(Probably involves the lava lamps.) Here's a diagram that shows how the CORS reverse proxy actually works: In a nutshell, the proxy will respond to the preflight request issued by the Front End App (for example, a web browser) by setting the "CORS allowed" headers: right after that, it will forward the request to the target server, receive its response and send them back to the client app without the same-origin limitations. Switch Config Type to Label, and then in the Key field input the label key listed above and in the Value field input the value as described above. If youre building a home server, I really recommend checking it out. Or sleeping. We lock-down access to specific people we want to give access to via Access policies. After you've setup your reverse proxy for Plex and configured Cloudflare, go into your Plex settings and select Network. This is very important that you do or else Cloudflare might ban your account for breaking the TOS on caching. Click Save and Deploy. Cloudflare's services sit between a website's visitor and the Cloudflare customer's hosting provider, acting as a reverse proxy for websites. Last time I did it I was using Namecheap and it took less then 10 minutes to propagate, so have some patience. Out of the options I tried, Unraid was by far the easiest to get up and running with. I make some adjustments to my site settings in Cloudflare to insure that HTTP requests for the .well-known/acme-challenge path are not redirected to HTTPS, and that responses are not cached. 1.1.1.1 is a public DNS resolver operated by Cloudflare that offers a fast and private way to browse the Internet. Go to Rules > Page Rules and create a new Page Rule. For verification, the account that owns the custom hostname must also own all A and AAAA records for the apex. Yet this component is often overlooked and forgotten, until something breaks. You need to note down the private IP address of the unraid server within your home network. You need to edit the supervisord.conf file to change the hostnames. Click "Save tunnel" Step 3 Install the Cloudflared connector on your host machine where your docker apps live. ## Version 2020/01/07 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/ssl.conf, # Diffie-Hellman parameter for DHE cipher suites, # using generated 2020-01-07, https://ssl-config.mozilla.org/#server=nginx&server-version=1.16.1-r4&config=intermediate&openssl-version=1.1.1d-r3, ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384, # HSTS, remove # from the line below to enable HSTS. How you do this will depend on your router, but its usually under DCHP settings. Under the DNS app of your Cloudflare account, review the Cloudflare Nameservers. The proxy has been designed to run within a Cloudflare Worker, which is freely available for up to 100.000 requests per day; this basically means that you can use this proxy to put any external web page within a