Cloudflare Zero Trust Tunnel Guide: Exposing Self-Hosted Services Safely

Рет қаралды 27,353

Күн бұрын

Welcome back to Techdox! Are you eager to make your self-hosted services accessible without the hassle of traditional methods like port forwarding or VPNs? Look no further! In this tutorial, we're diving into the world of Cloudflare Zero Trust Tunnels to show you how to effortlessly expose your self-hosted services to the world, all while maintaining top-notch security.
Join us as we guide you through the process of setting up a Cloudflare Zero Trust Tunnel. Whether you're a self-hosting enthusiast or a tech aficionado, this guide is tailored to help you achieve seamless accessibility and robust security.
Learn how to create the tunnel, establish connections, and implement Zero Trust authentication - all without the need for complicated port forwarding or VPN configurations. It's time to make your self-hosted services readily available to your audience while keeping your network safe and sound.
Don't forget to like, comment, and subscribe for more enlightening tech content! Have questions or thoughts? Drop them in the comments below.
🔥 Check out these incredible VPS deals from RackNerd! 🔥
768 MB KVM VPS Special: Just $11.88/year 🌟
Details: my.racknerd.com/aff.php?aff=5...
1 GB KVM VPS Special: Only $14.98/year 🚀
Details: my.racknerd.com/aff.php?aff=5...
2 GB KVM VPS Special: $20.98/year for advanced needs 💪
Details: my.racknerd.com/aff.php?aff=5...
Looking for more options? Explore RackNerd's offerings and find what suits your needs! 💼
Details: my.racknerd.com/aff.php?aff=5792
Links: docs.docker.com/engine/instal...
Timestamps:
00:00 Introduction
01:49 Preparing the RackNerd Server
03:10 Installing Cloudflare Zero Trust Tunnels
07:30 Exposing NGINX
12:45 Exposing NextCloud
15:30 Enhancing Security with Zero Trust Authentication
20:19 Conclusion

Пікірлер: 83

@goldenvoiceofnepal Ай бұрын

tunnel now live under Networks not Access in cloudflare if anyone is wondering

@Techdox Ай бұрын

Thanks for that, yeah that’s tech for you. Always changing haha

@iidg 7 ай бұрын

Worked so hard didn't work, searched everywhere and didn't find the information i needed. But in this video i got everything i wanted! THANKKSSS!

@Techdox 7 ай бұрын

Glad I could help! :)

@jpb2085 6 ай бұрын

Fantastic video, just what I was looking for. Subbed!

@krishrong2560 9 ай бұрын

Easy to understand explanations. It works! Thank you.

@Techdox 9 ай бұрын

Glad I could help :)

@NandorKatai Ай бұрын

Thanks for this overview; it is very helpful.

@danarj5713 5 ай бұрын

this cloudflare feature is amazing

@ksoonsoon 9 ай бұрын

Well done. From the Duke of Dockers!! 😊

@Techdox 9 ай бұрын

Thank you!

@nathandtanner Ай бұрын

Thanks for explaining so clearly. You are very helpful

@Techdox Ай бұрын

You're very welcome!

@ImranRaja-xz5wm 2 ай бұрын

doing tunnel will it have any effect on bandwidth let see my home has 200mb up/down limited tunneling to do on Cf do it originally getting more bandwidth now from cloudflare or tunneling is just to mask and secure ur home ip

@TG09 9 ай бұрын

Nice mate 👍

@Techdox 9 ай бұрын

😊

@samg1205 2 ай бұрын

What if you want Zero trust working with apps like Audiobookshelf to connect to Audiobookshelf server? The web login via authentication is fine for web based services but not apps. Is there a way to have a cloudflare app or service running on device trying to connect that will authenticate the device with Cloudflare and then allow connection for apps?

@TheMrBazil Күн бұрын

You show to use tunnel with docker of nginx. And i have question i don't see any valid reason to use tunnel when you after that use nginx which is anyway proxy pass + use cloudflare in front to protect ddos etc. Can you or someone explain if it's worht to use tunnel if i use anyway nginx to pass forward request?

@s83453 9 ай бұрын

Excellent video, loving the channel👍. How would it work with VaultWarden or similar app which can't log in with the IDP web portal? Do you just expose it without that IDP part, while using the other Zero Trust settings like whitelisting country IPs?

@Techdox 9 ай бұрын

In your application setting you can setup a new policy with a bypass rules based off location, IP etc which will completely skip the cloudflare auth. For example my Nextcloud app on my phone would get stuck trying to reach my service because of the Clouflare Auth page, having the bypass fixes that. I hope that was your question haha

@techcodenet 5 ай бұрын

@@Techdox related to other top comment/question ... Assuming you don't care about option to allow someone to access your Nextcloud install without setting up "VPN" (say for your parents that have gmail/facebook and can login through that) - it seems like TailScale on your phone and server with nextcloud instance would work for games/apps/etc.

@bosse1478 3 ай бұрын

What ports need or not need to be open in the fierwall for the tunnel? Today I have 80 and 443 open and pointing to my pihole and from pihole are some directed to npm.

@Techdox 3 ай бұрын

You shouldn’t need to open any ports, it will run via 443 I believe which should be a standard port that’s open

@BabHoLee 6 ай бұрын

Thank you for your nice works. I have some questions. 1. How much cloudflare turnel's network traffic price? (ex. AWS EC2 is '0.117$ per 1TB) 2. Can we use this as IP also? (Not domain) I hardly have found this, but I can't find it)

@Techdox 6 ай бұрын

I could be wrong but Cloudflare tunnels are 100% free and there is no cap on traffic going through. You could use Cloudflare WARP which is a VPN to your services if you wanna connect via IP and not a domain name

@ricgondo 8 ай бұрын

Thanks!

@Techdox 8 ай бұрын

Thank you so much ❤

@timsavory9718 5 ай бұрын

Thanks for the video. If i expose qbittorrent using cloufare then presumably i still need to froward the TCP port (eg 6881) on my router?

@Techdox 5 ай бұрын

That's the great thing about Cloudflare, not port forwarding needed. Just expose the UI port to access it via Cloudflare and that's it

@timsavory9718 5 ай бұрын

@Techdox the TCP port (eg 6881) is used for incoming connections (for seeding) on qbittorrent. If not part forwarded some how then will it ever seed? Thanks

@Techdox 5 ай бұрын

Interesting, I have not needed to open any ports for my container to seed etc, give it a go and see without port forwarding and let me know how it works@@timsavory9718

@ritikbansal137 2 ай бұрын

Can i use my synology nas. And can i use that nas’s nfs storage for recording my nvr outside my home network with or with a public ip.

@Techdox 2 ай бұрын

Yeah, Synology NAS should be fine, just run the tunnel via Docker. Also, the NAS storage via Public IP I would need more details on the setup

@alagappank6813 9 ай бұрын

Hi Man, So after u install the tunnel command in docker , I need more information on this whats the next step do you have any documents fot this pls thanks

@Techdox 9 ай бұрын

You should be able to follow the steps I took on the video, once you have the tunnel running it should show as active in Cloudflare. Then you can setup your tunnel to expose your applications

@timsavory9718 5 ай бұрын

Thanks again, i also host a mail server on my NAS, will cloudfare block it?

@Techdox 5 ай бұрын

Cloudflare only has access to what you give it access to, any existing services won't be touched by Cloudflare

@Juslife. 23 күн бұрын

And when I host an matrix server and want to publish it with an cloudflare tunnel, do I set it up the same way shown here?

@Techdox 22 күн бұрын

That’s right :)

@vishvak8597 4 ай бұрын

Hey! Just wanted to know how did you get those domain names? And where can I get them? If yes, where are the paid ones and few ones? How can we map it with cloudflare!?

@Techdox 4 ай бұрын

I bought most of these via Cloudflare itself and doing that it shows up in Cloudflare as an option to use them

@krews2 4 ай бұрын

Question I got everything to work, but on the padlock after I login it has a warning: Parts of this page are not secure (such as images). I see the error on Firefox, but not Google Chrome.

@Techdox 3 ай бұрын

Interesting, I don’t use Firefox but worth looking into. Did you find any answers so far?

@krews2 3 ай бұрын

@@Techdox I am guessing it is because it used http for the ip address to connect to the local server and that is why there is a warning about mixed parts not secure. Anyway I am going to use proxmox and install a virtual machine for the Ubuntu server. I will see if the error still persists.

@SchoolforHackers 3 ай бұрын

Your site is drawing resources from outside sources like Google fonts, but provided over http rather than https. W3 resources, for instance, often get hard coded as http. Find those references, make sure they can be accessed over https, and update your code. Fun, fun!

@ricgondo 8 ай бұрын

Wow, nicely done! I was able to expose my nginx as well! Can I do the same for my ssh server?

@Techdox 8 ай бұрын

Hey! Thanks for being a member! Yes you can also expose SSH as well :) just like you can select HTTPS etc there is an option for SSH :)

@ricgondo 8 ай бұрын

@@Techdox I don’t know why, but my SQL Server and SSH connections are not working, any tips 😝?

@Techdox 8 ай бұрын

@@ricgondo so you are trying to SSH into a server with Cloudflare and it’s not working? I might need some more context but there’s two things here. Cloudflare tunnel will allow SSH via their tunnel but if you want to be able to connect to your services like normal via ssh from your terminal etc, you can use Cloudflare WARP, it’s a client you download on your pc and acts as a VPN for all your services

@ricgondo 8 ай бұрын

@@Techdox I was able to expose the Nginx just like you did via docker... then I also installed a SQL Server docker, which can be accessed internally but after adding it to the Cloudflare tunnel Public Hostname like the Nginx in your video, I'm still not able to access it. The same goes to the SSH. Thanks!

@Techdox 8 ай бұрын

So focusing on the SQL server first, when you say access it you mean accesing it via it's public hostname via something like SQL management server? - I'm not sure if you have Discord but feel free to join it, it might make it easier to chat :) - discord.gg/m6ZMZkPBUG

@conqourerx1 Ай бұрын

Hi please help me I am not understanding what is the zero trust plan for if I choose free plan does it limit my website user limit

@Techdox Ай бұрын

Hi, no the free tier does not limit website users. Your zero trust users within Cloudflare is limited to 5 I believe

@conqourerx1 Ай бұрын

@@Techdox Oki thanks 🙏

@user-gf7xk7wv7x 3 ай бұрын

Hi can i use another programm besides docker a need a tunnel for my mac high sierra 10.13 and i cant install docker

@Techdox 3 ай бұрын

Yeah in the zero trust screen where you see the steps for setting up the tunnel they have more options that just docker for a tunnel

@user-gf7xk7wv7x 3 ай бұрын

@@Techdox thank you ,for you kindness

@Pasukaru0 10 күн бұрын

How do I get this working for UDP?

@-JesusM- 2 ай бұрын

Don't forget to set it to autorun after the machine turns on

@alessiodefilippo4177 8 ай бұрын

when I sweat "docker ps" it doesn't show me what you show in the video, it offers me to download two

@Techdox 8 ай бұрын

I know I am a bit late, but what is the actual message?

@eric-ut9mi Ай бұрын

hey man, why doen cloudflare keeps going down, it is not consistently connected, only last for less than one hour, but i need consistent nad permanent connection, what should i do my friend , thanks

@Techdox Ай бұрын

Ii will stay up as long as the host stays up, where is it runnign and do you restart the host often?

@eric-ut9mi Ай бұрын

@@Techdox the http serve runs on a linkstack docker, and my host server keeps running all the time, but the tunnel just keep going down, i don't know why

@Alcatraz2k 7 ай бұрын

Can you use Authentik as an identity provider?

@Techdox 6 ай бұрын

I just checked the list and could not see it there

@Alcatraz2k 6 ай бұрын

@@Techdox I guess it would work with the Generic SAML 2.0 option?

@Techdox 6 ай бұрын

Yeah, doesn’t hurt to find it a shot :)

@courtney727ray 5 ай бұрын

Does this help to hide the IP address of the site?

@Techdox 5 ай бұрын

Yeah, this will show up as Cloudflare IP addresses, not yours

@courtney727ray 5 ай бұрын

So, perhaps this will help protect against DOS attacks such as hotlinking?@@Techdox

@abdshk313 9 ай бұрын

make windows 10 Cloudflare Zero Trust Tunnel Guide

@Techdox 9 ай бұрын

The process is the same besides the tunnel setup which you can still do via Docker or you can install following their windows steps. The rest is still identical

@whopua 7 ай бұрын

This worked for about 1 minute then I suddenly got a ""the plain http request was sent to https port"" error. I can't resolve it.

@Techdox 7 ай бұрын

What are you trying to expose?

@whopua 7 ай бұрын

@@Techdox My Nextcloud docker on unraid. I tried the tunnel with http and https. One said the error above. If I changed it I got that cloudflare screen with server down.. I'm using nginx proxy manager if that makes a difference. It's fine if I just have is as a regular A name so I guess I'll leave it at that.

@ksoonsoon 9 ай бұрын

Selfish show idea. Install every single bitcoin node software option available!!

@Techdox 9 ай бұрын

I think at some point they are all the same just a different UI haha