Cloudflare Tunnel for Self-Hosting (Without Port Forwarding)
Cloudflare Tunnel is an excellent solution for developers and sysadmins wanting to expose self-hosted applications to the internet without the need for traditional port forwarding. In this guide, we will walk you through the steps required for setting up a Cloudflare Tunnel to securely access your applications hosted on a VPS, ensuring that your servers remain protected from unwanted traffic.
What is Cloudflare Tunnel?
Cloudflare Tunnel is a service that allows you to securely expose your localhost to the internet through Cloudflareโs network without opening any ports on your firewall. This connection is established via a lightweight daemon called cloudflared, which runs on your server. This is particularly useful for self-hosting applications like Nextcloud, Home Assistant, or other web applications on your VPS.
Advantages of Using Cloudflare Tunnel for Self-Hosting
- Enhanced Security: Avoid exposing your serverโs IP address and minimize security risks by using Cloudflareโs proxy.
- No Static IP Requirements: You do not need a static IP address; the service handles connections dynamically.
- Simplified Access: Easily provide access to applications for users outside your local network without complex configurations.
Setting Up Cloudflare Tunnel
1. Prerequisites
Before you begin, ensure you have:
- A VPS from any of the leading providers, e.g. Contabo, Hetzner Cloud, DigitalOcean, Vultr, or Linode. Check the full VPS comparison for more information.
- A registered domain that you can use with Cloudflare.
- Access to your VPS terminal.
2. Install Cloudflared
Begin by SSHing into your VPS:
ssh username@your-vps-ip
Once you are logged in, install cloudflared. For Ubuntu/Debian-based systems, you can use the following command:
sudo apt-get install cloudflared
For other systems, refer to the official installation documentation.
3. Authenticate Cloudflared
Next, you need to authenticate cloudflared with your Cloudflare account:
cloudflared login
This command will open your default web browser, prompting you to log in to your Cloudflare account and select the domain you wish to use.
4. Create a Tunnel
Once authenticated, you can create a new tunnel with the following command:
cloudflared tunnel create my-tunnel
This will generate a tunnel ID and a credentials file, typically located at ~/.cloudflared/.
5. Configure the Tunnel
You need to configure the tunnel by creating a configuration file (e.g., config.yml) in the ~/.cloudflared/ directory:
tunnel: YOUR_TUNNEL_ID
credentials-file: /path/to/your/credentials-file.json
ingress:
- hostname: YOUR_SUBDOMAIN.YOUR_DOMAIN
service: http://localhost:YOUR_APP_PORT
- service: http_status:404
Replace YOUR_TUNNEL_ID with the generated Id and specify the correct subdomain and service information, indicating the port your application is running on.
6. Run the Tunnel
Now, you can launch the tunnel:
cloudflared tunnel run my-tunnel
Your application is now securely accessible through the subdomain you configured with Cloudflare. Point your domainโs DNS settings to the Cloudflare proxy for the subdomain.
Pros and Cons of Using Cloudflare Tunnel
| Pros | Cons |
|---|---|
| Enhanced security | May require learning curve |
| No port forwarding needed | Dependency on Cloudflare |
| Dynamic IP handling | Limited to Cloudflare services |
FAQs
How does Cloudflare Tunnel enhance security for self-hosting?
Cloudflare Tunnel enhances your security by acting as a middleman that conceals your serverโs IP address from attackers. By routing traffic through Cloudflareโs network, it automatically benefits from the vast security infrastructure, including DDoS protection, Web Application Firewall (WAF), and rate limiting. This ensures that your applications are much less likely to be targeted directly, significantly improving your security posture with minimal manual configuration.
Is Cloudflare Tunnel free to use?
Yes, Cloudflare Tunnel offers a free tier that is generally sufficient for personal projects or small applications. However, for businesses or larger applications, Cloudflare has different paid plans that can include additional features like performance analytics and advanced security options. Itโs important to evaluate your specific needs for your self-hosted applications and choose a plan accordingly.
Can I use Cloudflare Tunnel for multiple applications?
Absolutely, Cloudflare Tunnel allows for the configuration of multiple services within a single tunnel. You can specify multiple ingress rules in your config.yml file, each pointing to different services running on various ports of your VPS. This flexibility enables developers to manage and expose multiple services without the need for additional tunneling services or configurations.
By following the steps outlined above, you can seamlessly set up Cloudflare Tunnel for your self-hosted applications, allowing secure and easy access without the complexities of port forwarding. Happy self-hosting!