Using a custom domain behind Cloudflare Access — anyone got this working?
Trying to set up a workflow where published Lovable apps are served via a custom subdomain and gated behind Cloudflare Access (email PIN login). The use case is client-facing apps where I want a professional URL and access control without building auth into the app itself.
I’ve got the Cloudflare Access side working correctly — the login gate appears when the CNAME is proxied through Cloudflare. The problem is Lovable’s domain verification and SSL certificate provisioning don’t work when the proxy is on, which makes sense as it needs direct access to the origin.
The workflow I’ve tried:
1. Connect domain in Lovable with “Uses Cloudflare or similar proxy” ticked → get a CNAME
2. Add CNAME to Cloudflare DNS as proxied → Cloudflare Access gate works
3. But Lovable loses the domain connection periodically and the recovery flow tries to revert to an A record
Has anyone got a stable setup for this? Specifically wondering:
• Is there a way to keep Lovable’s domain verification happy while keeping the Cloudflare proxy on?
• Is there a recommended pattern for adding auth/access control to published Lovable apps without building it into the app itself?
Happy to go the app-level password route if Cloudflare Access just isn’t compatible with how Lovable handles custom domains.