

Yes in zero trust > access controls > applications you can specify a web site and then tell it how you want it protected. In its most basic form you can have it email you a login code, but if you link it to either google or Microsoft you can have users of those services use them allowing you to sso straight through.
You can also specify a wildcard *.mydomain.net and then by default anything that is in your domain will be protected. Means when you’re testing something new you won’t forget to lock it down.
You’re correct about media, I use nginx proxy manager for emby, but everything else goes through the tunnels
As for configuring, the cloudflare LLM bot has been trained on all its documentation so it’s one of the few times a chat bot is genuinely useful.
I thought the whole point of this service was to provide internet to places that traditional services couldn’t reach. Meaning they wouldn’t be over populated because those people already have good internet.
Now that I think it through, there’s no way that demographic is generating enough money to make this work.
Whoops?