rmfakecloud icon indicating copy to clipboard operation
rmfakecloud copied to clipboard
verified publisher icon ddvk

Guide explaining how to set up mTLS with Cloudflare for secure external access

Open donmerendolo opened this issue 1 month ago • 3 comments

Hi 👋, 2 days ago I made a pull request in rmfakecloud-proxy adding support for mTLS: ddvk/rmfakecloud-proxy#26. I now made a detailed guide explaining how to set it up in Cloudflare.

With this, one can sync the reMarkable tablet securely with an rmfakecloud instance from outside the local network, without exposing it directly to the internet and without VPNs. using a Cloudflare Tunnel and checking for client certificate.

donmerendolo avatar Nov 21 '25 20:11 donmerendolo

It looks like you may have forgotten to add the new file when you committed?

Eeems avatar Nov 21 '25 20:11 Eeems

Correct 😅, adding it now

donmerendolo avatar Nov 21 '25 22:11 donmerendolo

Must say it's possible to verify the client certificate in a self-hosted reverse proxy without Cloudflare, though this requires opening a port, but I think it would be pretty secure since the clietnt has to authenticate itself before even reaching rmfakecloud.

I think this approach hadn't been talked about previously (at least I haven't seen it before) because rmfakecloud-proxy does not support client authentication, yet (I hope not for long).

donmerendolo avatar Nov 21 '25 23:11 donmerendolo