Can I use andorid or iphone app to connect to cloudflare with 2FA?

[SteveGreenBloke 8]

Hey everyone.  So I am posting here because I am running emby on a qnap.  I just set up a cloudflare account and am running Cloudflare Zero Trust Access with some 2FA.  I can get to this using my phone's browser, but not with the app.  I can add this to my nzb360 as a web interface and it works.  In the past I think  the app there were some dots that I could select and Ignore certificate errors (temporarily, just to confirm), but that isn't there now.  

Do I just need to use the phone's browser to log in and not use the app if I want to go through cloudflare?

Thanks

 

Steve

[Luke 42077]

Hi, there were never dots. What happens is anytime you first connect to a server that is using an untrusted certificate, it will prompt you to manually approve it.

What exactly is happening?

[SteveGreenBloke 8]

So I have an android which I have locally connected and I have an iphone that I just installed the app that I am trying to connect.  I don't have local access with this device.  When I launch the app I get the welcome screen then next.  I can sign in with connect, skip to connect manually or nw user sign up (which I am not).  When I put in my fqdn for my server (this is cloudflare) with https:// and no port (tried 443 and 8080) it says cannot connect.

When I sign in with emby connect, it will allow me to add a server, but when I try to add my cloudflare fqdn (that had 2fa) it never connects.  It says cannot connect.  I suspect that it cannot handle the 2fA

 

It says, Unable to Reach Server.  We're unable to connect to the selected server right now.  Please ensure it is running and try again.  Button says got it.

Edited October 30, 2025 by SteveGreenBloke

[Luke 42077]

Quote

https:// and no port (tried 443 and 8080)

@SteveGreenBlokewell it can't be both, right? Which port should it be? Which have you setup?

[catherder_kira 0]

The port should be 433 given that it is https and that does not work.  cloudflare tunnel will then translate the fqdn into an IP and port for emby.  So I think the issue is that the App is hitting the F2A wall and not connecting.  I didn't know if I need to put in the port given that default port for https is  443

 

Thank you.

[Luke 42077]

Quote

So I think the issue is that the App is hitting the F2A wall and not connecting.

Does this require some customized support for it?

[SteveGreenBloke 8]

I think so.  Is that possible?  Until then I'm going to remove the 2FA wall.  It would be nice to have the ability to have a more locked down connection to my server that is exposed to the internet other than just the login wall that is on my emby server...

[SteveGreenBloke 8]

So I was able to make this work.  The App cannot handle the connection so I changed my .config.yml file to include this
 

ingress:
  # Empy app-friendly subdomain
  - hostname:<this is my subdomain on Cloudflare>
    service: http://localhost:8096
    originRequest:
      noTLSVerify: true
 

Edited November 1, 2025 by SteveGreenBloke

[Luke 42077]

Thanks for following up !