Setup Cloudflare Tunnels to your home server

Setup Cloudflare Tunnels to your home serve

Everything you need to know to get securely connect to your locally hosted application over the internet in under 30 mins.

At the high level, I’m running a SimpleHTTPServer locally, that i want to access over the internet from https://home.mydomainname.com

Secondly, I’ll lock down the access to this URL to whitelisted email addresses.

• Setup Cloudflare Tunnels to your home serve
  • Prerequisites
  • Local
  • Setup cloudflared
    • Download
    • install
    • Authenticate
  • Setup tunnel
    • create credential file
    • create config.yml
    • Add DNS to route traffic to tunnel
    • run the tunnel
    • verify
  • Secure you application
    • Create Access Group
    • Create Access Policy
    • Verify
    • Security Monitoring
  • Additional Resources

Prerequisites

Before you start, make sure you:

• Add a website to Cloudflare.
• Change your domain nameservers to Cloudflare

Local

• in this POC i’m running a SimpleHTTPServer to surface the Director listing of a folder
• python2 -m SimpleHTTPServer 65000

Setup cloudflared

Download

wget -q https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb

install

dpkg -i cloudflared-linux-amd64.deb

Authenticate

cloudflared tunnel login

Setup tunnel

create credential file

cloudflared tunnel create <NAME> this will spit out a <UUID>.json file in your ~/.clouflared DIR

create config.yml

tunnel: <Tunnel-UUID>
credentials-file: /root/.cloudflared/<Tunnel-UUID>.json

ingress:
  - hostname: home.mydomainname.com
    service: http://localhost:65000
  - service: http_status:400

Add DNS to route traffic to tunnel

• cloudflared tunnel route dns 856e737a-1b47-4037-9e3c-1f1c7a18eeab robinvarghese.com
• cloudflared tunnel run

run the tunnel

cloudflared tunnel run <UUID or NAME>

verify

visiting the URL now should route traffic to your local service

Note:

Secure you application

Cloudflare Access determines who can reach your application by applying the Access policies you configure.

Cloudflare Zero Trust integrates with your organization’s identity provider to apply Zero Trust and Secure Web Gateway policies.

In this example, I’m using As an alternative to configuring an identity provider, Cloudflare Zero Trust can send a one-time PIN (OTP) to approved email addresses.

Create Access Group

A group is a set of rules that can be configured once and then quickly applied across many Access applications

Create Access Policy

An Access policy consists of an Action as well as rules which determine the scope of the action.

Verify

visiting the URL now should present you with a login page

Security Monitoring

You can monitor traffic in Analytics & Logs from the Cloudflare dashboard.

Additional Resources

• Official Cloudflare Documentation Follow this step-by-step guide to get your first tunnel up and running using the CLI.

• Set Up a Cloudflare Tunnel to Expose Local Servers to the Internet

• cloudflare
• tunnel
• server