Add native support for Cloudflare Tunnel hosting #1574
Description
Description:
Please add native support for hosting Waha behind Cloudflare Tunnel or Cloudflare Access.
Currently, when Waha runs on a VPS using Cloudflare Tunnel, the app starts correctly but external access often fails due to connection or authentication issues.
Problem
When exposing Waha through a Cloudflare Tunnel (for example, waha.mydomain.shop → http://localhost:3000), the following issues appear:
The dashboard or API often responds with HTTP 401 Unauthorized.
Basic Auth prompts are not handled properly by Cloudflare’s proxy.
Waha binds to [::1] instead of 0.0.0.0, which prevents Cloudflare from forwarding requests correctly.
Header validation/origin checks reject Cloudflare traffic.
This makes it difficult to host Waha safely through Cloudflare’s secure network, which is very common for VPS users who avoid exposing raw ports to the internet.
Proposed Solution
Add a configuration option like:
WAHA_BEHIND_CLOUDFLARE=true
which would automatically:
Bind the API to 0.0.0.0
Handle X-Forwarded-For / X-Real-IP headers correctly
Relax origin or Basic Auth checks for Cloudflare proxy traffic
Update documentation with official Cloudflare hosting instructions.
Benefits
Enables simple HTTPS hosting without manual TLS setup.
Improves compatibility with Cloudflare Zero Trust deployments.
Avoids common 401/auth errors through proxy layers.
Example Environment
WAHA_PUBLIC_URL=https://waha.mydomain.shop
WHATSAPP_API_PORT=3000
WAHA_WEBHOOK_ALLOWED_ORIGIN=*
💡 Suggestion:
It would be ideal if Waha could automatically detect Cloudflare environments (based on request headers or environment variables) and adjust internal configuration accordingly.