Cloudflare Zero Trust Tunnel Guide: Exposing Self-Hosted Services Safely

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone I'm going to show you how to set up cloudflare so you can host your services without needing a VPN port forwarding or none of that stuff you just worry about one thing that's cloudflare running as a Docker container and everything else is sorted for you I've done a bit of an overview video on this before with just showing kind of what cloudflare is what and more specifically cloudflare xero trust which means we can expose our services to the internet without having to worry about the internal networking that you would normally have to worry about port forwarding VPN access and all of that stuff instead we can use cloudflare tunnel to help us expose our services and then it's all protected by cloudflare as well so let's just do a quick rundown on what we're going to be doing so for this demonstration what I'll be doing is I'll have a Cloud Server which will be running a which will be a rack nerd cloud-based server which is running in La somewhere and then I'm going to install cloudflare tunnel on that I'm going to walk you through this entire process and then once we've got that connection up and running we'll be installing nyxcloud what fire a container as well running on that exact same rack new server and then we're going to expose it publicly on the internet with a domain name and I'm just going to show you how easy that is and then once we've got that exposed and we're able to access it I'll show you some tips and tricks as well to get you along the way so without further Ado let's get into it really quick Shameless affiliate link plug from my side if you're interested in a rack node server which I'll be using as the demonstration in this video I will have some links in the description so you can pick one up yourself as you can see 17 18 20 a month where you can even 22 dollars a year for uh one of the cheap cheaper ones again I'll have a little breakdown of some ones that I recommend in the description I just get a bit of a kickback if you do order from it you can order it you don't I'm not phased I'm just putting it there if you are interested in the server that I'm using right so let's connect to our Frank node server just like that we are in my arachnid service so I'm in a cloud-based server you could be on your home computer a Linux server that you have home anywhere right as long as you can run Docker you should be sweet so this is as fresh as you can get with a server it doesn't even have Docker installed so let me quickly install Docker as well bam docker's installed we can test that by running a little hello world let's have a look yep we're pulling the image down and is that how I will cool we have Docker installed I haven't made a video in how to install Docker on Linux or Mac or anything like that because the instructions are actually pretty straightforward but if you want me to give you a video on how to do that let me know in the comments I'm more than happy to make a video covering that but for now I've got a link to how to install Docker in the description of this video now we've got Docker we've got our server running let's just take a breather and let's just figure out where we're at So currently we have our rack node server our Cloud Server okay we've just installed Docker on it so we're good that's all we've done but what we want to do now is that we want to be able to host any service like NYX cloud or something like that and we want to be able to publish that over the internet now this is again where the cloudflare zero trust comes in so what we're going to have to do is head over to cloudflare and get started there so we're on the club players website we're going to a link for this will be in the description I'm going to log in okay so we're in my cloudflare dashboard at the moment and as you can see you can see my domains and stuff that I have set up here so what we're going to do is head over to the zero trust on the left hand side of cloudflare now of course you're going to have to set up an account here and I just want to make sure everyone's aware this is free everything we're doing here you don't need to have um have paid for anything but the only thing if you really want to go all the way with this um and host something you're going to need a domain name of course but in terms of the configuration of xero trust we don't need to spend any money at all so let's head over to xero trust now and here we are we're in the zero trust dashboard so what I'm going to do is actually go over here to access we're going to head over here and set up a tunnel so we're going to click on tunnels and what we're going to do here is go click and create a tunnel and as you can see here at the top here it's saying create a tunnel create a tunnel to connect HTTP web servers SSH servers remote desktops and other protocols safely to cloudflare that's exactly what we wanted to do we're wanting to connect our services we're running within our server to cloudflare so cloudflare can host them for us and make them accessible so we'll call this rack nerd because that is the server I'm using you can call it whatever you like just something descriptive so you know where the tunnel lives and as you can see here we've got a few options right we've got Windows Mac Debian Red Hat Docker um and what we're going to go with is Docker and this is why we need a Docker installed because it just gives us a really simple command to run and we can just copy this and paste it in but a little tweak we will want to do to this is actually um make sure we run this in detached mode so it runs in the background so it will continue to run if you just run this it will just be stuck on your screen and as soon as you close it it will stop the tunnel so that's the first tip and trick uh and I'll show you that but so this here this Heather just quick look at this command so we're doing a Docker run we're using the cloudflare and it's we're setting up our token now that token is unique for you for setting up your tunnel so don't go publishing this um and Source control or anything like that keep it private um this tunnel is not going to exist after this video so I don't mind showing mine uh so we'll copy it and let's jump back to our server right and our hyphen D there I'm running on sudo because I haven't added my user to the super users group yet well sorry to the docker group yet but it's all right right I'm going to hit enter it's going to pull down that image for us and it's all up and running so if we just do a Docker PS we can see that we have our tunnel now up and running now if you didn't add that hyphen D you'd have all of the logs and all of the activity of that container up on your screen as soon as you closed it your tunnel would stop we should be able to go back to cloudflare now and we should get a nice green tunnel showing all right so we're back on the screen it's very bright and we can see at the bottom here status connected very nice so if we hit next now we can start adding a service if we want we don't have any Services yet but what we could do is maybe quickly create um an Apache web server or something and we'll just see if we can expose this so let me quickly do that and then I'll do another recap so for this example let's just do a um oh let's just clear the top of it make it a bit easier to see this is a pseudo Docker run 80. and that will be nginx and we'll just run the latest bad practice to run latest but uh well we're just testing this is what happens when you don't run into touch mode you just get all the um information on the screen as soon as you close it it stops the container so as you can see here it's exited right that's what would have happened to you cloudflare tunnel if you didn't run it in detach mode so let's rerun that nginx container but this time and Detachment I've indeed added enter add container is up and running so essentially we should just have a basic web server running now and now how would we access this if this was on our home network we'd have to port forward we'd have to port forward Port 80 on our home network let someone know our actual home IP address to access this um and then go into a DNS provider and set up all the DNS and all the entries and so someone can actually access this over their domain name let me show you how it's done in cloudflare right so we're on the screen I haven't changed anything this is where it led us so what will we call this let's just call this um nginx example right and I've got four domain names and I can choose one so what I'm going to do is actually just choose McNugget because it's the best one locally right internally on my um machine it's HTTP but what carefully is going to do let's make sure we access that bad boy via https so that also handles that for you as well so what cloudfully is asking here is on your actual machine on your home machine on your internal Network what port IP address and Port do you use to access your nginx so what I can do is what I I'll come back to my Cloud Server I do an ipaddr let's see what that IP address is so it's this one here apparently this is apparently our IP address if I do a curl on that on port 8080 we got our nginx web server right we confirmed on our local Port that's how we access our web server and I think already because this is just the rack nerd and how their networking set up I could probably access that now to be honest so you're just confirming I can so the port that rack new give me because it's a Cloud Server I can already reach it over right though those ports are already exposed out of the box but most of the time it isn't so I'm just showing you that yes I can access this and this is running but when you were to check your IP address by running ipaddr that would have given you your local network IP address right it wouldn't have been a publicly resolvable IP address so the concepts that I'm showing here are still fully relevant it's just in this case this IP address is routable on the internet so in this case it doesn't matter though I'll paste that in as if it was a local internal IP address and I'm going to hit save tunnel so that's saving now so essentially what that's saying is hey I I have a service running on my machine on that port and I want to access it via the nginx example.mcnugget.xyz and it's saying hey look that's all been set up let's try hit that domain name and see if we can access it I was worried there for a second but I didn't put example I just put nginx there we go look at that we've had our server yeah and that's how easy it is to map a service there so and you can see uh it's actually it's very tiny small writing it's it says HTTP is here so we've connected and we can hit that just fine and now we've got our service exposed so now let's just do a bit of a backtrack come back to the full camera just to help explain this a little bit so what we've got here is we have our racknood Cloud Server okay sitting there had nothing running on it now think of this as if it was your internal home computer your server somewhere at your home whatever right you've got that sitting there we've installed Docker on it and again I'll make sure you've got those instructions in the description below so you can follow those now once you've got Docker installed we just went to cloudflare win to zero trust and then we've gone and created a tunnel right and what that tunnel has done is it's asked for you to create a container a cloudflare container on your machine which then has a token that will reach back to cloudflare and creates that tunnel and now it's created a secure connection between your home network and cloudflare okay so you've got that active tunnel there and we made sure we could see that it was active you've got that stable connection now what we've also now done is we've created a nginx container in this example and that runs on let's say 192.168.1.5 right on port 8080 because that's the port we set and all we have to do was go as you sing in cloudflare cloudflare just goes cool you you want to expose a service what domain name you want to give it okay cool and what's and how do I reach that service on your home network I just realized there's a cable in my face this entire time I apologize anyway um so all you need to do then is just say hey look here's the domain name here's the local IP address and Port that you can reach the service on cloudflare is already running as a container within your local network so it knows and can can connect to that Surplus and it's all good and then it's exposed and it's mapped to that domain name cloudflare handles adding the DNS entries for you I'll show you that in a second and you're all good to go and you can just as long as it's a it's a service like an HTTP service or an https service you can map it to cloudflare and expose it and this is the exact same way if you wanted to do NYX Cloud if you wanted to do nginx like we've just done anything you can host it like this as long as it's HTTP https things like Game servers and that are tricky and I don't believe you can do them but yeah so that has set up your or service exposed it's all running and now let me show you something like NYX Cloud right same sort of process let's run through that as well I want to make sure you really understand this and I also want to make sure I'm being as helpful as possible if you don't know I have a book stack that I make public so you can see any of the docker compose commands and anything like that I've run in my videos I'll have a link in the description for this if you're interested it's just where I use my compose files and whatnot um and what all I'm going to do is create a next Cloud instance I'm going to copy a compose file I already have head back to my server I'll make a directory of course next Club make a compose file paste it in and let me just fill in some details right so I've just filled in the values for my next Cloud if you're actually interested in knowing how to host nyxcloud with Docker I'll have a video for that that you can go check out so what we're going to do now is we'll bring this up so sudo Docker compose up hyphen d right so we have our next card all up and running now so essentially this is running on port 8080 right on the same port so if we run a curl now on the 8080 we should hit some sort of next Cloud text and as you can see there's a whole bunch of stuff here so this looks pretty good dad it's there's net Cloud up and running so create the uh the IP address to point to there so we want to add a new entry so we want to come into rack node we want to configure this now since this is running on port 8080 I'm going to clean up this one here I'm going to delete this so we can save that right so we've got that entry in there now and before we go to that I'll just show you how this DNS entries work like how it's adding it for us already just so you've got the context so if we go back here you can see cloudflare already adds the DNS entry for us so we don't have to worry about any of that but what we need to worry about now is making sure that that domain actually hits Mixcloud netcloud.mcnugget.xyz let's see what happens fingers crossed bam look at that we're in we've got we've got our username and password um so create an admin account we've got Nexus Cloud all up and running again if you're interested in seeing the installation process for next part I have a link somewhere but here we go we we're on the port right there um now you might have noticed something what do we have right now we have a publicly exposed you could access this right now if this was live and hit that and you could install my um uh you can sit the username password and Away you go so obviously you wouldn't want to expose it straight away that isn't the greatest ideas but just to recap really quick there is this is pretty much all all you really need to know for understanding how to expose your services using uh xero trust okay within cloudflare so this I hope this up to this point it makes sense if you need any more help with just trying to understand these Concepts ask Below in the comments I'm more than happy to help as you can see there's still a bit more of this video left so what I want to explain is you can actually add a layer of authentication on top of this that cloudflare zero trust provides you so you can have like a authentication page in front of this that you have to authenticate through before you can even get to the other login page or the service that you want so you can publicly expose services or having them locked down and I'm going to show you an example of this so an example of the authentication page I have my pie hole that I have set up exposed so I can access it wherever I want but I don't want to have to worry about trying to have VPN access and whatever to access the dashboard what I've done is I've exposed it and you can actually hit this domain name and what you will see is if I open up a private Cad and I type in pie hole tickdocks.nz make this full screen look at this you had a page don't you you need to be able to log in and I log in Via a GitHub method or via an email method but there's only certain accounts via that GitHub authentication they can actually log in and you can have Microsoft ad you can have a whole bunch of authentication providers having this access here so what happens is once I authenticate with here then I hit the dashboard to log in so now if I go into a browser that's not private you see I'm already authenticated so I can access it so let me show you how you can get that set up as well and as you can see I've just changed just as another test my next cloud is also behind it as well so again let's go and I'll show you how to set this up so coming back to our cloudflare dashboard we'll go back I'm going to go back into xero Trust we're going to go to access and what we're going to want is have our applications here okay and what we do is we go add an application and there's a few options that we get here but we're going to go with self-hosted because this is a service we self-host and now we just need to give the application config configuration a name so I'll call this nyxcloud um nugget because Mig maggot that's kind of where it lives right and now something cool what's the domain name for this we know the domain name it's nyxcloud big nugget and once we've got that in there what we can do now is then kind of scroll through we'll have a quick look so we can sit um you know custom icons and everything for this where it shows up but I'm just going to leave everything as default as you can see here it's going cool what identity providers do you want to use now you have to enable the identity providers before they show up here I'll show you that in a second but I have GitHub and my one time pin enabled and that's fine for me again I'll show you how you can add more to this list in a second if we hit next here now it wants a policy note that's fine use cloud nugget and we're just going to leave the defaults here now I also have a group which is the groups are essentially just a set of Base permissions I have um for this I'm just going to turn that off and then here I'm going to say that hey for the for the access only allows you an email address and I could put something like nicotic docs.nz right um I'll assign my group actually because it's got a lot of my good defaults and I'm what you're seeing here is kind of what my group already has kind of configured so I'll leave those as default not going to worry about any other stuff but feel free to have a play around and add as you need and these are the access control how long it is before you know people have to re-log in and whatnot I'm just going to leave all of this as default and not worry about any of it and I'm going to add the application now what happens if we try access Nix cloud mcnugget.xyz we get the dashboard I had to just um for clarification I had to create a private browser because cache but as you can see here we now have to log in Via our authentication method before this works so if I clicked on the GitHub it's going to ask me to sign in with my GitHub account right and once I sign up my GitHub account we'll be able to access the login screen or waiverware also as promised I said I was going to explain how you can add more authentication methods so if you just go into settings you can come down to Authentication and here we can add some new ones so if you go add new you can choose these ones as well sort of what sort of methods you want to use click them here they'll show up as a a way that you can configure it so let's say if I wanted to use Azure ID it shows me what I need to do to be able to configurate configure this as a authentication method for cloudflare in application ID secret all of that typical stuff especially for Azure ID and that would be for the same for the others you just configure them they show up as a method apply them you're good to go so I feel like this has been pretty thorough at least a bit more thorough than what my introduction video was of cloudflare I use cloudflare every day all the time as the zero trust and More in particular so generally when I say I use cloudflare a lot I'm talking about I use xero trust a lot um and since I use it so much it makes sense to make a video about it and kind of push it and let others know about it as well because I hear a lot of self-hostes in that they're trying to set up cloudflare oh sorry that they're trying to set up their self-hosted services and they're trying to expose it and whatnot and I'm just like just use zero trust it makes things so much easier um but yeah anyway that is the video I hope you enjoyed it um if there's any sort of clarification you need ask away in the comments I'm always answering comments uh when I can um so yeah ask away and I'm more than happy to help I hope you enjoyed the video um this one was a bit more exciting a bit more straightforward for me um but yeah anyway have a fantastic day have a fantastic week whenever you're watching this and I will see you in the next video goodbye [Music] thank you [Music]

Info

Channel: Techdox

Views: 27,377

Rating: undefined out of 5

Keywords: cloudflare tunnel, cloudflare tunnel tutorial, cloudflare, cloudflare tunnel setup, how to use cloudflare tunnel, cloudflare argo tunnel, cloudflare tunnel localhost, cloudflare tunnel guide, cloudflare tunnel vpn, cloudflare tunnel docker, how to uise cloudflare tunnel, cloudflare tunnel ssh, cloudflare tunnels, unraid cloudflare argo tunnel, cloudflare argo tunnel setup, using cloudflare tunnel, cloudflare setup, cloudflare secure tunnel, cloudflare dns

Id: gpWo94XXrhU

Channel Id: undefined

Length: 21min 45sec (1305 seconds)

Published: Sat Aug 19 2023