setup you have to authenticate through its web GUI. But once it's set up it's you know yeah really smooth. So you mentioned that you were in high school. So I'm just curious have you always been into this kind of networking coding Python kind of thing. Is it something new for you because I mean I'm well out of high school and have no idea how I would be able to set this up or figure it out on my own. So how did like how did you come to getting into this and being able to figure out how to read the codes and do the command lines and port forwarding and all that. So actually about a year ago I didn't have I wouldn't be able to tell you you know like you know like how does this work or how I could port forward a service. A year ago I had no networking no networking knowledge. And it all started with that Minecraft server. You know getting to be able to have my friends play on it and then remote monitoring remote management. And that kind of spiraled into this tunnel of like you know how far can I go you know while safely keeping myself protected. And so Cloudflare has been the I it's like without Cloudflare I wouldn't be able to do this safely. You mentioned your friends. Are you able to also help them with their setups or is it something that's easy to teach I guess? It's very easy to teach actually. I my my dad's friend has a little company and they have an internal project tracker. And they had to have their clients VPN in to their home to their office network to be able to access their internal tracking tools. And I hung out with them one weekend and I was like hey you guys this is some really awesome software. It takes 30 minutes to set up. Set up all your ingress egress rules and then a quick Cloudflare account you know free account. That's all it takes. That's awesome. That's awesome. So how do your parents feel about all of this? I think my dad was mostly more concerned back in my port forwarding days. I have a list of 20 computers that were all just like exposed. And yeah it was it was a little bit risky. I'm not going to because all they do is just crawl the Internet and look for these vulnerable devices. What's next for you on what are some of the projects that you're considering? So yeah I really want to get into more of these DevOps networking type fields. So I've been working on my own web application for school and my homework tracking. And of course you know integrating it with Cloudflare. I've been also trying to get Plex media server set up so all my friends and family can use this a self-hosted streaming service. And I've been working on a Minecraft network with my friends. So you know we actually have a public server and people play on it and we like to make custom things and custom games. That's excellent. That's awesome. Peter do you have any words of advice for this obviously young buddy DevOps engineer coming our way one day? I say keep on doing what you're already doing. Obviously you've taken it upon yourself to learn a tremendous amount on your own and that's a wonderful and admirable sort of pursuit. Staying curious is always the number one sort of thing that I would tell anybody looking to expand their horizons in tech and I think you've got a pretty good attitude and or you've already oriented towards that yourself. I'm looking forward to kind of seeing how some of your projects are progressing on Cloudflare and please do kind of keep us apprised as they kind of as you continue to work on them. We'd love to have you back you know here on Cloudflare TV in the future and that way we can ask you again. This is great yeah thank you. Keep in touch with us Jeremy for sure. I want to thank everyone for tuning in to this Cloudflare TV segment. Hopefully we'll have Jeremy on here again really soon. Peter it is always a pleasure and I hope you all enjoyed it too. Please be sure to come visit us again and again and again for a whole bunch of really awesome Cloudflare content. Likewise Melissa and Jeremy. Pleasure was all mine. Thank you so much for joining us. Have a wonderful rest of your day. Thank you. Thanks Jeremy. What is a bot? A bot is a software application that operates on a network. Bots are programmed to automatically perform certain tasks. Bots can be good or bad. Good bots conduct useful tasks like indexing content for search engines, detecting copyright infringement, and providing customer service. Bad bots conduct malicious tasks like generating fraudulent clicks, scraping content, spreading spam, and carrying out cyber attacks. Whether they're helpful or harmful most bots are automated to imitate and perform simple human behavior on the web at a much faster rate than an actual human user. For example search engines use bots to constantly crawl web pages and index content for search. A process that would take an astronomical amount of time for any human user to execute. you