Skip to main content

Cloudflare Access Setup

This guide covers configuring Cloudflare Access to protect the internal documentation site using GitHub as the identity provider.

Overview

Cloudflare Access provides Zero Trust authentication for the docs site:

  • Users authenticate via GitHub OAuth
  • Only DocuStack GitHub org members can access
  • No authentication code in the application - purely infrastructure

Prerequisites

  • Cloudflare account with the domain configured
  • Cloudflare Pages project deployed
  • GitHub OAuth application (or use Cloudflare's built-in GitHub integration)

Setup Steps

1. Enable Cloudflare Zero Trust

  1. Go to Cloudflare Zero Trust Dashboard
  2. Select your account
  3. Navigate to AccessApplications

2. Create Access Application

  1. Click Add an application
  2. Select Self-hosted
  3. Configure:
    • Application name: DocuStack Internal Docs
    • Session duration: 24 hours (or as needed)
    • Application domain: docs-internal.docustack.app

3. Configure GitHub Identity Provider

  1. Go to SettingsAuthentication
  2. Click Add new under Login methods
  3. Select GitHub
  4. Configure:
    • Use Cloudflare's managed GitHub integration, OR
    • Create a GitHub OAuth App and enter credentials

4. Create Access Policy

  1. In the application settings, go to Policies
  2. Create a policy:
    • Policy name: GitHub Org Members
    • Action: Allow
    • Include:
      • Selector: GitHub Organizations
      • Value: docustack (your GitHub org name)

5. Verify Configuration

  1. Open an incognito browser window
  2. Navigate to https://docs-internal.docustack.app
  3. You should be redirected to GitHub login
  4. After authentication, verify access is granted

Cloudflare Pages Integration

The Access policy automatically protects the Pages deployment. No additional configuration needed in the Docusaurus application.

Build Settings (Cloudflare Pages)

SettingValue
Build commandnpm run build
Build output directorybuild
Root directory/
Node.js version18

Troubleshooting

User Can't Access

  1. Verify user is a member of the GitHub organization
  2. Check Access logs in Zero Trust dashboard
  3. Ensure the policy includes the correct GitHub org

Redirect Loop

  1. Clear browser cookies for the domain
  2. Verify the application domain matches exactly
  3. Check for conflicting Access policies

Security Considerations

  • Access tokens are short-lived (configurable session duration)
  • All access attempts are logged in Cloudflare
  • GitHub org membership is verified on each authentication
  • No credentials stored in the application

Cost

Cloudflare Access is free for up to 50 users. For larger teams, see Cloudflare Zero Trust pricing.