Provisioning Leta server protected by Cloudflare Access

[danielrosehill]

Hi,

I'm sorry for posting this on the discord and never checking if anyone responded. I'm in too many AI servers so ... I should probably stick to Github!

I would ideally like to deploy the ADE & server on the same self-hosted VPS. However, as I understand that that isn't possible, as a second best, the remote server approach seems fine to me (once I can back up the actual agent configs, I'm not too picky how and where the frontend is provisioned, but I definitely need one!)

I like to use Cloudflare to secure everything with personal data on it.

I read the docs and saw the connection to a remote server that is looking for a password and requires HTTPS.

All that seems reasonable. But the only way that I can get authentication past Cloudflare Access is to add a service token to the request.

I can't see a way to do that and would really like to try out spinning up the server.

If by any chance you know of a workaround or plan to address this need in the future, I'd be very grateful.

[cpacker]

Unfortunately we don't support passing custom headers at the moment in the outbound ADE traffic - we hadn't considered this issue / usecase before, will take note and add support in the future if we have bandwidth!

In the meantime, if you need a workaround you can probably do something like:

1. Point ADE at localhost:8283 (the default), or some other "remote host"
2. Run a proxy that routes traffic to your Cloudflare static IP, but with the extra header

For (1), you can even run a microservice on Railway etc. I'm guessing it should be feasible to write a quick and dirty proxy server using Claude/ChatGPT, but I haven't tried it - if you do let me know I'd be curious to hear how it goes. Will try and think of other easy ways to solve you problem too.