Hi,
I'd like to run my Channels DVR behind a Cloudflare Tunnel rather than exposing it to the internet at large via a local port forward. Is it possible to override or otherwise hardcode the URL that Channels uses for Remote Streaming? Plex has a similar feature called "Custom service access URLs" which does exactly what I need -- I'd just like to do the same with Channels.
Thanks!
If you’re hosting it in a manner that you can directly connect to it, just connect to it with the “At Home” option and enter the address.
That's the whole point -- I don't want to be able to directly connect to it. I want to be able to provide my own URL which proxies to the local Channels DVR Server HTTPS interface (the one provided by the Go backend).
This is for when I'm not at home and don't want to directly expose the backend to the Internet using port forwards. I'd rather use a Cloudflare Tunnel which provides another layer of abstraction (admittedly, security through obscurity) by proxying foobar.mydomain.com to the Channels backend.
Presumably the Channels server publishes its IP (and maybe port?) to a centralized Channels service which provides the correct address information for remote Channels clients. I'd just like to be able to override that and provide a static URL of my own which I'll make sure ends up getting reverse proxied to the Channels server address and port.
Similar to what's described here, which I have set up for Plex (sans the access control stuff which I decided I didn't need): Securing self-hosted Plex with Cloudflare Tunnels - Mirio Blog.
Pretty positive this is not supported. You should try tailscale it will give you similar functionality
I’m familiar with Tailscale and also use it. My goal is to use Remote Streaming from an Android TV at my girlfriend’s house without having to set up anything special on her network. The Cloudflare Tunnel stuff does exactly what I need; it provides a public endpoint for a protected origin server, but I need to override however Channels constructs the URL its clients use to reach my DVR server.
It seems like a simple feature request if not supported. 
This will not work as it will not be authenticated.
Your options are using the built in secure Remote Streaming support, or a VPN, which has security built in and accesses the server as if it was local.
IIRC it is against CloudFlare TOS to use tunnel for video streaming
Cloudflare removed that language from their TOS. It's perfectly acceptable now. See: Goodbye, section 2.8 and hello to Cloudflare’s new terms of service
This will not work as it will not be authenticated.
Is this due to the way Channels authenticates clients? What aspect of the authentication implementation would be broken by what's effectively an HTTP proxy in the middle?
FWIW, Cloudflare Tunnels can be configured to forward traffic without any additional authentication. I'm doing it with my Plex server today.
Channels DVR Server will require authentication from any request coming from a non local or Tailscale IP address.
Finally, we made it clear that customers can serve video and other large files using the CDN so long as that content is hosted by a Cloudflare service like Stream, Images, or R2. This will allow customers to confidently innovate on our Developer Platform while leveraging the speed, security, and reliability of our CDN. Video and large files hosted outside of Cloudflare will still be restricted on our CDN, but we think that our service features, generous free tier, and competitive pricing (including zero egress fees on R2) make for a compelling package for developers that want to access the reach and performance of our network.
Cloudflare is much, much more than a CDN, but that wasn’t always the case. The CDN was one of our first services and originally designed to serve HTML content like webpages. ... So, years ago, we added Section 2.8 to give Cloudflare the means to preserve the original intent of the CDN: limiting use of the CDN to webpages.
First, we moved the content-based restriction concept to a new CDN-specific section in our Service-Specific Terms. ... Video and large files hosted outside of Cloudflare will still be restricted on our CDN.
Cloudflare Tunnels don't use their CDN.
Channels DVR Server will require authentication from any request coming from a non local or Tailscale IP address.
Great, I still want authentication. I just want Channels to let me provide a different base URL for accessing my DVR to its clients. Instead of https://<my IP address>:8090, I want to use https://channels.mydomain.com which will relay all traffic to my DVR service on the correct port, inserting X-Forwarded-For along the way.
Unfortunately, that’s not how our Remote Streaming works.
I was able to get reverse proxy to work with the Web URL only but not any of the apps using Caddy. So https://channels.domain.com > http://x.x.x.x:8089. Which works with any browser outside of my home if I watch live tv on the web. Seems like all we'd need is the ability to enter a custom URL in the app.
I was able to get reverse proxy to work with the Web URL only but not any of the apps using Caddy
That's awesome. I gave up on this thread because the Channels folks didn't seem interested in making it work, and I got piled on about "OMG Cloudflare you're doing it wrong!!", when in fact what I want to do is permitted according to their TOS. 
This seems like a pretty easy ask. In my particular case, I have poor peering between two ISPs where I routinely work and live. Tailscale doesn't help with this, as it's still creating a point to point connection between the two machines and traverses the poor peering. A high bandwidth DERP server might help, but it's a super edge case for tailscale (would have to try to force DERP on everything...ugh). The obvious solution is that I'd like to host a reverse proxy in a VPS that they both have good peering to, but thats apparently not possible?
After some more considering, I was able to solve this problem (I think) with tailscale and nginx.
Steps to recreate:
Install tailscale on DVR host (in my case, a mac mini). Untested with the integrated tailscale in the DVR, but I suspect it would work.
Install tailscale on VPS and join it to the network
Create an nginx config that looks something like this on the VPS host:
nginx.conf:
# nginx.conf
worker_processes auto;
events {
worker_connections 1024;
}
stream {
server {
listen 8089;
proxy_pass <channels DVR tailnet IP>:8089;
}
}
docker-compose.yml file that looks like this:
version: '3.9'
services:
nginx:
image: nginx:latest
container_name: nginx-stream
ports:
- "8089:8089" # Expose port 8089 on the host
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro # Mount the custom config file
restart: unless-stopped
docker compose up -d and then enter the tailnet IP of the VPS as an "at home" server manually and it all seems to work.
Can any dev respond why DNS names can not and do not work in the local config box and instead only works with an IP address? Every OS framework for HTTP stacks supports DNS natively. What's the restriction here?
All of the above use cases are valid and are made very difficult if not impossible to work. We are above average network admins for hosting Channels DVR in the first place. Hosting a server for a paying service is not something Joe average does too easily. We should be supported for our use cases. (In my case, I'd like to have Cloudflare use proxied DNS with a custom subdomain to front my public internet-facing Channels connections)
If you use a proxy, that will trigger authentication in the app, which the app is not designed to do.
Supported methods of connecting Channels to Channels DVR Server is: