The Tech Pulse

The Tech Pulse

Cloudflare Tunnel Setup Guide - Self-Hosting for EVERYONE

Summary:

This video is a detailed guide on how to set up a Cloudflare tunnel to self-host services without needing a public IP, useful for those stuck behind carrier-grade NAT. The presenter explains the steps to create a tunnel using the CLI on an Ubuntu Server LXC container, making it accessible to the outside world through Cloudflare. The process involves installing the Cloudflare client, authenticating it with Cloudflare, creating a tunnel, and configuring DNS and ingress rules to route traffic to specific services on the local network. The presenter also demonstrates how to run the tunnel as a service, allowing it to start automatically and support various protocols like HTTP, SSH, or RDP.

Chapters:

  1. Introduction (0:00-1:30)
    The presenter introduces the concept of self-hosting services and mentions traditional methods like using pfsense or Nginx Proxy Manager. However, the focus of this video is to demonstrate how to set up a Cloudflare tunnel, especially for those without a dedicated public IP due to being behind CGNAT.

  2. What is Cloudflare Tunnel? (1:30-3:30)
    Explains how Cloudflare tunnels allow you to bypass the need for a public IP, using Cloudflare's network to route traffic to your internal services. The presenter mentions how the tunnel works by establishing a connection from Cloudflare servers to your network, allowing traffic to flow securely without exposing your public IP.

  3. Initial Setup of the Cloudflare Tunnel (3:30-7:30)
    The tutorial begins with setting up a vanilla Ubuntu Server LXC container in Proxmox. The presenter explains how to install and configure the Cloudflare client (cloudflared) on this server, authenticate it with a Cloudflare domain, and create a tunnel using the CLI.

  4. Configuring the Tunnel (7:30-10:00)
    After creating the tunnel, the next step is configuring it by creating a config.yaml file. The presenter explains how to specify the tunnel UUID, credentials file path, and DNS entry to route traffic to the desired service hosted on the local network.

  5. DNS and Ingress Configuration (10:00-15:00)
    The presenter walks through setting up DNS entries via the CLI or GUI in Cloudflare to map a domain (like dashboard.mrballoonhands.com) to the tunnel. They also show how to configure ingress rules to map hostnames to specific local services and handle catch-all requests with a 404 page.

  6. Handling HTTPS and TLS Issues (15:00-18:00)
    A common issue with self-signed HTTPS certificates is addressed. The presenter adds the no-tls-verify option to the ingress configuration to bypass TLS verification for internal services, ensuring secure traffic flow without TLS errors.

  7. Running the Tunnel as a Service (18:00-20:00)
    The video concludes by showing how to install the Cloudflare tunnel as a service using systemctl, ensuring it starts automatically on boot. The presenter demonstrates that it’s easy to set up multiple services using Cloudflare's tunnel with different protocols, including HTTP, TCP, SSH, and RDP.

  8. Conclusion and Viewer Interaction (20:00-end)
    The presenter wraps up by thanking viewers, answering a comment about the Raspberry Pi shortage, and encourages viewers to share how they expose their services or if they plan to use Cloudflare tunnels.

Suggested Changes for Your Ubuntu Server Setup (Samsung NC110 with Atom CPU, 2GB RAM, 250GB SSD):

  1. Minimize Resource Usage: The NC110 has limited resources, so ensure that unnecessary services are disabled, and only essential services are running. Using the Cloudflare tunnel shouldn't be too resource-heavy, but keeping things lightweight is crucial.

  2. Install and Configure cloudflared: Follow the same steps outlined in the video to install the cloudflared client. You can SSH into the NC110 and run the installation commands for Linux.

  3. Avoid Heavy Traffic: With your limited hardware, avoid hosting high-traffic services, as the Atom CPU may struggle under heavy loads. Focus on lightweight services such as static websites, file servers, or simple apps.

  4. Monitoring and Automation: Given the server’s limited memory, keep an eye on memory and CPU usage using monitoring tools like htop or glances. Set the tunnel to run as a service to avoid manually starting it every time you reboot the server.

  5. Consider TCP Services: The Cloudflare tunnel supports various protocols (HTTP, HTTPS, TCP, SSH). Depending on your use case, you might want to expose services like SSH to access your server remotely, but be mindful of security.

Let me know if you need further help with any specific steps!

© 2025 The Tech Pulse. All rights reserved.