Configure Cloudflare as Reverse Proxy
To set up Cloudflare as a reverse proxy, a Cloudflare Enterprise Plan with the following features is required:
Host Header Override: Using Page Rules to Re-Write Host Headers (Cloudflare Support)
True-Client-IP Header: What is True-Client-IP? (Cloudflare Support)
Complete the steps on Configure Custom Domains with Self-Managed Certificates if you haven't already. Make note of the Origin Domain Name and cname-api-key values since you'll need these later.
Configure a CNAME setup with Cloudflare.
Once Cloudflare has verified your domain, log in to the Cloudflare Dashboard.
Create a new Cloudflare Page Rule with the following settings:
Setting Value Host Header Override Enter <CUSTOM_DOMAIN_ID>.edge.tenants.auth0.com
, replacing<CUSTOM_DOMAIN_ID>
with the custom domain ID from the Origin Domain Name you received from Auth0. If your tenants are not in the US region, use one of the following:- EU:
<CUSTOM_DOMAIN_ID>.edge.tenants.eu.auth0.com
- AU:
<CUSTOM_DOMAIN_ID>.edge.tenants.au.auth0.com
- JP:
<CUSTOM_DOMAIN_ID>.edge.tenants.jp.auth0.com
True-Client-IP Select Enable. - EU:
Next, create and deploy a new Cloudflare Worker for the configured CNAME using the following script. Replace
<CNAME_API_KEY_VALUE>
below with the cname-api-key you received from Auth0:addEventListener('fetch', event => { event.respondWith(handleRequest(event.request)) }) async function handleRequest(request) { request = new Request(request) request.headers.set('cname-api-key', '<CNAME_API_KEY_VALUE>') return await fetch(request) }
Was this helpful?/
Configure Auth0
Use the Management API Update Custom Domain Configuration patch endpoint with the following in the body:
{
"tls_policy": "recommended",
"custom_client_ip_header": "true-client-ip"
}