If you setup CloudflareD (CloudFlare DDNS) and whitelist that hostname for access, then if your IP changes, you should still have full access via the DDNS hostname.

Thanks for the video, I used to use the Email method for sometime , but recently I managed to get the Cloudflare tunnel to use Authelia for authentication which gives me full control on what subdomains to bypass, single factor or two factor authentication. Was done using the OpenID login method in Cloudflare authentication and adding a new client in Autherlia configurations file

Simple thank you. New to IT and try to learn by doing home IT projects. After trying other you tube examples, this is the one that worked for me. Big thanks and keep up the good work.

Would love to see a video on how to bypass when my phone is on the WARP VPN. With this, apps like Homeassistant would automatically work, but I did not manage that :(

Hey! I've followed the steps in one of your previous videos to setup a Nextcloud instance using Docker and Portainer. I'm using Cloudflare Tunnel to access it on the internet, but I'm unable to use video calls in Nextcloud Talk because it needs a Turn Server. Could you please make a video on how to set that up in Docker using Portainer?

Absolutely loving what you do, sir. I've been going through your videos and perfecting my setup on my server and you do a great job of walking through installs. I would love to see you setup Shlink Url Shortener in containers. I have it running, but it has a bunch of quirks and setup can be tricky, would love to see your complete start to finish on it as I'm sure I'm still missing pieces

thanks a lot for this super tutorial. Very helpful! I noticed a small security issue (display of personnel information). I can tell you exactly where when available. thanks again :)

Great video, David. Thank you. Helped me out protecting my server.

Do you have a writeup on this? Would be great to be able to copy/paste the commands and be able to read along instead of clicking back and forth Such a great howto! Keep em coming!!!!

14:53 you can see all your emails

Great content, better than others i have seen

Hey, thanks for the video. Is there a way to add access restriction automatically or assign an access group directly to the tunnel application without creating duplicated app restrictions? That's a bunch of work if you have 30+ apps.

Hi, can u discuss also the limitation of Cloudflare tunnel in your future video? ty.

Amazing. Learning cloudflare tunnel. Can you make a video how to access your Windows PC on RDP via cloudflare tunnel? Tried couple of things but did not work.

Thank you. The wording Cloudflare has chosen for the configuration page is rather confusing.

ei, please, I'm trying to put an authentication screen (with biometrics options) to Google SaaS apps with it. My office Cloudflare Access authenticates with the Google Workspaxe accounts already, but setting it as a policy doesn't seem to have this effect

Hey, great video! can you please make a video tutorial of how to setup Cloudflare tunnel to work with Authelia in front of another docker container?

Wow... Fantastic video. Thank you very much. Hey do you think you could do a video with SSD caching on Open Media Vault?

Amazing tutorial! As always straight to the point and resolutive.

Have you tried getting access via Warp (1.1.1.1)? According to Cloudflare it should work, but I’m struggling for months now to get this working. I have Warp on my moble devices (phone/tablet) and my goal is to be able to access by home via the tunnel _without_ additional authentication when the Warp VPN is on.

Thanks for the demo and info, have a great day

The IP Methode is fine if you have static ones. Which is not easy to come by where i live. The Email method i also tries but i am not a Fan of waiting for an Email with a Code. So for me the best setup is to use keycloak with saml access. I love this and when setup its so easy to add new users. The best for me is then i can Set a temp password and after first login they are forced to change it. But to get this setup up first was a bit tricky.

Thanks for the clean instructions!

I am not sure if Tunnel is free - because it ask me for payment so i try to keep it cheap but it looks very usefull.

Simplest trick to restrict access to your tunnel apps is to just use cloudflare firewall rules plus set up allowed IPs in Configurations>Lists. This way I only allow my home IP and my mobile provider range to safely access what I really need without the vpn, like bitwarden or nextcloud.

Excellent vid thanks loving the tunnels content thanks

Thanks for the video. However i didn't find a configuration that works for me. The VPN solution is cool but i don't like running a VPN on every device just for this and the mail method brokes some apps implementations. (some apps don't have a method to allow the session when connecting throught the tunnel). Any suggestions?

Do I understand correctly that this needs to be reconfigured on a monthly basis? That would appear to be the case. Do they allow policies to remain in place permanently for a fee?

Hey, I want to set up a vpn server into my home router / pc but my ISP don't provide a public ip. So please help me out so that i can setup a vpn to share my internet connection via cloudflare or other service !!!! Please.

Is there any way to add Authelia with cloudflare tunnels? Also can you please make a video for installing crater with cloudflare tunnels as all the tutorials online uses nginx proxy manager. I have been using tunnels from quite a some time and absolutely loving it and don't want to move to nginx for just one application. Thanks.

Sir i am using homeserver with proxmox and install ubuntu 22.04 lts and install aapanel or add wp site but i am getting error 523 Origin is unreachable what i do please help me

Love it! Something I missed maybe. If you don't have a Reverse proxy like Nginx PM, how do you redirect each subdomain to your services running as docker containers linked to different ports like 5555:5555 or 1234:1234 for example? Do you also need to set on the Cloudflare GUI their port other than their domains (or subdomain)? Thanks

I tried setting this up with just IP address for access control and it presents me with a e-mail authentication page. How do I remove the e-mail and just have it use IP included?

Great video! Quick question - is it possible to set a bypass for one IP address (let's say my local IP so I don't have to authenticate myself locally) and at the same time set up one allowed email to have external access (with code, GitHub, Google, etc.)?

Hey would love to do this but instead of using IP addresses I want to use URLS (because they a dyndns urls) would something like that be possible?

What configurations besides nameservers have you setup for your domain? I bought mine from a different service, not cloudflare.

good day. if i was to do the same with CASAOS would i be able to only allow access to a sersific folder using email address /

This is useful for me ! Thanks

how to use cloudflare tunnel services with aapanel panel with homeserver please make video tutorial i need help

If i just do the top level doman will it require the authentication for all subdomains or will i have to set it up individually

Thanks for such great videos, as someone who has moved from ESXi and virtual machines on an old dell 2u server to running docker in Ubuntu and containerising everything your videos have been invaluable and given me some great ideas. There is one thing that I haven’t been able to find though. I want to be able to file share without port forwarding. I thought that Cloudflare might be able to let me do this but I want AFP shares, and I can’t even get SMB shares to work over CF. Any ideas on services that could achieve this??? Many thanks

Great tutorial DB

I use Pfsense and restrict access IP's to just Cloudflare's blocking everything else on ports 80 & 443

I have been really enjoying the tutorials and they've helped me create my own accessible server. However, I do want to make it more secure. Is there any way to set up an SSL with CloudFlare Tunnel? it looks to have mTLS and I would love to learn how to use that in order to make sure only computers i give that certificate to, can access my server. I hope you are able to help, as that seems like the most secure and fully free (hopefully) way to connect to the servers!

What is a good way to restrict lets say an apache server from serving a guacamole login page hosted on Linode if the request does not originate from the cloudflare tunnel?

is there an option for just a simple user/ pass system?

I’ve been messing with this recently to connect to a services on a VPS running some containers to try get a HA setup for when my home server goes down. But tbh Tailscale seems a better solution for me as nothing needs to be publicly exposed. I know you’ve done videos on both. But can I ask why you use this over Tailscale?

Can you mix & match? IP address if I am home, and email as a backup when you are out and about?

Ip kinda makes zero sense if you're public hosting. Like if you work from anywhere but home, you can never guarantee your ip. And if you're gonna vpn to get on that ip then why even publicly host the service just use it over VPN.

curious why would you use PIA and not Cloudflares WARP?

the dread gmail dark mode... yet the email opens in light mode...

Do you have any videos on using warp? I'd like to block an application to everything UNLESS you're connected using a device using WARP and added as a device in CloudFlare zero trust

Are restrictions/access by MAC-addresses also possible?

Any idea about how to lock vaultwarden login page behind CF access?

Is there a way to include a dynamic IP because my public IP changes daily

Does this works with mtls/service mesh architecture?

What's the best way to setup wireguard behind CGNAT? Cloudflare zero trust tunnels don't support UDP yet and I don't fully understand WARP

Is it also good for accessing vaultwarden?

Thank you!

Hello, another great video. Do you happen to use this for Synology DSM? I’ve set this up for all of my self hosted apps and it works great. The only hiccup I encountered is setting it up for the synology DSM application I have set up through cloudflare tunnel. The access policy sets up correctly, I get the authentication code to the email address I set up in the policy and I do get redirected to my synology dsm login page. After entering my DSM credentials I get an error message “unable to sign into the system. Try again later or contact synology support.” However, if I remove the access policy, I have no issues going through the tunnel and logging into DSM. Any thoughts?

Thanks

Videos starts at 20:00

At 14:53, your emails unblurred.

Good content! But please don’t talk so fast.

super helpful. Thank you!