I'm currently setting up SMB over QUIC with Kerberos authentication using a KDC Proxy and it's been working well when I connect it directly. My setup goes like this: Client connects to the KDC Proxy over HTTPS, which then communicates with the Domain Controller, while the Client also connects to a File Server using QUIC. I've confirmed that Kerberos tickets are successfully obtained through the KDC Proxy. Now I want to know if anyone has successfully run a KDC Proxy behind a Cloudflare proxy.
2 Answers
Actually yes! I've validated a setup with Cloudflare in front of the KDC Proxy. It was all smooth sailing; the Kerberos over HTTPS worked seamlessly! The TLS was terminated at Cloudflare's edge, and everything else was handled by my Apache reverse proxy to the KDC Proxy. I felt more secure having it behind Cloudflare, so I get that you’re considering this setup!
I can't speak for the KDC Proxy specifically, but I have successfully used SMB over QUIC behind an Nginx setup without any issues. We also did TLS termination there and kept a long-lived cert for the backend. That setup seemed to work just fine, so there’s potential for Cloudflare as well!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures