u/Fresh_Drink_319

I’m running Hermes Agent in Docker/Portainer and want browser-only remote access using Cloudflare Tunnel + Cloudflare Access.

I’m am trying with:

https://hermes-api.mydomain.com → http://hermes:8642

https://hermes.mydomain.com → http://hermes:9119

https://hermes-hooks.mydomain.com → http://hermes:8644

cloudflared and hermes would be on the same Docker network, so no host port publishing needed, only Docker internal routing.

Questions:

1. Is it valid to route different Cloudflare Tunnel hostnames to different ports on the same Docker container?

2. Is separate subdomain routing better for security because I can apply different Cloudflare Access policies?

3. Should I avoid Docker ports: and only use expose: when cloudflared is the only ingress?

4. How should webhooks be protected — separate hostname, secret path, header, service token?

5. Any concerns exposing an AI agent API/dashboard this way?

Example internal routing:

hermes-api.mydomain.com → http://hermes:8642

hermes.mydomain.com → http://hermes:9119

hermes-hooks.mydomain.com → http://hermes:8644

Is this a good architecture? As i wanna just use the remote gateway from my office

Currently exploring Omni SEO, Ahref Brand Radar, Profound and more.

Are any of them taking most of the market share? Also which is the best at the moment?

Anyone tried before?

I didn't try it as I am not sure how to set it up yet. But are they really able to make a production workflow with just prompts?

Currently, I'm building up my blog posting workflow using Google Docs, WordPress, and Wix, switching between them. I'm also using AI-generated features for images and image editing, adding brand logos and a total of more than 20 nodes, including code nodes. So, I'm just wondering if MCP can really do this job?