Using Cloudflare Tunnels For Hosting & Certificates Without Exposing Ports On Your Firewall

How could this work if I want to use a certificate to authenticate my authorization?

This means: 100% trust into Cloudflare, because all traffic goes over the certificates of their network. In the end: the one who has access to the certificates of the Cloudflare network can decrypt the traffic.
So far isn't a simple Wireguard tunnel with Preshared Key more secure than this when accessing my local network from outside?

very easy to follow!

Thanks for this, Im glad I found your video. I was having hard time making the NGINX PM works it always gave Error 520/521 and I give up

and pee configure xampp if you have a local server?

how to delete tunnels already downloaded and deleted by cloudflare? It blocked me from loading for new ones

is it possible to tunnel dns traffic via tunnel (port 53) am trying to do that , but it seems m missing something ? any idea

thank god for u, everyone missed the tls setting

has anyone been able to configure the 'IP range' as policy instead of OTP? I keep getting unauthenticated errors, even though the details in the message list the same public ip i've whitelisted in the configuration policy.

How do I set it up with Nextcloud (not Truecharts Nextcloud)? I can't seem to get it to work.

Hello, this is a great video and convinced me to use Cloudflare Tunnels instead of reverse proxy. A question though: is there a possibility to add wildcards? I want to run a Wordpress Multisite but dont want to log in to Cloudflare and add another tunnel every time I add a new site. Also, if there are issues removing a tunnel I may have to rethink this.

Does Cloudflare tunnel makes nginx useless for small setups? I've been using nginx lately but I M felling that all those proxy's and where redundant ports could be solved from Cloudflare dashboards.

How do you figure out what port an actual computer running unbuntunis using being banging my head trying to get cloud flair to work on Unbuntu 22.04 LTS

Lawrence system is it possible to install cloudflare tunnel in side pfsense box 📦 if it is show us how to do it

Sir, Can you help me onething I want to access my Home Pc using RDP Via ClousFlare Zero tunnel, but i cant access it, I can access 80 port or other port on web browser without port forrowarding but need to access RDP Windows 10, Can you help me Sir. Please.

how do you uninstall a cloudflare service

Sir, Please can you help me I am trying to get RDP Access form Outside network of my home windows 10 pc from my office using Cloudflared Tunnel with out any port forrowarding of my Jio Fiver Router. Please help me sir.

Fantastic!

Creating a subdomain was a no-brainer but I tried to do it for my root domain, leaving the subdomain field empty and it complained that it was being used probably because it was being used for the nameserver information. Interestingly you avoided it after pointing it out, is it very difficult to do?

To be clear, there is no need for a reverse proxy with this?

I'll have to give this a try. I actually had to solve this exact problem for a server I was building last year. I ended up using zerotier sdn connecting the homelab vm's to a droplet with a public IP, and using ipforwarding and ipchain to build a frontend for it. the droplet has the ssl cert, and dns records pointing to it. It follows the iptables rules to forward specific traffic over the zerotier virtual network to the local vm's and back.

I am trying to create a tunnel for Kavita but when I put the local URL at the Route Traffic for "TunnelName" it says URL is required despite me putting a URL into that spot. I've confirmed the service is running, and the URL is correct.

Saved me for an issue I was having, thank you very much!

Is there an elegant way to use cloudflare access for the whole domain, except 1 subdomain/ public hostname?

Can you make a video "How to add cloudflare tunnels to OpnSense". Please
I realy like your videos. Fantastic work !

Im old fashioned Enterprise I.T.
Just give me a VPN. All these fancy toys make me grumble.

Thanks!

I'd love to know how to do this without a purchased name (for example by using duckdns or similar)

runs it in demon mode lol

Is like the lazy man trafik? Also what happens if your internet goes out at home? Are you still able to access local services?

Nice Review sir thankz p❤

Might seem like a stupid question, but ... can you add the main domain and sub-domains or just a list of sub-domains

My IP on cloudflare always change back to the old IP after changing it to the new IP, please do you know the course? This thing happen every 24hrs

Hi you are great!! it's possible protect the tunnel access with mutual tls for authenticated the clients? because the apps behind the tunnel has auth. like a "MFA" cert + user + pwd

I need to use Traefik's reverse proxy services. Is there an option to route wildcard subdomain through cloudflare tunnel?

I encountered that small nuance of not being able to adding back/renaming to a hostname that I had previously used. When you create/add a Public Hostname under Tunnel it creates a new CNAME in your DNS, and this doesn't get automatically deleted probably more of a safety feature since DNS propagation usually takes time. Delete the CNAME entry and you can go about the rest of the day.

This works with other internal thing. Like my deluge client. but with nextcloud I can't get it to work. I've added the correct ip's in the config.php allowed list. But nothing ever shows. Any ideas ?

What good is this product if we can’t mount a simple samba share through it? What a nightmare this was.

Setting up SSH is a bitch.

I get the tunnel part up and it says healthy... and if I go to Plex on my server's side... it lets me connect the Remote Access to the Internet..

...but when I try to access that tunnel/host, i get a Cloudflare error page saying that my tunnel is ok, and it's broken from my domain to the host. I dont get it. How can I make the connections then? (like from Plex's Remote Access page)

I feel like I'm missing one small part, and it's frustrating as hell.

Hi Lawrence, thanks for your video. A question on a detail. I've installed Portainer and set a Cloudlare tunnel with Docker. When I go to the cloudflare container, to check the logs as you do, mines are empty. Which doesn't seem normal. Should I do something to make these logs visible? thanks

Hey there. Not sure if you’ve figured out the bug already, but in case you haven’t. When you create a new public hostname, it’s actually creating a new CNAME entry in your DNS records. When you delete a tunnel before the hostname, you just need to go delete the DNS entry manually before you can recreate one of the same name. Deleting the public hostname “correctly” simply removes the DNS entry for you. Hope this helps!

You have to register a creditcard on the free plan, why?

what about using ssh? is the same config?

Would this work with pfsense to pfsense tailscale with routes exposed? Example site a has tunnel installed on local network and can see server or site b via tailscale site to site.

This worked excellent. So many layers and no holes in the firewall.

Very good intro to bring awareness around who you bring into the trustcircle