Skip to content

CloudFlare Tunnel

Prerequisites

For exposing self-hosted applications to the web, you will want to purchase a domain name.

After puchasing your domain you need to add it to CloudFlare. Cloud flare will instruct you on changing the name servers of your registered domain.

Cloud Flare Websites

Cloud Flare Add

Cloud Flare Free

Cloudflare when then scan for DNS records.

Hit continue to activation.

CloudFlare will then provide you nameservers. You will need to change the nameservers for your domain at your registrar.

For AWS, go to Route 53, then Registered domains. Click on the domain that you want to route to CloudFlares servers.

AWS Name Servers

Give this about 24 hours to update. You will then see your website in your Websites in CloudFlare.

Zero Trust Tunnel

Click on Zero Trust. Click on Networks, then Tunnels.

Click Create a tunnel.

Create a Tunnel

I use the recommended Cloudflared tunnel.

Give the tunnel a name.

Docker is a very easy method for installing the CloudFlare tunnel onto your server if you already have Docker installed. If you are not installing Docker, run the commands for your operating system to install CloudFlare.

Now that you have your tunnel activated, let's add a Public HostName. Click on your tunnel, then click Edit. Then click the Public Hostname tab.

Add Hostname

You should be able to select the domain that you previously routed to CloudFlare. You can add a specific subdomain per app as well. The type will be HTTP and the URL will be the local IP address of your server and port that the app is routing on. This is how you would connect to the app on the local network and is exactly how the CloudFlare tunnel is connecting to the app now that it's in your network.

Congrats! Your app is now available on the web!

Adding User Access

Cloud Flare also makes it easy to add access controls to your self-hosted application.

Zero Trust

Zero Trust

You will configure an application name, and provide the domain name for the application. This is the domain that you previously set up. For me this would be nexus.wildebeastmedia.com.

The default Identity Provider is a One-time PIN, but you can set up other identity provides such as Google.

Comments