Independent testing Updated April 2026 387 self-hosting guides 5 VPS providers tested

guide

Cloudflare Tunnel for Self-Hosting (Without Port Forwarding)

Learn how to expose self-hosted apps with Cloudflare Tunnel, with no port forwarding or public IP needed, plus step-by-step setup and security tips.

Cloudflare Tunnel for Self-Hosting (Without Port Forwarding)

Cloudflare Tunnel is an excellent solution for developers and sysadmins wanting to expose self-hosted applications to the internet without the need for traditional port forwarding. In this guide, we will walk you through the steps required for setting up a Cloudflare Tunnel to securely access your applications hosted on a VPS, ensuring that your servers remain protected from unwanted traffic.

What is Cloudflare Tunnel?

Cloudflare Tunnel is a service that allows you to securely expose your localhost to the internet through Cloudflareโ€™s network without opening any ports on your firewall. This connection is established via a lightweight daemon called cloudflared, which runs on your server. This is particularly useful for self-hosting applications like Nextcloud, Home Assistant, or other web applications on your VPS.

Advantages of Using Cloudflare Tunnel for Self-Hosting

  1. Enhanced Security: Avoid exposing your serverโ€™s IP address and minimize security risks by using Cloudflareโ€™s proxy.
  2. No Static IP Requirements: You do not need a static IP address; the service handles connections dynamically.
  3. Simplified Access: Easily provide access to applications for users outside your local network without complex configurations.

Setting Up Cloudflare Tunnel

1. Prerequisites

Before you begin, ensure you have:

2. Install Cloudflared

Begin by SSHing into your VPS:

ssh username@your-vps-ip

Once you are logged in, install cloudflared. For Ubuntu/Debian-based systems, you can use the following command:

sudo apt-get install cloudflared

For other systems, refer to the official installation documentation.

3. Authenticate Cloudflared

Next, you need to authenticate cloudflared with your Cloudflare account:

cloudflared login

This command will open your default web browser, prompting you to log in to your Cloudflare account and select the domain you wish to use.

4. Create a Tunnel

Once authenticated, you can create a new tunnel with the following command:

cloudflared tunnel create my-tunnel

This will generate a tunnel ID and a credentials file, typically located at ~/.cloudflared/.

5. Configure the Tunnel

You need to configure the tunnel by creating a configuration file (e.g., config.yml) in the ~/.cloudflared/ directory:

tunnel: YOUR_TUNNEL_ID
credentials-file: /path/to/your/credentials-file.json

ingress:
  - hostname: YOUR_SUBDOMAIN.YOUR_DOMAIN
    service: http://localhost:YOUR_APP_PORT
  - service: http_status:404

Replace YOUR_TUNNEL_ID with the generated Id and specify the correct subdomain and service information, indicating the port your application is running on.

6. Run the Tunnel

Now, you can launch the tunnel:

cloudflared tunnel run my-tunnel

Your application is now securely accessible through the subdomain you configured with Cloudflare. Point your domainโ€™s DNS settings to the Cloudflare proxy for the subdomain.

Pros and Cons of Using Cloudflare Tunnel

ProsCons
Enhanced securityMay require learning curve
No port forwarding neededDependency on Cloudflare
Dynamic IP handlingLimited to Cloudflare services

FAQs

How does Cloudflare Tunnel enhance security for self-hosting?

Cloudflare Tunnel enhances your security by acting as a middleman that conceals your serverโ€™s IP address from attackers. By routing traffic through Cloudflareโ€™s network, it automatically benefits from the vast security infrastructure, including DDoS protection, Web Application Firewall (WAF), and rate limiting. This ensures that your applications are much less likely to be targeted directly, significantly improving your security posture with minimal manual configuration.

Is Cloudflare Tunnel free to use?

Yes, Cloudflare Tunnel offers a free tier that is generally sufficient for personal projects or small applications. However, for businesses or larger applications, Cloudflare has different paid plans that can include additional features like performance analytics and advanced security options. Itโ€™s important to evaluate your specific needs for your self-hosted applications and choose a plan accordingly.

Can I use Cloudflare Tunnel for multiple applications?

Absolutely, Cloudflare Tunnel allows for the configuration of multiple services within a single tunnel. You can specify multiple ingress rules in your config.yml file, each pointing to different services running on various ports of your VPS. This flexibility enables developers to manage and expose multiple services without the need for additional tunneling services or configurations.

By following the steps outlined above, you can seamlessly set up Cloudflare Tunnel for your self-hosted applications, allowing secure and easy access without the complexities of port forwarding. Happy self-hosting!