Cloudflare Tunnel Setup Guide - Self-Hosting for EVERYONE

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
i've done a couple videos on this channel about self-hosting your services and exposing them to the outside world using pfsense with ha proxy as well as nginx proxy manager and while both of those are great options they don't necessarily work for everyone you see both of those require you to have a dedicated public ip address meaning that you can't be stuck behind carrier grade nat if you don't know what cgnat is is basically a way for your isp to cut down on public ips they have to manage by allocating you a private ip and routing all your traffic through their own network kind of acting like a switchboard operator for all you fossils out there even more basic this just means that you don't have a public ip to use when you want to create a dns entry using common dns providers like cloudflare no worries though our lord and savior cloudflare has a solution to this in the form of tunnels and that's where we're going to set up today a cloudflare tunnel into our network to expose our services without any need for a dedicated public ip let's check it out [Music] so cloudflare tunnels work by establishing a connection directly from the cloudflare servers to your network where you'll be hosting the cloudflared client this client can run on basically any device from windows mac linux arm systems smart fridges okay maybe not that last one but it runs on a lot of stuff you can follow the guides provided by cloudflare but when i did this i found that there were certain steps that needed clarification or in some cases you need to pull up different documentation to get completely set up so that's why i'm making this video i want to show you step by step how to get set up with a cloudflare tunnel and hopefully get you hosting your fancy new website asap now let's go ahead and dive in for this setup i'll be using an ubuntu server lxc container that's running in proxmox feel free to go with whatever hardware or os you'd like as i mentioned this will work on damn near anything so let's dive in all right here we are in my proxmox instance you can see i have a container spun up it is a brand new vanilla version of ubuntu server haven't touched anything yet so the first thing i am going to do which i've already done is just ssh into that container once you've established that you can connect to it let's go ahead and get started with the cloudflare service now the first thing you're going to do is go into your cloudflare account so if you haven't done this yet i advise to just go ahead and get a domain transfer to cloudflare and get everything set up before continuing so here we are in mind mrballoonhands.com it's my dashboard uh you're going to want to scroll down to where you see traffic and under there you will see cloudflare tunnel go ahead and click on that and then launch the xero trust dashboard once you're in here go into access and tunnels now your first thought is probably to click this create a tunnel button but we're not going to do that you can set it up in the gui but i found that using the cli locally is way easier so just under that click on the documentation and that will load up the getting started guide for setting up your cloudflare tunnel so let's go into the tunnel guide and ignore all this remote setup stuff we're going to skip over that and go directly down to the local setup using the cli and like i mentioned you can install it on pretty much anything and the first step will be slightly different depending on how you're hosting it whether it's mac windows or linux but we're using linux so we're going to follow the linux steps and honestly step it's one line which is basically downloading and installing the cloud flared service so we're going to copy that go into our server paste run easy let's hop back into the guide step two for this step what we're going to be doing is authenticating cloudflared which means it's going to set up a connection to your domain within cloudflare and make sure that they are allowed to talk to each other we will do that with the cloudflared tunnel login command whoops so when you run that command it's going to give you a url if you're on a server you can just copy this and put it in whatever browser you're on which i will do over here that's going to bring up a list of your domains and you just simply select which one you want to authenticate this with i'm using mr balloon hands let's select that authorize so if we go back you will see that it has successfully logged in and it will give you a path to the cert.pem file which is in root.cloudflared pem make note of that next we actually have to create the tunnel so cloudflared tunnel create and then give it a name cloud flared create and we will just call this demo and just like that it created it and again root cloudflared slash this long string this is your uuid for the tunnel you just created and the json is the credentials file so again just make sure you know where these are stored because this is important when we create our config on to step four this is where we actually create that config file so what we're going to want to do is go into that location so we'll just go cd root cloudflare and if we list the files in there you can see our cert and our json file and what we're going to do is create a config.yaml file so config.yml or yaml whichever team you're on doesn't matter then we are going to edit it i'm using nano fight me and this is going to give you some examples and we're just going to use the first two lines of this network connecting one so it wants the tunnel and the tunnel uuid and the path of the credentials file which we have both so now you need your uuid and remember we got that from the previous commands but we can also get it from the gui if you go back into here remember where we almost created a tunnel using the gui well just refresh that and you should see the tunnel that you created pop up and just like that there's your uuid we can copy that and now we can create our yaml so there's tunnel and that there was the config now what was it credentials file which was a root cloud layered and then the uuid dot json and boom just like that we have our config file so next step this is where you create the dns entry for your cloudflare account so that it knows hey when i'm trying to access this url use that tunnel to get into my service so you can do that one of two ways you can do it directly through the traditional cloud flared gui and setting up a dns record or you can do it here and honestly they're both really easy but let's continue our trend of using the cli so the command for that is cloudflare d tunnel route dns the uuid or the name of your tunnel and then the host name so i'll do cloudflared route dns tunnel route dns we named ours demo and then we want to say i don't even know what we're hosting yet let's host our uh our heimdall service so we'll call this one dashboard dot mr balloon hands.com hit enter oh already exists so i already did uh this as a test before let me go and delete that so i'll just show you see here in the dns records we have dashboard and sync those are my testing ones so let's go ahead and delete both of those okay now run it again and just like that we created it so this is just creating a cname record which is saying if we go to dashboard.mrballoonhands.com point to this specific demo tunnel that we created cool but now how does it know when we go to dashboard.mrballoonhands.com what actually to point to on the local network well that's where we set up some ingress commands in our config.yaml so we're going to go back into that we're going to edit it again nanoconfig.yml and we're going to set up some ingress so it's not in the getting started guide but they do have an ingress gun all these links i'm using uh will be linked down in the description below so don't worry so in their ingress rules uh guide you can see they have some examples which basically shows how to specify a hostname and then what service on your local network to transfer that to so following this command we will go ahead and set some up so it goes hostname service so i'll say ingress hostname will be dashboard.mrballoonhands.com and the service will be https.0.0.26 the port it is 9444. and one thing to make note of is you always have to have a catch-all rule if you're using ingress so we will be using the http 404 one that just says if none of the ingress rules are caught then use this last one which is just a 404 page you can use whatever you want but this is just what i use it's easy okay save that and technically we're ready to go all we have to do is run it so the last step running the actual tunnel so back in the guide you'll see you run the tunnel cloud tunnel run and then the uuid or the name so i'll do cloudflared tunnel run demo and just like that it's spun up and ready to go so if we attempt to go to dashboard dot balloon error 502 bad gateway what is going on here well if we look back at our tunnel you'll see that it's giving us an issue it doesn't contain any ip sans records so we're having an issue with https and it being self-signed on the server but we can actually avoid this so we're going to control c get out of here go back into our config and if you're using https and using self-signed certificates you may run into this issue but don't worry it's easy to avoid so we'll go back in here and in our ingress setup document you can see at the bottom they give you a list of different configurations and one of them is no tls verify meaning that it's not going to use tls verification which is what we want for this instance and the way you do that is put origin request and then the attribute underneath we'll go origin request and we'll say no tls verify true let's run our tunnel again go back here refresh and boom heimdall there it is encrypted across the tunnel no public ip exposed so yeah i mean it's pretty impressive and that easy to set up so again we can easily set up another service to host and this is essentially acting as our reverse proxy just like we did in the aha proxy video just like we did in the nginx proxy manager video all this is kind of just packaged into one thing so let's go back let's kill this and let's create another one so just like before remember how i said you can create a dns record using the cli well you can also create one in the gui so let's go back here if we refresh you'll see our dashboard entry and we can just simply kind of copy it so we're going to add record cname we will copy the target from here paste it in here and the name what are we even hosting um let's just host sync thing like we did before so we'll do sync and that will do sync.mrballoonhands.com save so now we can skip that step in the cli and all we have to do is add it to the config so back into our config and just like the one above it we'll go hostname sync dot mr balloon hands dot com service is http 10.0.0. [Music] i don't remember what the port is 83 save it close spin up the tunnel again and just like that if we just change this actually it's http but so if we go to sync.misterballoonhands.com same thing that freaking easy now i know what you're thinking you probably don't want to have to manually spin this up and monitor it manually you want it to run as a service luckily we can do that so there is a document called run as a service for cloudflare d and it gives you kind of this little walk through but honestly once it's already installed all you have to do is install it as a service and we'll say cloud flared service install easy and we can say system ctl status cloud player d and it is active and running and it will run when you start up so this is just running as a service now and if i go back into here and i try to go to sync that mr blown hands again you can see it's working because it is now running as a service and the cool thing about this is that it's not limited to http or https requests you can see in the ingress configuration that you can use quite a few different protocols tcp ssh you can even rdp over this there's so many things you can set up applications through cloudflare it's very very impressive and it's free that's like the best part all right and there we have it our services have been properly exposed to the outside world using cloudflare tunnels and we didn't even need a public ip to do it i showed a not so practical use case of this in my off-grid home lab video if you want to check that out link up here at the end of the day there are many ways to go about doing this and you don't have to use this method but i know some people have been frustrated when watching my other videos that required you to have a public ip so i hope this helped you folks out so now it's time for comment of the week this one comes on my miniature home server build video using a raspberry pi zero two and this comment comes from the wicked john who says this channel is slowly carving its way into my weekly must watch list you are doing a great job man keep it up thank you very much john for the positive reinforcement i'm glad you are enjoying the channel you enjoyed the video my only unfortunate thing about this is that raspberry pies are still almost impossible to get so while i do like doing videos on them i kind of feel bad because they're just so hard to get and i feel bad showing cool things to do with them and people not being able to get them but i'm glad you like that i appreciate the kind words mr wickedjohn okay that's all i have for you today if you found this video informative then please drop a like if you like nerdy ass then consider subscribing because that's kind of my thing also let me know down in the comments how you're currently exposing your services or if you plan on using this method i'd be curious to see what everyone out there is actually doing and i want to give a shout out to my patreons and my youtube members for continuing to support not only my tutorial videos but my dumb ideas like bringing an entire home lab set up into the woods you guys rock my socks but if you're still around then i sincerely appreciate it thank you so much for watching and i will see you in the next one [Music] you
Info
Channel: Raid Owl
Views: 133,355
Rating: undefined out of 5
Keywords:
Id: hrwoKO7LMzk
Channel Id: undefined
Length: 16min 10sec (970 seconds)
Published: Thu Mar 31 2022
Related Videos
Cloudflare Tunnels: Getting Started with Domains, DNS, and Tunnels
DB Tech
139K
Simple Cloudflare Tunnel Setup on Unraid for Beginners!
Spaceinvader One
36K
SELF-HOSTING behind CGNAT for fun and IPv6 transition
apalrd's adventures
13K
Secure Cloudflare Tunnels with vLANs and an Internal Firewall Before It's Too Late!
Jim's Garage
44K
My SECRET Server Room Project
NetworkChuck
465K
Self Hosting on your Home Server - Cloudflare + Nginx Proxy Manager - Easy SSL Setup
Raid Owl
361K
Using Cloudflare Tunnels For Hosting & Certificates Without Exposing Ports On Your Firewall
Lawrence Systems
182K
No more Cloudflare Tunnels for me...
Raid Owl
40K
STOP using VPN, embrace Zero-Trust networking!
Christian Lempa
91K
The ULTIMATE Raspberry Pi 5 NAS
Jeff Geerling
1.6M
Cloudflare Zero Trust Tunnel Guide: Exposing Self-Hosted Services Safely
Techdox
32K
Self Hosting your OWN VPN is EASY and FREE using Wireguard in Docker
Thomas Wilde
1.5K
DDNS on a Raspberry Pi using the Cloudflare API (Dynamic DNS)
NetworkChuck
343K
How to Expose Local Host using Cloudflare Tunnels?
Piyush Garg
25K
Configuring CISCO Switch at work | CISCO commands, real world best practice
East Charmer
437K
How to use Cloudflare Tunnel in your Homelab (even with Traefik)
Christian Lempa
143K
Better than Disney+: Jellyfin on my NAS
Jeff Geerling
1.1M
How To Access Your PCs and Servers from Anywhere Using Guacamole and Cloudflare Tunnels
DB Tech
82K
Split DNS Magic with Tailscale - Access remote services from anywhere!
KTZ Systems
52K
Remote Access to CasaOS (and Apps) via Cloudflare Tunnels
DB Tech
34K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.