Cloudflare tunnel setup sharing authentication

[dustessavdh]

Ask a Question!

Hi everyone,

I'm a bit puzzled and can't really seem to figure out what's happening, but it looks like Portainer is sharing authentication details with other users when I run it behind a Cloudflare proxy.

I'm running the default Portainer swarm setup from the website, and I've added a network to it so it can be reachable by the cloudflared services. Then, on the Cloudflare zero trust dashboard, I've added a public hostname to the Portainer instance. This has worked so far, and I've had no problems with it. However, I did discover something that has left me a bit puzzled.
Whenever another user or device goes to the same URL, they're automatically logged in as the user I just logged in. So let's say I have just spun up a new Portainer instance and created an admin user. Then I log in with this new admin user. If I then ask a colleague to go to the same URL, they will be logged in with the same user I just logged in. They can't click on anything because at that point portainer will say they're not authenticated, but they still skip the auth screen.

Is this something that is wrong with portainer, or something that cloudflared is doing?

[Nick-Portainer]

Hi @dustessavdh Can you share a recording or screenshots of this? I have a sandbox Portainer server exposed via Cloudflare Zero trust and I do not experiance this

[dustessavdh]

Hi,
Here is a short recording I made.
I'm using two different browsers and I still get logged in on a different browser.

portainer.mp4

I have one cloudflared instance running on my swarm and for this demo it only consists of 1 manager node.
The cloudflared container is just running with the default command you get when creating a new tunnel from cloudflare e.g.: docker run cloudflare/cloudflared:latest tunnel --no-autoupdate run --token .... And then I've attached it to an overlay network.