Access Self-Hosted services using CLOUDFLARE Tunnel | Proxmox Home Server

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone and thank you much for watching this is me Mr P and let's carry on setting up proxmox server on very old laptop in the previous episode we set up ourself a virtual machine called Cloud VM which is basically our personal cloud and we created two users one was for me Mr B and another one was for my friend Jeff so let's say Jeff wants to log in he just goes to the local AP address followed by port 8080 and enters the username and a password and he can log in I can he can see his stuff which is great but the problem is every time when Jeff wants to access this Cloud he needs to be at your house he needs to basically use your home network to connect to this because if he's gonna go somewhere outside your home network I'm gonna try to connect to your local IP address well he's not gonna have any luck because hey there is no port forwarding sorted and nothing basically tells outside not outside internet outside world that this virtual machine even exists so how we're gonna go around it there is a multiple ways to get this done you can just open the port 8080 pointed to this AP address so anybody who's entering your public API address followed by 880 will be able to go to this virtual machine but this is not secure and I don't recommend to do that another thing is that we're going to have multiple Services happening and maybe another virtual machine we're going to create in the next episode or so we'll have Port 8A to support opening port forwarding is not the ideal thing another way you can to go around this is using nginx proxy manager which you need to open just to pause I think it's 80 and 443 and I actually use the nginx proxy manager for quite a while until that day when I discovered cloudflare tunnels and this is what I'm going to show you in this video how to set up cloudflare tunnels is super easy to set up is super easy to use and is secure and is secured by cloudflare first of all you need to create yourself a cloudflare account as you can see I'm go I'm on a call for the main page so once I logged in or once you will log in you will see no domain showing up here I actually purchased two domains for these kind of videos one is called Docker Pi this actually was bought just before start recording this series because my plan was to use the Raspberry Pi there has reply as the server but then I as I've mentioned episode 1 I moved to use a laptop instead the next one is called Mr P Cloud which I purchased again just thinking maybe just a bit of variety to have to for these kind of videos so we're gonna use mrpcloud.uk in this series so this is the domain I'm going to use if you don't have a domain you can go on the left hand side once you're logged into a cloud Play click on the domain registration and then click register domain and then just search for domain that basically is your cup of tea which one you fancy and if a price is right you can purchase straight inside the cloudflow and cloudflow will do the rest and obviously you can go to Google Empire domain one two reg one to three reg I think is another supplier anyway there's basically you just need to go and get yourself a domain I think I'm paying for dollars fifty cents per each of these so it's about nine dollars a year to have these both domains going so I have a domain rated right say you have a domain ready so let's go and start setting up cloudflare tunnels just before we do that we need to set up where the cloud flat tunnel or cloudflare service will run from my experience and from what I'm right now running as my main proxbox server I have cloudflare running inside the lxc container and that's what we're going to use I have Ubuntu template which we created I think is episode 203 so I'm going to use that just gonna right click choose clone put give a name cloudflare tunnel here we go click on that actually instead of cloud Photon I'm going to put cloud flare YT so Cloud for YouTube full clone ID number 100 because I want that to be at the top always straight away visible if something is going wrong I'll notice that icon is on off or Etc click clone and right now the container is getting cloned from this template once the container is cloned I'm just going to log in into this container by SSH and do a usual housekeeping things like act update and apt upgrade just to make sure that this contain is up to date with all the fixes patches and Etc I have a container red as you can see there was a bunch of stuff he had to update and upgrade but anyway my cloudflare YT content 10 Alexi containers up to date so right now we can go and start setting up ourselves for cloudflare tunnel I'll go back to a cloudflare page and then when I'm when you're logged in onto this page you scroll down a bit on the left hand side you should see a zero trust option if you click on that it's going to load the new page for you where you can start setting up cloudflare channel to use cloudflare channel is absolutely free you can set this up if you already know the steps in less than five minutes once the cloudflare tunnel loads I'm going to click on access and choose tunnels this page shows up will show up and you will see nothing here as you can see there is two tunnels already created as I'm using for other things yours going to be empty that's all you need to do is a click tunnel create a tunnel on the top right and give a name I'm going to call it this dexmox and I'm going to say save the tunnel so right now I'm just creating a tunnel for my domains and stuff and now we can choose our operating system I can choose between Windows Mac Debian red hat and Docker and I can choose between 64 and 32-bit or I can run on arm processors 6452-bit and that's runs like magic on the Raspberry Pi if you have a Raspberry Pi let's say Docker server so something like that I'm going to leave as a Debian and I'm going to leave us a 64-bit scroll down a bit and you have two options if you don't have a cloudflare it installed use this script if you already have use this script to link your new tunnel to already existing cloudflare installation I'm going to copy this because I don't have that go back inside the turmox left click and hold and choose paste and then press enter okay it snags that there is no curl installed so that's no problem we can do quickly apt install kernel stash y curl installed and instead of going and pasting this command again I could just click up and up again Arrow key up go back to previous command and I'm just going to right click on that and while that's installing if we go to this page at the bottom as you can see connectors is just refreshing right now it's nothing happening once installation is completed the cloud flash service servers will detect that you have a new Cloud flat tunnel installed and it will populate this as you can see it says connector ID status data center looks like inside a Manchester probably my public IP address and the version which is 20 is 1st of November 2022 tunnel is installed and 12 you can see the tunnel right now we can start setting up our first hostname so we have this one we have this cloudflare thing this Cloud virtual machine going let's call this uh data that's called Data actually no let's delete that let's call Vault inside the domain list you pick your domain I can choose between Docker Pi on my MRP others that will blur out so I'm going to say Vault dot mrpcloud.uk path we don't need anything in here under type we're going to choose http and now I need to double check it's a 42 IP address 42 so just enter 192.168.178.42 semicolon 8080 so colon 8080 that's how you do so AP address dot is colon 88 that is it and click save the tunnel and right now in about couple of seconds or so this page should refresh and right now at the bottom as you can see says dexmox inactive done all the connections boom working it says active is it every time right now if somebody wants to access this all I see Jeff wants to access this Cloud VM from outside the home network he just puts volt dot mrpcloud.uk here we go I'm using the subdomain Vault to my main domain and Jeff says Okay I want to connect and click yep and one please think please note there is a padlock here which means that that cloudflare does https for us and assigns all the certificates so connection is secure great everything works fine but the problem is right now everybody can access this as long as they know your domain or subdomain everybody can access this which is not great you need to restrict only to yourself and Jeff and obviously add other people as you go how to do that let's go back to a cloud zero trust and when we clicked on Tunnel citizen one option above that which is called applications click on applications and inside here you will see nothing here because yours going to be empty Minds as you can see there's quite a few things here and an application on the top right choose a self-hosted application name I'm going to say volt Dash Cloud VM just to stand out this can be anything but this is just for your reference to know what what is happening session duration so how long uh once a connection is approved how long the token can last so let's say for example I'm gonna say for 30 minutes this can function otherwise it's just gonna disconnect and I'll show you what that means in a second why about this timeout application domain volt this is the one we created domain I chose was mrpcloud.uk we chose nothing in a path everything else leave by default click next on the next page we need to choose policy name so first I'm going to choose policy name email I'm going to say email allow this is not going to show up this is something I set up for myself so you just give a policy name which is going to be email action allow and that means that allow access to this volt.mrp.uk as long as email matches what inside here so speak to Mr P at gmail.com so speak to mrpgmail.com I will get access because my email address in here you can put Jeff at something something something and your friend Jeff email address I'm just gonna put mine for now that's it so email access Great Click next everything on this page is default just click add application so right now it's adding application and it shows up will show up in this list mine shows up at the top and as you can see Vault volt.mrpeak.uk and assault function and right now if I go to the the address of Vault dot Mr pcloud.uk I will get the login page so right now I can say okay so info at reddit.com send me a code and it will tell you that the code has been sent but the code will never ever ever arrive as because the email address is not inside the policy that we created but if I'm gonna go back on here I'm going to say speak to MRP at gmail.com send this on a separate screen I'll quickly do um check on my other email address to see what IP address or what I am code I received give me a second so the code I received is 076964 and click sign in and once I sign in this is when that time and that we set up for 30 minutes will start counting down because right now it's allowed to have access for 30 minutes this is great no problem at all but the pro the thing is right now every time when I want to log into the system for my home network I will be basically nagged to enter the pin number from my my email address because it knows that only allow people from the email list how to get that around if I go to Applications let's click on the Vault click edit I will do add the policy and besides the email I'm gonna put this IP address again name can be anything you want here I'll choose bypass and I scroll down and I'm gonna pick from this list I'm gonna say I can choose IPA range country everyone not everyone etc etc I'm going to say AP range and everybody will AP address of this this one which is my home public IP address here we go I go up I click add the policy and right now what's going to happen every time someone hits that subdomain it will check do I need to check if this cloudflare will ask you to enter email address if IP address is not matched if IP address is matched it's called bypass it means this is true other rules don't care as long as the IP address is true so right now I can go let's say into a duckduckgov DOT MRP cloud.2k and I will get access because I am inside my house and I do have my public my public IP address is matching what the conflict has and that's it cloudflare tunnels no need of port forwarding no need of configurations no messing around about SSL certificates nothing you just spend five minutes installing cloudflare tunnel setting up your first domain and right now Cloud VM has been accessed from anywhere in the world by Vault dot mrpcloud.uk by anyone who's got access on who's got account for this and obviously matching the rules of security security rules here you go thank you very much for watching I hope you enjoyed this video and I'll see you in the next one goodbye

Info

Channel: MRP

Views: 22,657

Rating: undefined out of 5

Keywords: cloudflare, cloudflare tunnel, proxmox on a laptop, proxmox ve, pve, self hosting, self hosted, using cloudflare tunnel, mrp, home server, old laptop home server setup, cloudflare tunnel guide, cloudflare tunnel tutorial

Id: XyCjCmA_R2w

Channel Id: undefined

Length: 12min 21sec (741 seconds)

Published: Fri Dec 16 2022