Hi,
I'd like to run my Channels DVR behind a Cloudflare Tunnel rather than exposing it to the internet at large via a local port forward. Is it possible to override or otherwise hardcode the URL that Channels uses for Remote Streaming? Plex has a similar feature called "Custom service access URLs" which does exactly what I need -- I'd just like to do the same with Channels.
Thanks!
If you’re hosting it in a manner that you can directly connect to it, just connect to it with the “At Home” option and enter the address.
That's the whole point -- I don't want to be able to directly connect to it. I want to be able to provide my own URL which proxies to the local Channels DVR Server HTTPS interface (the one provided by the Go backend).
This is for when I'm not at home and don't want to directly expose the backend to the Internet using port forwards. I'd rather use a Cloudflare Tunnel which provides another layer of abstraction (admittedly, security through obscurity) by proxying foobar.mydomain.com to the Channels backend.
Presumably the Channels server publishes its IP (and maybe port?) to a centralized Channels service which provides the correct address information for remote Channels clients. I'd just like to be able to override that and provide a static URL of my own which I'll make sure ends up getting reverse proxied to the Channels server address and port.
Similar to what's described here, which I have set up for Plex (sans the access control stuff which I decided I didn't need): Securing self-hosted Plex with Cloudflare Tunnels - Mirio Blog.
Pretty positive this is not supported. You should try tailscale it will give you similar functionality
I’m familiar with Tailscale and also use it. My goal is to use Remote Streaming from an Android TV at my girlfriend’s house without having to set up anything special on her network. The Cloudflare Tunnel stuff does exactly what I need; it provides a public endpoint for a protected origin server, but I need to override however Channels constructs the URL its clients use to reach my DVR server.
It seems like a simple feature request if not supported. 
This will not work as it will not be authenticated.
Your options are using the built in secure Remote Streaming support, or a VPN, which has security built in and accesses the server as if it was local.
IIRC it is against CloudFlare TOS to use tunnel for video streaming
Cloudflare removed that language from their TOS. It's perfectly acceptable now. See: Goodbye, section 2.8 and hello to Cloudflare’s new terms of service
This will not work as it will not be authenticated.
Is this due to the way Channels authenticates clients? What aspect of the authentication implementation would be broken by what's effectively an HTTP proxy in the middle?
FWIW, Cloudflare Tunnels can be configured to forward traffic without any additional authentication. I'm doing it with my Plex server today.
Channels DVR Server will require authentication from any request coming from a non local or Tailscale IP address.
Finally, we made it clear that customers can serve video and other large files using the CDN so long as that content is hosted by a Cloudflare service like Stream, Images, or R2. This will allow customers to confidently innovate on our Developer Platform while leveraging the speed, security, and reliability of our CDN. Video and large files hosted outside of Cloudflare will still be restricted on our CDN, but we think that our service features, generous free tier, and competitive pricing (including zero egress fees on R2) make for a compelling package for developers that want to access the reach and performance of our network.
Cloudflare is much, much more than a CDN, but that wasn’t always the case. The CDN was one of our first services and originally designed to serve HTML content like webpages. ... So, years ago, we added Section 2.8 to give Cloudflare the means to preserve the original intent of the CDN: limiting use of the CDN to webpages.
First, we moved the content-based restriction concept to a new CDN-specific section in our Service-Specific Terms. ... Video and large files hosted outside of Cloudflare will still be restricted on our CDN.
Cloudflare Tunnels don't use their CDN.
Channels DVR Server will require authentication from any request coming from a non local or Tailscale IP address.
Great, I still want authentication. I just want Channels to let me provide a different base URL for accessing my DVR to its clients. Instead of https://<my IP address>:8090, I want to use https://channels.mydomain.com which will relay all traffic to my DVR service on the correct port, inserting X-Forwarded-For along the way.
Unfortunately, that’s not how our Remote Streaming works.
I was able to get reverse proxy to work with the Web URL only but not any of the apps using Caddy. So https://channels.domain.com > http://x.x.x.x:8089. Which works with any browser outside of my home if I watch live tv on the web. Seems like all we'd need is the ability to enter a custom URL in the app.
I was able to get reverse proxy to work with the Web URL only but not any of the apps using Caddy
That's awesome. I gave up on this thread because the Channels folks didn't seem interested in making it work, and I got piled on about "OMG Cloudflare you're doing it wrong!!", when in fact what I want to do is permitted according to their TOS. 