With regards to routing streaming services like Plex, Emby, Jellyfin, etc., here is the portion of CloudFlare's TOS that covers it: www.cloudflare.com/terms/#:~:text=2.8%20Limitation%20on%20Serving%20Non%2DHTML%20Content I'm trying to get more information about what service(s) need to be purchased as to not break TOS with CloudFlare.

I've been banging my head to overcome this with wireguard for days, then I reach this video and make it work within 5~10 minutes... Great job and THANK YOU!

Hey DBTech, really appreciate all you do for our community! Your channel was one of the main reasons that inspired me to become a content provider. Thank you for everything!

I already had my domain on cloud flare and I’ve been dreading setting up a reverse proxy and integrating to the CF proxy for just a home assistant instance. This was the answer I didn’t know existed!! Thank you!!!!

The amount of giddy I got when I accessed my self hosted stuff after disabling port forwarding... hoah yeah. HEH! THANK YOU!

A note for those doing this fresh, cloudflare takes up to 24 hours (or more) to verify new domain names, and during this time you will NOT be able to set up a self-hosted application. However you can do the rest of the instructions. Also if you use portainer the docker run command will show up if you run it in the host machine of portainer, so just do that. Trying to make a docker compose for this that exposed the right network correctly was a nightmare for me :D

This is a fantastic and thoughtful guide. I set out to do exactly this on a Raspberry Pi and your instructions worked flawlessly. Thank you for posting this!

I love this tutorial. Absolutely brilliant!! I spent the afternoon moving from NGINX to this service and switched off my port forwarding, which should lower and decrease my attack vector. Thanks again!

Thank you very much! This is what I was looking for, as I was always a little uncomfortable opening ports in my router. Despite using NPM, Fail2Ban and other helpers. Thank you for your effort!

Most important video you've done in a while. Just wish Cloudflare didn't have a monopoly on literally everything like this.

I really enjoy your videos - always cover the things most relevant to my interests!

Great video David, thanks Quick question: What to do with the services that need certificates to work, example adguardhome, since now that you have removed the cloudflare dns record, they cannot be requested by NPM. Thank you.

This exactly the type of solution I have been looking for! Thanks!

Hey David! I got this working.. kind of. All my devices keep sending IPv6 addresses, so just putting my IPv4 in like you did at 13:10 doesn't work for me, it returns the access forbidden page. The tunnel works, but I have to keep adding new v6 addresses to the policy every time my PC or phone decides to change or add a new one. Any way to "prefer using IPv4"? My v4 hardly ever changes.

I'm trying to configure cloudflare zero trust with traefik, and I can't manage. Did someone manage? If so, which address is pointing the tunnel to, as no ports are exposed? On the other hand, with nginx I have no problems.

I'm trying to do this on unraid and everything gets set up but I keep getting a bad gateway error and the log says: "ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: x509" Can't seem to figure this out.

Excellent video. One question though - CloudFlare has a container that let's them know if your home ID has changed, so that they can always point the domain to the correct server IP. Is it possible to use that mechanism to restrict access to your sites to whatever is the current IP address that your ISP has given you?

Things like this is exactly why I love cloudflare

Thank you very much! This was exactly what I needed. Keep up the good work

Love you man! Great video as always.

how about dynamic ip ? with this method the ip will be autoupdated ? EDIT: Worked fine with dynamic ip, i suggest to install the cloudflared docker on vm or lxc that contain Portainer, it will automatically show on portainer dashboard and it's easy to stop & restart it

QQ. After setting up the docker container and making the connection with cloudflare, how can maintain running? If I ctrl+c out of the 'docker run . . .' in the terminal, the connection servers and am unable to use the tunnel anymore

Got this working for Unraid web GUI. But how to configure for nextcloud docker as its showing bad gateway?

AWESOME! Thank you, David! I’m off to implement this!

Ive followed this a few times yet always come to the same Error 502 bad gateway. Showing browser and cloudflare working but the host is not. Any thoughts on what the cause might be?

Hi do you have to put the couldflare into the directory folder as your docker for your website ?

Thank you for this awesome tutorial! I just have a question - does this eliminate the need for nginx proxy manager totally?

Got it to work. Wanted to know how I would get this working with Authelia?

I have followed this guide to share my Jellyfin server, but the download speed from the tunnel cap at 300KBps, streaming 1080p videos is always buffering every 1 sec

Hey buddy, I’m going back to this video to see if there was a hint on how to host all applications using one tunnel. I had to instal 6 different containers to host each one of my dockers without open ports. It’s possible that you can point me on what I have to do to just use one instead of a separate one per application. Thank you.

I have been using this solution for just over a month now, and it works perfectly. However, how do you update the docker containers to the latest cloudflared version? My containers are all complaingin they are running on an old version. How about a tuiturial on that :) ?

Could this be used to remotely view/access cctv nvr?

yes yes YES YES . This is what i needed. Amazing !

Hi, I have followed this method. Hosting OMV on RPi 4. But only http tunnels are working. SMB is not working. SSH is working if it is browser rendered. Not working in SSH client. Please help. I have spent lots of hours but couldn't figure out. Please show how to tunnel SMB.

I'm stuck at the public hostname page for the server tunnel 6:39. I'm not sure what my service url is. Is it the same IP that I use to SSH to it? I'm also unsure of the port number that you place after it. I'm using an Ubuntu server. Sorry about the noob question; this is all a learning experience for me :)

why returns " no matching manifest for linux/arm/v7 in the manifest list entries" What can I do to solve it. I am trying in a pi.

When I want to install by the command from the Cloudflare, it says "docker: no matching manifest for linux/arm/v8 in the manifest list entries." :(

What are the pros & cons of doing it this way vs your other guide (cloudflare+nginex)?

do you know how to set it up with support for websocket?

Hi sir, I'm building a TrueNAS right now. I'm not really good at this networking thingy. Right now, I do have NGINX Proxy Manager (for nextcloud) set up. So if I decided to use Cloudflare Tunnel, I don't need NPM anymore? I can just connect cloudflare to docker and point it to portainer which contains nextcloud, some web project? Thank you in advance

is there any tuts for docker/portainer?

So I learned to use nginx for nothing! Great find. Any benefits to using this method over nginx? Or is it just not needing any ports open?

quick question! you added the port 6999 for specific service on the same docker instance where cloudflare container is running. what if I want to use another VM with different IP and port (in my case homeassistant ip x.x.x.20:81234)?

Thank you for all of your work…your videos have been such a help in getting my home nas running well. This video is extremely welcomed as I’d like to not forward any ports if possible. Ill definitely be trying this out….Can i use a synology domain name?

Even with the help of this video, i still have trouble setting this up. I can only get the / path to work. Anytime i add a path after the domain it returns a 404. Also, i don't understand what the application is exactly. Why do we both add a Tunnel AND an application? Should applications just be considered a firewall, and tunnel considered an app?

I just installed a fresh install on my RPI 4 B 2022-04-04-raspios-bullseye-arm64.img.xz . But when I go to install cloudflare/cloudflared:latest I get docker: no matching manifest for linux/arm/v7. Can you help??

did you ssh and install the tunnel on OVM or straight to Proxmox? Any idea what would be the implications of each approach?

Thanks, you can use this tunnel to bypass cg-nat and access from outside?

How is the tunnel's Docker container updated? Automatically? Manually? Watchtower?

doesnt this break TOS? Is there a way to use this service without breaking TOS?

I have been looking for an answer to this for days, and I cant seem to figure it out ... I am pretty tech savvy (I was an electronics tech. in the navy) but I am really teaching myself the networking side of things for a sort of hobby. I am trying to set up jellyfin to be remote accessible through an unraid server. What IP address do I use for my external IP to set up the tunnel through Cloudflare? Do i also use this to set up the record? I actually used your guide last night and got it working, security check application and all, but this morning the tunnel wasn't working again. I'm sort of assuming that I used the wrong IP address, or I used an IP address that is no longer relevant. I guess the root of my question is this: does the unraid server have it's own IP, or do I need to use the IP of a docker container? Is there a specific container I need to install so that there is a static IP? or do I just use the ip of the jellyfin server? Do i need to just force the jellyfin container to ahve a static IP? Am I skipping some ultra-basic step here that I am going to kick myself for not understanding? Last night I just used the IP address listed in the Jellyfin docker info, and honestly I was sort of surprised that it worked, and I'm also not really all that surprised that it no longer works. What is the best way to do this? I feel like I've been watching hours and hours of tutorial, and at the point of setup where you need to enter an IP to create a record or a tunnel, everyone just says "just put in your IP" and I'm like, "WHAT IP?!?!?!"

I successfully set up a tunnel. The only issue I have is that it redirects to my domain with the port number shown. I can't seem to find any information on this. Any ideas?

Hi, Me again :) Do you know if i Cloudflare Tunnel will allow to set up subdomains for different local IPs instead of being one Docker IP. Example, i would like to have DOMAIN pointed to local_ip_1 but subdomain like plex (dot) domain or cloud (dot) domain to point to local_ip_2

Thanks I just learned about tunnels and zero trust so this will get me up to speed ligthnig fast.

I’ve sent this to so many people since starlink became available in our area. Have you ever considered a video targeting CG-Nat especially Starlink and fixed wireless internet?

Would this work to access VMs? Either over noVNC or the Spice protocol?

Great video David, thanks Quick question: Does anyone have any issue when UFW is enabled ? (Digitalocean's Docker instance works flawlessly without UFW enabled, but cannot access with UFW enabled) Thank you.

Are you still using Nginx-Proxy-Manager with this solution, or does this solution eliminate the need for that component? My other question is do you have a separate cloudflare tunnel for each server where you have services that are exposed to the internet?

Alright, so that Cloudflare isn't an option, what would be a decent option? Tailscale would be a good one, but I don't want to have to connect to Tailscale every time, since my phone can only have a single tunnel at once. Would Tailscale work without connecting to the tunnel on the client? What would be a better option?

So.. with these tunnels, could you tunnel into an Nginx Proxy and maintain all the SSL Certificates? I am administrating a server at my Brother's house remotely (900 miles away), and he wants NextCloud. His internet is on Starlink, and they don't have any way to port forward. I tried to get SSL's to work over SSH tunnels maintained by the autossh docker image (which is how I remotely access his server), but I couldn't get it to work. If I could get reliable remote access for him, then I could open up a bunch of different services that he could use.

Good work as always!

do i need to do https when the pad lock is working? pros cons? how to do it as https and disable TLS 1.0

I like to know how use a path like db3tech/path, i tried simple put in public hostname setup but gives me 404 error

Great Stuff - I will try it on my Pi first then I want to add it to my contabo vps. For that I wonder if I added FW to block all trafic will it still let the Cloudflare access tunnel through?

hey 1 question. I have want to setup nextcloud on my old pc. Now my question is which ip I have to give tl tunnel. local ip in router or my router ip?

When trying to deploy I get Unable to find image 'cloudflare/cloudflared:latest' locally> Any thoughts or suggestions?

Hi There, if is possible use Cloudflared and TVHeadend Streams ?

Very informative as always, thank you for your hard work.

Are there going to be services that it would be better to run through something like NGINX rather than this method?

Does this method still require SSL certificates being created? Im pretty new to this stuff.

Wonderful ... So well explained 😀✌... Thanks a lot 🙏.

I'm sure I'm missing something obvious, but what do I need to do so that it will auto-start? I think I need to add the restart policy, but I'm not sure where I add it in the copy/paste I get from cloudflare. Any ideas? --restart unless-stopped

Hi David, can you please explain what is the advantage/differences between this and using Taiscale. Thanks.

can we go through cloudflare zero trust tunnel to NGINX Proxy for multiple domain?

YES, now I can do so much more with my websites and servers!

This is great! I can now access all of my HTTP services through Cloudflare tunnel, however, I am having issues with Wireguard. Is it possible to connect to my wireguard server through a Cloudflare tunnel? If so I haven't gotten it to work yet. :/

Great video David! Can you do a video with Jellyfin on OMV6 in a cloudflare tunnel with all the paths?

Hey, this video is fantastic! Although, I’m just wanting to make sure, with this process, you can for a fact access your media from outside of your home network. For example, if my home server was located in California, and I went to New York, could I still access my media through the domain? Another question I have is, can this be used for Jellyfin? If not, what’s the reasoning?

Thank you for your content. Its really helpful and to the point no filler. I have a question for you. I was able to follow your tutorial on setting up the tunnel but I can make post requests to my url. I have tried to figure it out with no luck. Do you have a video or recommendation to fix this? Thank you.

This is amazing. Will certainly be trying it out. Is there a way the allowed IP can automatically be updated, as I don't have a fixed IP with my ISP. Thanks

Great video. I see a lot of videos saying you need nginix along with CloudFlare tunnels. What is the difference and do you need them both actually? Sounds like a secure tunnel would mean a reverse proxy is not needed.

Great great video. Service works except ssh into my synology hosting the containers. I have not tried rdp or other tcp ports, but ssh not working is stumping me. Any ideas?

Does this only work when your home router has a public address assigned by the ISP modem or can it work when the internal router has a private ip from the modem?

I'm not sure about this under their tos. "you hereby grant us a non-exclusive, fully sublicensable, worldwide, royalty-free right to collect, use, copy, store, transmit, modify and create derivative works of Customer Content, in each case to the extent necessary to provide the Services." The problem with this, is they can claim all your content necessary to provide service.

Would this work with the domain name provided by TPLink Deco?

Hi sir I have an hp server installed windows server on it. I’m using some applications that users can connect to those through port forwarding. Im interesting to know whether I can use your method instead of port forwarding for my apps or this way is special for cloud based servers?

I’m on cgnat, can cloudflare tunnels allow hosting a vpn access? I can’t figure it out.

I'm using a windows 11 box. You are showing container list but you don't show how to get there. I have no idea where to go from here.

I'm a bit late to the party, but what options (Cloudflare or not) are available to pass through IMAP and SMTP ports?

Great video, thanks! I am using DNS Made Easy as my name server. Do I need to switch to Cloudflare DNS for the tunnels to work or can keep my existing NS?

Great method. Will this allow iOS apps or non browser access work like home assistant or nextcloud?

very cool @DBTechYT !! Do you (or anyone else) know is this also works with running your app inside Kubernetes? Would you need to expose the cloudflare agent or your app with a ClusterIP or NodePort?

@DBTech if this feature is enable do you still use authelia?

QUick Qestion, If that does work flawless then whats the purpose of usinf Ngnix Proxy Manager?

Fantastic Video, immediate subscription

Greetings my fellow Canadian ! It seems that every time I restart my computer, I lose the the data. How could I make it "persistent." If that's the correct term?,

thanx for the Video! how can i tunnel "rustdesk" it needs a lot of Ports 21115-21119? any idea?

Hi can you make a tutorial how to connect ssh using cloudflare without opening ports?

Great video, can you please show how to setup and use RDP with cloudflare zero trust. Thanks

is there any service can use for VPN ? like accessing HomeLab server using VPN without port forwading ?