Access Your Self Hosted Services WITHOUT Port Forwarding

Рет қаралды 131,150

2 жыл бұрын

Today's video is sponsored by Linode!
Sign up today and get a $100 60-day credit on your new Linode account, link is in the description.
🔗 dbte.ch/linode
/=========================================/
For more than a year we've been talking about using a reverse proxy to access your self-hosted apps via a domain name.
In this video we're going to take a look at setting up remote access to your self-hosted applications with CloudFlare Tunnels. Using CloudFlare Tunnels allows us to create an encrypted connection between our server(s) and CloudFlare without the need to forward any ports.
Prerequisites
We only need 2 things to get things set up (aside from our Docker server and self-hosted apps):
1. A domain name from your favorite registrar
2. A CloudFlare account
Resource links:
✅ dash.teams.cloudflare.com/
✅ hub.docker.com/r/cloudflare/c...
✅ dbt3ch.com/books/access-your-...
Get early, ad-free access to new content by becoming a Patron or signing up for the members' only website!
✅ / dbtech
✅ dbtech.fans/
✨Ways to support DB Tech:
✅ / dbtech
✅ www.paypal.me/DBTechReviews
✅ ko-fi.com/dbtech
✅ Cashapp: cash.app/$dbtechyt
✅ Venmo: venmo.com/dbtechyt
/=========================================/
The hardware in my recording studio is:
✔ Lenovo ThinkPad T580 i7-8650, 512GB NVMe, 32GB RAM (Bought used on eBay)
✔ Panasonic LUMIX G7 4K Digital Camera: amzn.to/3IGEOcb
✔ Lenovo 4K Display: amzn.to/3nzuo5N
✔ Neewer Lights: amzn.to/3nZcoSX
✔ Light Power Supply:amzn.to/3Konpqf
✔ 55" Gaming Desk: amzn.to/3AkgHgw
✔ Sabrent USB-C Hub: amzn.to/3qFcwbV
✔ Das Keyboard 4 Professional: amzn.to/3G9rPxM
✔ Eutuxia Type-S Black Tempered Glass Monitor Stand: amzn.to/33VgyEg
✔ Fuqido Big and Tall Gaming Chair: amzn.to/3IGegrq
/=========================================/
✨Find all my social accounts here:
✅ dbte.ch/
✨Ways to support DB Tech:
✅ / dbtech
✅ www.paypal.me/DBTechReviews
✅ ko-fi.com/dbtech
✅ Cashapp: cash.app/$dbtechyt
✅ Venmo: venmo.com/dbtechyt
✨Come chat in Discord:
✅ dbte.ch/discord
✨Join this channel to get access to perks:
✅ / @dbtechyt
✨Services (Affiliate Links):
✅ Linode: dbte.ch/linode
✅ PrivadoVPN: dbte.ch/privadovpn
✅ Digital Ocean: dbte.ch/do
✅ Bunny CDN: dbte.ch/bunnycdn
✅ Private Internet Access (PIA) VPN: dbte.ch/piavpn
✅ Amazon: dbte.ch/amazonaffiliate
✨Hardware (Affiliate Links):
✅ TinyPilot KVM: dbte.ch/tpkvm
✅ LattePanda Delta 432: dbte.ch/dfrobot
✅ Lotmaxx SC-10 Shark: dbte.ch/sc10shark
✅ EchoGear 10U Rack: dbte.ch/echogear10u
The hardware in my current home servers:
✔ Synology DS1621xs+ (provided by Synology): amzn.to/2ZwTMgl
✔ 6x8TB Seagate Exos Enterprise HDDs (provided by Synology): amzn.to/3auLdcb
✔ 16GB DDR4 ECC RAM (provided by Synology): amzn.to/3do7avd
✔ 2TB NVMe Caching Drive (provided by Sabrent): amzn.to/3dwPCxj
✔ TerraMaster F5-221 (provided by TerraMaster)
✔ 5x6TB WD Red Plus NAS: amzn.to/3LnbPvC
✔ 8GB DDR3: amzn.to/3kfLTX3
✔ TerraMaster F4-423 (provided by TerraMaster): amzn.to/3kjUms5
✔ 16GB TEAMGROUP Elite DDR4: amzn.to/3MzzFV9
✔ 512GB Silicon Power NVMe Caching Drive: amzn.to/3MzkBae
All amzn.to links are affiliate links.
/=========================================/
Remember to leave a like on this video and subscribe if you want to see more!
/=========================================/
Like what I do? Want to be generous and help support my channel? Here are some ways to support:
✅ Patreon: dbte.ch/patreon
✅ PayPal: dbte.ch/paypal
✅ Ko-fi: dbte.ch/kofi
/=========================================/
Here's my Amazon Influencer Shop Link:
✅ dbte.ch/amazonshop

Пікірлер: 503

@DBTechYT 2 жыл бұрын

With regards to routing streaming services like Plex, Emby, Jellyfin, etc., here is the portion of CloudFlare's TOS that covers it: www.cloudflare.com/terms/#:~:text=2.8%20Limitation%20on%20Serving%20Non%2DHTML%20Content I'm trying to get more information about what service(s) need to be purchased as to not break TOS with CloudFlare.

@accelmr5926 2 жыл бұрын

Someone already knows this? I'm a bit paranoid of getting banned.

@zlatizlatev8632 2 жыл бұрын

Hey again, Do you have any updates here? Thank you in advance!

@DBTechYT 2 жыл бұрын

@@zlatizlatev8632 unfortunately nothing more than is on their website

@zlatizlatev8632 2 жыл бұрын

@@DBTechYT I guess that means we shouldn't use this for Plex or Emby, right?

@DBTechYT 2 жыл бұрын

@@zlatizlatev8632 Based on their terms, that's correct

@dizaster777 Жыл бұрын

I've been banging my head to overcome this with wireguard for days, then I reach this video and make it work within 5~10 minutes... Great job and THANK YOU!

@DBTechYT Жыл бұрын

Glad I could help!

@synacktime 4 ай бұрын

Hey DBTech, really appreciate all you do for our community! Your channel was one of the main reasons that inspired me to become a content provider. Thank you for everything!

@pevlabs Жыл бұрын

This is a fantastic and thoughtful guide. I set out to do exactly this on a Raspberry Pi and your instructions worked flawlessly. Thank you for posting this!

@DBTechYT Жыл бұрын

Glad it helped!

@jpmiller25 Жыл бұрын

I already had my domain on cloud flare and I’ve been dreading setting up a reverse proxy and integrating to the CF proxy for just a home assistant instance. This was the answer I didn’t know existed!! Thank you!!!!

@DBTechYT Жыл бұрын

I'm glad the video was helpful. It took me a bit to wrap my head around so I'm glad I was able to help others :)

@JustinLondagin Жыл бұрын

It's even easier with Home Assistant. Use the Cloudflare Add-On, add a few lines of code in HAOS, and done.

@GlenCavanaghNH Жыл бұрын

The amount of giddy I got when I accessed my self hosted stuff after disabling port forwarding... hoah yeah. HEH! THANK YOU!

@DavidBlankenship Жыл бұрын

I really enjoy your videos - always cover the things most relevant to my interests!

@DBTechYT Жыл бұрын

Awesome!

@aaronplayzdagamer 2 жыл бұрын

This exactly the type of solution I have been looking for! Thanks!

@FuscusNox 2 жыл бұрын

Thank you very much! This is what I was looking for, as I was always a little uncomfortable opening ports in my router. Despite using NPM, Fail2Ban and other helpers. Thank you for your effort!

@DBTechYT 2 жыл бұрын

Glad I could help!

@trapOrdoom Жыл бұрын

NPM? What exactly does the package manager do to boost security? What other helpers do you use? Other than UFW?

@FuscusNox Жыл бұрын

@@trapOrdoom „NPM“: Nginx Proxy Manager.

@latesthollywood3745 Жыл бұрын

By using this method opening port 80 is not necessary for making wp site available outside the LAN?

@Alex-lp6bg Жыл бұрын

@@latesthollywood3745 was thinking the same question

@astronemir Жыл бұрын

A note for those doing this fresh, cloudflare takes up to 24 hours (or more) to verify new domain names, and during this time you will NOT be able to set up a self-hosted application. However you can do the rest of the instructions. Also if you use portainer the docker run command will show up if you run it in the host machine of portainer, so just do that. Trying to make a docker compose for this that exposed the right network correctly was a nightmare for me :D

@ankitk3487 Жыл бұрын

I directly run docker run command in my machine. I have portainer setup. Should I go thorough that? Also, cloudflare is taking more than 24 hours. Is it expected?

@paulefde2168 Жыл бұрын

Thank you very much! This was exactly what I needed. Keep up the good work

@DBTechYT Жыл бұрын

Glad it helped!

@ibrahemalahdal1378 2 жыл бұрын

Very informative as always, thank you for your hard work.

@bridgetrobertson7134 2 жыл бұрын

Most important video you've done in a while. Just wish Cloudflare didn't have a monopoly on literally everything like this.

@DBTechYT 2 жыл бұрын

There are other companies doing similar things, but CloudFlare really is a beast as far as their offerings :)

@jayv_tech 2 жыл бұрын

Love you man! Great video as always.

@DBTechYT 2 жыл бұрын

You're the best!

@CHLEE-ou6ub 2 жыл бұрын

Great video David, thanks Quick question: Does anyone have any issue when UFW is enabled ? (Digitalocean's Docker instance works flawlessly without UFW enabled, but cannot access with UFW enabled) Thank you.

@DonatasKulboka 2 жыл бұрын

yes yes YES YES . This is what i needed. Amazing !

@Squallyon 2 жыл бұрын

Great video David, thanks Quick question: What to do with the services that need certificates to work, example adguardhome, since now that you have removed the cloudflare dns record, they cannot be requested by NPM. Thank you.

@jjaard Жыл бұрын

+1, also would like to know how to deal with certificates in this case.

@neonlights_12 2 жыл бұрын

Hey David! I got this working.. kind of. All my devices keep sending IPv6 addresses, so just putting my IPv4 in like you did at 13:10 doesn't work for me, it returns the access forbidden page. The tunnel works, but I have to keep adding new v6 addresses to the policy every time my PC or phone decides to change or add a new one. Any way to "prefer using IPv4"? My v4 hardly ever changes.

@floridametaldetecting 2 жыл бұрын

Great tutorial!! Can't wait to put this into practice. Thank you very much! :)

@DBTechYT 2 жыл бұрын

Glad you enjoyed it!

@BusterDoggyDogg 2 жыл бұрын

Excellent video. One question though - CloudFlare has a container that let's them know if your home ID has changed, so that they can always point the domain to the correct server IP. Is it possible to use that mechanism to restrict access to your sites to whatever is the current IP address that your ISP has given you?

@DBTechYT 2 жыл бұрын

There may be an API for that, but I've never looked into it.

@cmcdonough2 Жыл бұрын

Thank you for your content. Its really helpful and to the point no filler. I have a question for you. I was able to follow your tutorial on setting up the tunnel but I can make post requests to my url. I have tried to figure it out with no luck. Do you have a video or recommendation to fix this? Thank you.

@donny_bahama Жыл бұрын

AWESOME! Thank you, David! I’m off to implement this!

@DBTechYT Жыл бұрын

Hell yes!! You got this!

@ali66hf 2 жыл бұрын

Awesome, thats is one of the greatest videos, thanks

@leebuckley4873 6 ай бұрын

Hi do you have to put the couldflare into the directory folder as your docker for your website ?

@naimroslann Жыл бұрын

Hi sir, I'm building a TrueNAS right now. I'm not really good at this networking thingy. Right now, I do have NGINX Proxy Manager (for nextcloud) set up. So if I decided to use Cloudflare Tunnel, I don't need NPM anymore? I can just connect cloudflare to docker and point it to portainer which contains nextcloud, some web project? Thank you in advance

@shailesh.kharche Жыл бұрын

Wonderful ... So well explained 😀✌... Thanks a lot 🙏.

@gswhite 2 жыл бұрын

I love this tutorial. Absolutely brilliant!! I spent the afternoon moving from NGINX to this service and switched off my port forwarding, which should lower and decrease my attack vector. Thanks again!

@DBTechYT 2 жыл бұрын

I'm really glad it was helpful!

@Otomai Жыл бұрын

@@DBTechYT How is this different from NGINX with Cloudflare Dyndns with your own domain? (Honest Doubt)

@DBTechYT Жыл бұрын

@@Otomai This removes the need for port forwarding. This removes the need for NGINX entirely. By switching to this, my network is more secure AND my internet-facing apps are more secure becasue I don't have to open ports and Cloudflare is actively monitoring the traffic to prevent bots and attacks.

@Otomai Жыл бұрын

@@DBTechYT Oh, I see, thanks!

@MarkConstable Жыл бұрын

I'm a bit late to the party, but what options (Cloudflare or not) are available to pass through IMAP and SMTP ports?

@rkbest9783 2 жыл бұрын

quick question! you added the port 6999 for specific service on the same docker instance where cloudflare container is running. what if I want to use another VM with different IP and port (in my case homeassistant ip x.x.x.20:81234)?

@DBTechYT 2 жыл бұрын

You have to install the tunnel agent container on whatever device you want access to.

@jeffshee8969 2 жыл бұрын

Great video, wished to know this earlier!

@ChrisDePasqualeNJ Жыл бұрын

Great Stuff - I will try it on my Pi first then I want to add it to my contabo vps. For that I wonder if I added FW to block all trafic will it still let the Cloudflare access tunnel through?

@redstormsju777 2 жыл бұрын

Thank you for all of your work…your videos have been such a help in getting my home nas running well. This video is extremely welcomed as I’d like to not forward any ports if possible. Ill definitely be trying this out….Can i use a synology domain name?

@DBTechYT 2 жыл бұрын

You have to use a purchased domain that you've routed through cloudflare

@MrEric377 2 жыл бұрын

Thank you very much, this is great content and very informative.

@DBTechYT 2 жыл бұрын

Glad it was helpful!

@jackysoth7124 2 жыл бұрын

Thank you. I was wondering I guess for example on nextcloud, we do not have to request Let'sEncrypt certificate anymore, correct? SSL certificate is now provided by Cloudflare?

@DBTechYT 2 жыл бұрын

Yes, correct

@carl_thunder Жыл бұрын

Good work as always!

@DBTechYT Жыл бұрын

Appreciate that

@gswhite 2 жыл бұрын

I have been using this solution for just over a month now, and it works perfectly. However, how do you update the docker containers to the latest cloudflared version? My containers are all complaingin they are running on an old version. How about a tuiturial on that :) ?

@_Jeremyxlewis 2 жыл бұрын

Ive followed this a few times yet always come to the same Error 502 bad gateway. Showing browser and cloudflare working but the host is not. Any thoughts on what the cause might be?

@zeusro163 2 жыл бұрын

I'm sure I'm missing something obvious, but what do I need to do so that it will auto-start? I think I need to add the restart policy, but I'm not sure where I add it in the copy/paste I get from cloudflare. Any ideas? --restart unless-stopped

@GuItArFrEaK5112 Жыл бұрын

QQ. After setting up the docker container and making the connection with cloudflare, how can maintain running? If I ctrl+c out of the 'docker run . . .' in the terminal, the connection servers and am unable to use the tunnel anymore

@abhishekchatterjee88 2 жыл бұрын

Hello David, This is awesome and I will definitely try this out. I have been searching a few things like I have a old pc at home which I use it as a server though fedora server OS. Using duckdns I access it over internet and the subsequent docker containers have to be accessed using the duckdns url and the port. Can cloudflare help in eliminating the need for accessing the containers using ports only the https url. Also can we go use putty over internet using the cloudflare and the smb services for file transfer. Apologies for jumbling up too many questions in one comment and thank you so much for inspiring us to learn and try more.

@DBTechYT 2 жыл бұрын

This allows you to securely access your apps via a domain or subdomain instead of needing to use ports or anything like that. There is an option to setup additional services like SSH and RDP that I may make additional videos about in the future

@mbradley50 2 жыл бұрын

Great great video. Service works except ssh into my synology hosting the containers. I have not tried rdp or other tcp ports, but ssh not working is stumping me. Any ideas?

@mbradley50 2 жыл бұрын

BTW I have ash via browser not shell.

@claudiopgjr Жыл бұрын

Great Video! Thank you for sharing!

@DBTechYT Жыл бұрын

Thank you too!

@ChrisDePasqualeNJ Жыл бұрын

First - Excellent KZbin Channel. Did you really quick your day job to do KZbin? Kudos to your vidio editor too. 🙂 My question is. I currently expose a random port on my firewall and then use Cloudflare Origin rule to rewrite 443 to the random rule that I have open on my firewall - then port Forward from random port to 443 to my Nginx proxy server. And now for the question. With CloudflarD Tunnels, do I still need Nginx? Cuz the last two times I installed this on my Docker it broke my RPI. Thank you and keep up the good work. Chris

@mbradley50 2 жыл бұрын

I’m on cgnat, can cloudflare tunnels allow hosting a vpn access? I can’t figure it out.

@kurt204 2 жыл бұрын

Thanks, you can use this tunnel to bypass cg-nat and access from outside?

@DBTechYT 2 жыл бұрын

Correct

@MRPtech 2 жыл бұрын

Hi, Me again :) Do you know if i Cloudflare Tunnel will allow to set up subdomains for different local IPs instead of being one Docker IP. Example, i would like to have DOMAIN pointed to local_ip_1 but subdomain like plex (dot) domain or cloud (dot) domain to point to local_ip_2

@DBTechYT 2 жыл бұрын

I have one tunnel with agents on mutiple devices and I point to different IPs that way

@MRPtech 2 жыл бұрын

@@DBTechYT Amazing. Thank you for quick example. RESPECT !

@lucifer123ag Жыл бұрын

Thank you for the video. I followed the instructions (have Ubuntu 20.04 with Portainer) but when I try to access the public URL I keep getting "Bad Request - Error code 502). Can you let me know how to debug this? I can access these locally and through NPM but accessing through tunnels is throwing up error. The page image depicts: You Browser (working) --> Newark Cloudfare (working) --> My domain Host (not working)

@silverace_71 2 жыл бұрын

YES, now I can do so much more with my websites and servers!

@DBTechYT 2 жыл бұрын

Woo!!

@danielmuldoon5186 Жыл бұрын

Could this be used to remotely view/access cctv nvr?

@giuliodicriscio 2 жыл бұрын

very useful, thank you 🙏

@paul3151 2 жыл бұрын

Fantastic Video, immediate subscription

@DBTechYT 2 жыл бұрын

Thanks and welcome

@moatazezzat7517 2 жыл бұрын

Thats one of the greatest videos ,, thanks

@DBTechYT 2 жыл бұрын

Glad you liked it!

@rafwenger 2 жыл бұрын

Great video, thanks! I am using DNS Made Easy as my name server. Do I need to switch to Cloudflare DNS for the tunnels to work or can keep my existing NS?

@DBTechYT 2 жыл бұрын

You'll have to switch your DNS to Cloudflare

@haidars 2 жыл бұрын

You can also delegate a subdomain to cloudflare and keep the main domain at current name server...

@sarnog Жыл бұрын

Hello DB Tech, I really hope you can help me out, since i'm struggeling for a week now to get it done. I'm running a proxmox server, where i have home assistant running in a VM (HAOS). In a LXC container i'm running nginx proxy manager, witch i'm trying to setup with a argo tunnel from cloudflare. I tried many ways, tried to setup docker swag, tried to setup a tunnel myself with all the info i could find on the web, but i don't get it to work. Everytime i get dnsprobe errors or to many redirections error. Anyway, i can't seem to make nginx proxy manager host my subdomains thru a argo tunnel. I really hope you can make a video on how to set it up, it would greatly help me out! Thanks in advance!

@Gosydelix 2 жыл бұрын

Thank you for this awesome tutorial! I just have a question - does this eliminate the need for nginx proxy manager totally?

@DBTechYT 2 жыл бұрын

Yes it does

@Gosydelix 2 жыл бұрын

@@DBTechYT awesome! No more npm fiddeling

@jfmalygos 2 жыл бұрын

thanx for the Video! how can i tunnel "rustdesk" it needs a lot of Ports 21115-21119? any idea?

@royitoroy Жыл бұрын

david your video is a blast bro thnaks! i have cgnat that's why I have contracted a vps with a wireguard vpn and a nginx to acces my (high videos traffic) wordpress´s and bitwarden and other stuffs... do you think this solution (free or paid) could be for me? or better than solution currently i got? or are there any kind of bandwidth limit or something bad for services of "high traffic"? hope your answer please

@K1LLA_KING_KONG Жыл бұрын

Got this working for Unraid web GUI. But how to configure for nextcloud docker as its showing bad gateway?

@darkmtrance 2 жыл бұрын

Great Video!

@abdallahboucedraya 2 жыл бұрын

thanks i have question when i use tunnel, can i use reverse proxy like traefik or ngnix reverse proxy ? merci d'avance :)

@DBTechYT 2 жыл бұрын

This replaces a reverse proxy entirely

@jrRim Жыл бұрын

did you ssh and install the tunnel on OVM or straight to Proxmox? Any idea what would be the implications of each approach?

@DBTechYT Жыл бұрын

Great question!! You can do it either way. Things to consider: If you install it on your Proxmox server directly, you only have one tunnel agent to manage/update. You can also easily just point domains to any of the VMs or CTs on the device with that single agent. The down side to doing it that way, is that you're potentially opening your entire Proxmox server up to the world if you don't have the right levels of security in place. If you were to install it directly on Proxmox, you'd want to make sure that you limit access via methods like this: kzbin.info/www/bejne/rZXQk3SlZZeeqrM or even restricting access via the Warp client (I haven't made a video on this topic yet.). You'd also want to make sure that you have 2FA enabled on your Proxmox server and have a good backup solution in place *just in case*.

@zlatizlatev8632 2 жыл бұрын

Hey there, Thanks so much for this video. I have one question. Do I still need Nginx Proxy Manager to create subdomains with SSL or CloudFlare tunnels takes care of this? Thanks in advance.

@DBTechYT 2 жыл бұрын

this replaces nginx proxy manager entirely. it handles everything

@zlatizlatev8632 2 жыл бұрын

@@DBTechYT Thanks so much, I appreciate your time! I can't wait to try this! Keep up the great work!

@ShotgunMassage 2 жыл бұрын

Finally cloudflare tunnel, thank you!

@DBTechYT 2 жыл бұрын

Enjoy!

@gyzmoduck Жыл бұрын

I'm trying to do this on unraid and everything gets set up but I keep getting a bad gateway error and the log says: "ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: x509" Can't seem to figure this out.

@michaelsollner4151 Жыл бұрын

same here. Did you find a solution?

@ChrisDePasqualeNJ Жыл бұрын

I just installed a fresh install on my RPI 4 B 2022-04-04-raspios-bullseye-arm64.img.xz . But when I go to install cloudflare/cloudflared:latest I get docker: no matching manifest for linux/arm/v7. Can you help??

@DBTechYT Жыл бұрын

cloudflare/cloudflared:latest doesn't work with ARM processors. You need to go here: hub.docker.com/r/cloudflare/cloudflared/tags Find a tag that works with your setup. Then change cloudflare/cloudflared:latest to cloudflare/cloudflared:

@mbradley50 2 жыл бұрын

I’ve sent this to so many people since starlink became available in our area. Have you ever considered a video targeting CG-Nat especially Starlink and fixed wireless internet?

@travisbrennan90 Жыл бұрын

I successfully set up a tunnel. The only issue I have is that it redirects to my domain with the port number shown. I can't seem to find any information on this. Any ideas?

@Hhbdjnkk 2 жыл бұрын

I'm trying to configure cloudflare zero trust with traefik, and I can't manage. Did someone manage? If so, which address is pointing the tunnel to, as no ports are exposed? On the other hand, with nginx I have no problems.

@neonlights_12 2 жыл бұрын

Hey! So define "configure cloudflare zero trust with traefik". Are you trying to access a Traefik instance, or trying to use Traefik through a tunnel? What OS or environment are you using? If you mean you're trying to access your Traefik instance from another device, using a tunnel, you would just need to type in the internal IP address of whatever device is running Traefik like Dave does around the 6:00 mark. If you're trying to use Traefik as a reverse proxy to access other applications from outside your home network you don't need to, Cloudflare handles your proxy and the tunnel is the security from the outside world, see 14:12 for restricting access to only YOUR devices.

@0xsh1v4 Жыл бұрын

does it automatically updates the IP address of home server, if internet provider uses dynamic IP address?

@DBTechYT Жыл бұрын

Yep. This works on dynamic IP addresses and CGNAT

@polarecliptek Жыл бұрын

Awesome ... thanks for the content.

@DBTechYT Жыл бұрын

Glad you liked it!

@MetaSikander Жыл бұрын

do you know how to set it up with support for websocket?

@dibu28 2 жыл бұрын

Great video, thanks!

@DBTechYT 2 жыл бұрын

Glad you liked it!

@Marc42 Жыл бұрын

Liked and subscribed with great pleasure! :))

@DBTechYT Жыл бұрын

Big thanks

@kalitsiadischaritos4685 Жыл бұрын

why returns " no matching manifest for linux/arm/v7 in the manifest list entries" What can I do to solve it. I am trying in a pi.

@DBTechYT Жыл бұрын

That error message means that it isn't compatible with Pi

@thekernelpanic3320 Жыл бұрын

awesome video!

@RUPAMMANDAL05 Жыл бұрын

Hi, I have followed this method. Hosting OMV on RPi 4. But only http tunnels are working. SMB is not working. SSH is working if it is browser rendered. Not working in SSH client. Please help. I have spent lots of hours but couldn't figure out. Please show how to tunnel SMB.

@animaniaTV Жыл бұрын

If I remember correctly, CF tunnel solution explained in this video only works with HTTP traffic, not for other TCP based services (SSH, SMB, etc.)

@kstehn 2 жыл бұрын

hey thanks for this awsome video i really like this setup a lot currently iam trying to setup some authorization method to secure my service/pages from others for my old setup i used in NPM http-basic (simple and quick) but this doesn't really work for cloudflare, so my idea was to use something like keycloak as Identity Provider which i can setup in cloudflare and keycloak itself is running as a docker container also but right now i am kinda stuck, i only get the auth selection screen shown from cloudflare and no keycloak login screen even tried SAML (guide from cloudflare itself) and OIDC maybe you or someone else has any idea how to get this setup working that would be awesome

@DBTechYT 2 жыл бұрын

I might have to make a video about adding authentication to apps via CloudFlare... :)

@sidneyking11 Жыл бұрын

@DBTech if this feature is enable do you still use authelia?

@DBTechYT Жыл бұрын

Possibly, but I'm not sure what that process would look like

@28469 Жыл бұрын

Would you recommend using this over a reverse proxy? I have nginx set up atm but will switch to this as it looks safer, any draw backs?

@DBTechYT Жыл бұрын

I prefer this much more than a standard reverse proxy

@xxgg Жыл бұрын

What are the pros & cons of doing it this way vs your other guide (cloudflare+nginex)?

@DBTechYT Жыл бұрын

This method requires no port forwarding. It also allows for better restrictions, firewalls, authentication, etc

@redstormsju777 2 жыл бұрын

So I’ve been running this successfully thanks to your video..i no longer have any ports being forwarded on my synology. Since this is the case, and since I am not using my synology free DDNS name, could i let my lets encrypt certificates expire or would it be a good idea to renew them? If it is a good idea to renew then, would i have to reopen the port 443 or 80 or do you have another way of doing so?

@DBTechYT 2 жыл бұрын

If you're using CF tunnels, your SSLs are taken care of by CF. You should be able to just let them expire at this point.

@redstormsju777 2 жыл бұрын

@@DBTechYT great. One less thing to worry about.

@francisbins Жыл бұрын

I like to know how use a path like db3tech/path, i tried simple put in public hostname setup but gives me 404 error

@Breeegz Жыл бұрын

So.. with these tunnels, could you tunnel into an Nginx Proxy and maintain all the SSL Certificates? I am administrating a server at my Brother's house remotely (900 miles away), and he wants NextCloud. His internet is on Starlink, and they don't have any way to port forward. I tried to get SSL's to work over SSH tunnels maintained by the autossh docker image (which is how I remotely access his server), but I couldn't get it to work. If I could get reliable remote access for him, then I could open up a bunch of different services that he could use.

@DBTechYT Жыл бұрын

This completely removes the need for Nginx Proxy Manager. It handles its own SSLs

@Breeegz Жыл бұрын

@@DBTechYT Neato! So I'll need a separate tunnel for each app? I only plan on one at his house, just wondering for future possibilities.

@DBTechYT Жыл бұрын

I've got 19 apps running on a single tunnel, so I think you'll be okay :)

@Jan_Alexander 2 жыл бұрын

Very interesting! Considering that I am about to expose my server on the web and I already got the prerequisites set from a previous video about NPM, is it at this point better to use that method or this new one? I would just like to access my music/books/videos when I'm around, nothing public. I'm on Docker.

@DBTechYT 2 жыл бұрын

I like this method better as it doesn't require any port forwarding. It also allows you to put in additional security between the world and you server for things like authentication based on email or IP address

@Jan_Alexander 2 жыл бұрын

@@DBTechYT Thank you David, then I will do this way. :)

@mikeosude 2 жыл бұрын

Does this only work when your home router has a public address assigned by the ISP modem or can it work when the internal router has a private ip from the modem?

@DBTechYT 2 жыл бұрын

It can work in just about any situation

@achan7396 2 жыл бұрын

Hi David, can you please explain what is the advantage/differences between this and using Taiscale. Thanks.

@DBTechYT 2 жыл бұрын

Good question!! The differences with this method allows you to use a domain name. You can share your services with anyone without them having to install software on their devices, you can just add their IP or Email address to the setup and require that one of those criteria are met if you want to add that level of security. Using email authentication, you can also get security information about who logged into your services. I'm sure there are others, but this is off the top of my head

@achan7396 2 жыл бұрын

@@DBTechYT Thank you for a very clear explanation. I have been using your instruction on setting Plex on OMV5 and just upgraded to OMV6, is your instruction still applied to OMV6?

@DavidJohnson-zv5ir 2 жыл бұрын

Great video! Thanks

@DBTechYT 2 жыл бұрын

Glad you liked it!

@truedezignstudio Жыл бұрын

do i need to do https when the pad lock is working? pros cons? how to do it as https and disable TLS 1.0

@DBTechYT Жыл бұрын

you only select the https option if the container has an SSL built into the container and then only if you're pointing your tunnel to that https port in the container. If there's no SSL built into the container, then you do NOT user the https option

@erhancevik3517 Жыл бұрын

Hi There, if is possible use Cloudflared and TVHeadend Streams ?

@DBTechYT Жыл бұрын

Check the pinned comment

@WiddaAbbas Жыл бұрын

Great efforts as usual Dav..many thanks. Can I utilize this to gain access to services hosted on different hosts at the same subnet as the the one which the agent is installed in? One more question..do we need the DDNS script container to update dynamic IP with Cloudflare anymore?

@DBTechYT Жыл бұрын

I usually install an agent on any host that I need access to just to make sure that I don't run into any issues. Also, you shouldn't need DDNS anymore with this setup as there's a constant line of communication between your agents and the CF servers

@WiddaAbbas Жыл бұрын

@@DBTechYT Absolutely amazing....thanks again...your content is the most straightforward and easy to coherence among all other KZbinrs. Keep it up...

@DBTechYT Жыл бұрын

Thanks!! I really appreciate that! :)

@krdesigns 2 жыл бұрын

can we go through cloudflare zero trust tunnel to NGINX Proxy for multiple domain?

@DBTechYT 2 жыл бұрын

Tunnels replaces nginx proxy and works with multiple domains

@Bradley-Thomsen Жыл бұрын

Would this work with the domain name provided by TPLink Deco?

@DBTechYT Жыл бұрын

No. You don't have any control over the actual DNS for that domain name

@mrbarrington-smythe9033 Жыл бұрын

This is amazing. Will certainly be trying it out. Is there a way the allowed IP can automatically be updated, as I don't have a fixed IP with my ISP. Thanks

@DBTechYT Жыл бұрын

I know there's a DDNS container that can be used to update regular A Records, but I'm not sure about updating allowed IPs. The one thing I've done for when I'm away from home is that I've got a PIA VPN account with a dedicated IP. That might be an idea until another method is available. If you want to try that, here's my PIA affiliate link: dbte.ch/piavpn

@JocelynLu-yj8ls Жыл бұрын

How can I check the url is running on tunnel?

@jimmusfeldt5378 2 жыл бұрын

How is the tunnel's Docker container updated? Automatically? Manually? Watchtower?

@DBTechYT 2 жыл бұрын

You'll have to update it based on your current update strategy. If you do your updates manually, then you'll do that here as well. Same thing with WatchTower.

@Sam-and-Sam Жыл бұрын

is there any tuts for docker/portainer?

@perfect.stealth Жыл бұрын

Even with the help of this video, i still have trouble setting this up. I can only get the / path to work. Anytime i add a path after the domain it returns a 404. Also, i don't understand what the application is exactly. Why do we both add a Tunnel AND an application? Should applications just be considered a firewall, and tunnel considered an app?

@DBTechYT Жыл бұрын

This video might be more helpful kzbin.info/www/bejne/h2bHeGudaZKGrpI

@juliopinillos6934 2 жыл бұрын

Congratulations, Great video, i have one question. i follow you during years already and i have all configurate with nginx proxy manager, is possible do this direct to proxy manager and all work like before?, Thanks

@DBTechYT 2 жыл бұрын

This replaces Nginx Proxy Manager

@shanewilliams2956 2 жыл бұрын

@@DBTechYT Oops, missed that link... Thank you so much I was struggling with the nginx proxy manager setup and this actually worked for me. plus I would not have to update DNS every time my public IP changes, this is great.