Using Cloudflare Tunnels to Access Homelab Services Out of Local Network

Next, specify the local service you want to expose, for example:Let’s get practical. Say you want to expose a self-hosted WordPress instance running on a Raspberry Pi. Here’s how to set up your Cloudflare Tunnel.You’ll still need a domain to access your services from outside. If you are just doing it for fun and testing, and a branded domain name doesn’t matter, get a cheap .tk or some other obscure TLD for an inexpensive price from Namecheap etc.Once your Cloudflare Tunnel is live, it’s time to test it.Add Your Domain: Once signed up, you’ll be prompted to add a domain. You can either transfer an existing domain to Cloudflare or register a new one through their service.If you’ve ever dipped your toes into self-hosting, you know the struggle is real when it comes to exposing your local services to the internet securely.

What is Cloudflare Tunnels?

The best part? It’s all not that complicated to set up. cloudflared tunnel route dns my-tunnel mydomain.com

tunnel: [TUNNELNAME]
credentials-file: /home/[USERNAME]/.cloudflared/[UUID].json

ingress:
- hostname: [HOSTNAME]
service: [PROTOCOL]://localhost:[PORT]
- service: http_status:404

Once your account is set up, you’ll be greeted by Cloudflare’s intuitive dashboard. Here you can manage your domains, access security settings, and, most importantly, create and manage tunnels.

Features

Cloudflare Tunnels also integrate tightly with Cloudflare’s vast suite of security tools, including DDoS protection, SSL, and firewall rules, giving you peace of mind while sharing your services online.

• DDoS Protection: Ensures your services are safeguarded from attacks.
• Automatic SSL: Your connections are secured end-to-end with HTTPS.
• DNS Management: Seamless integration with Cloudflare DNS.
• Traffic Monitoring: Get insights into requests and bandwidth usage through the dashboard.
• Firewall Rules: Apply precise security policies to your tunnels.

Pricing

Now that your configuration file is set up, install it as a system service by running:

• Free Plan: Perfect for individual users, allowing you to run tunnels without any charge. This includes up to 50 tunnels with unlimited bandwidth, making it great for small projects or personal services.
• Pro Plan: Starting at $20/month, this plan offers more features like enhanced analytics, faster support, and increased security options, ideal for small businesses or more critical self-hosted environments.

Getting Started with Cloudflare Tunnel

Finally, start the tunnel with:This setup means your self-hosted services, like WordPress, Plex, or Nextcloud, remain protected behind your firewall but can still be accessed securely over the web.

For homelab users, Cloudflare Tunnels offers incredible flexibility:

Cloudflare Tunnels is part of Cloudflare’s Zero Trust suite, which includes:

Accessing the Cloudflare dashboard

Create a Cloudflare Account: If you don’t already have one, head to Cloudflare’s website and sign up. It’s free and only takes a few minutes.

They power a significant portion of the internet, and knowing that my personal projects benefit from the same level of protection as massive enterprises is a huge relief.

Setting up your first Tunnel

From my own experience, Cloudflare Tunnels has been a game-changer for hosting my personal projects and websites all for free.One of the appealing things about Cloudflare Tunnels is its affordability. For homelab users, Cloudflare offers a free tier that is remarkably robust:curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb -o cloudflared.deb

sudo dpkg -i cloudflared.deb

The left-hand panel gives you access to your domains, DNS settings, analytics, and security tools. Under the “Zero Trust” section, you’ll find “Tunnels,” which is where the magic happens.

Once you’ve confirmed that your Cloudflare Tunnel is working, the next step is to ensure it starts automatically whenever your Raspberry Pi boots up. Enter Cloudflare Tunnels: a game-changer for homelab users who want to share their services without opening their network to the internet.Set Up Cloudflare DNS: To use Cloudflare Tunnels, you’ll need to set your domain’s DNS to point to Cloudflare’s nameservers. It typically takes only a few minutes for the changes to propagate.Cloudflare Tunnels, formerly known as Argo Tunnels, is a service that allows you to expose services running on your local network to the public internet without the headache of dealing with port forwarding or configuring a firewall.

In this tutorial, we’ll dive into Cloudflare Tunnels, walk through how to set up your first tunnel & get it running on a Raspberry Pi. To demonstrate, I’ll even set up a self-hosted WordPress site accessible from anywhere without worrying about exposing ports or breaking the bank.cloudflared tunnel create my-tunnel

For example, a Minecraft server would use tcp://localhost:25655, while a web server might use http://localhost:8080.One of the things I truly appreciate is the added layer of security that comes built into the service, which lets me confidently put my projects online while keeping them protected.

sudo nano ~/.cloudflared/config.yml

sudo systemctl start cloudflared

cloudflared tunnel login

cloudflared tunnel run --url localhost:PORT my-tunnel

After logging in, create a tunnel by running:

• [TUNNELNAME]: Replace this with the name of your tunnel.
• [USERNAME]: Your system’s username.
• [UUID]: The UUID returned when you created the tunnel.
• [HOSTNAME]: The domain you want to use, such as mywebsite.com.
• [PORT]: The port on which your service is running (e.g., 79).
• [PROTOCOL]: Use the protocol required for your service, such as http, https, or tcp.

First, you need to create a config.yml file, which will store the tunnel settings. Open the file with the following command:sudo systemctl enable cloudflared

🚧Install Cloudflared on the server where the service is running, which is Raspberry Pi in my case.Simply open a browser, navigate to the domain or subdomain you assigned. In my case, it was a fresh WordPress install:Cloudflare, as the largest player in the web performance and security space, has built an incredibly robust network infrastructure. You’ll have to battle with port forwarding, dynamic IPs and what not and it can quickly snap the joy out of your homelab project. This can be easily achieved by configuring the Cloudflare daemon to read from a configuration file.

Why use Cloudflare Tunnels?

Setting up Cloudflare Tunnels is simple and straightforward. Here’s how you can get started:

• No Port Forwarding: You don’t need to tinker with your router’s settings to expose services.
• Security: Your local services remain behind your firewall, significantly reducing the risk of cyber threats.
• Cost-Effective: With the free tier offering unlimited bandwidth for personal use, it’s hard to beat Cloudflare Tunnels’ value.

Tips for Homelab Users

• Start Small: Don’t open all your services at once. Start by exposing one service and test its stability and security before expanding.
• Use Subdomains: If you’re running multiple services (like Nextcloud, Plex, and WordPress), use subdomains (e.g., nextcloud.yourdomain.com) to keep things organized.
• Monitor Traffic: Keep an eye on your Cloudflare dashboard for any unusual traffic spikes, which could indicate a security issue.
• Keep system and services updated: Needless to say that you should keep the server updated and also update the services you are running, specially if there are security updates.

Final Thoughts

Let’s say you have Nexcloud deployed on Raspberry Pi but it is on your local network, behind NAT. If you want to access it from outside your home network, it needs a lot of additional configuration and effort.Essentially, it creates a secure, outbound-only connection from your machine to Cloudflare’s global edge network, and the best part? No inbound traffic is required. But what if I told you that there’s a service that can not only solve these issues but also make your life significantly easier? Here’s an example of what the configuration might look like:sudo cloudflared --config ~/.cloudflared/config.yml service install

After editing the file, save your changes by pressing CTRL + X, then Y, and finally hit ENTER