I've been using Cloudflare for a while now and have a static public IP which has made things a bit easier, but I've had to do all my routing using reverse proxy and having port 443 open, which I'm not overly keen on and sometimes it doesn't work properly. I'd tried the tunnel, with absolutely zero success. But having watched your video, I can not only see where I was going wrong, but I can also now see how to use multiple services over the same tunnel! Thank you so much for explaining it in such a way as to make me think, "Yeah, that's really easy, is that."
Its Nice to see that we get to see two Creators in One Video : 1. Brett Himself a.k.a Raid Owl 2. Jeff from Craft Computing (Looking at his t-shirt) Looks like you are also on the way to become a Homelab Nerd just like him
Awesome Video I love these types of videos ! Loving your self-hosting series of videos keep up the great work your channel made my top 5 must watch list for Tech
Since I'm on a NAT IP this might finally be the guide I needed to get a few game servers and services going. I also need to setup pfsense first and make some dmz vlans.
i got a domain and i was soo dissapointed that my ddns wouldnt work properly !!! Thank you soooo much for this , i can access it now from different external ip's as well
Great video! I have a nginx setup on a cloud provider anyway, so I'm using it as a reverse proxy with Zerotier providing direct access to my internal systems. Same end result - no firewall openings required.
Very good video. I don't need this myself, but it's useful for those people who live in apartments. Do you remember any other services besides this? Because we give too much power for Cloudflare in controlled.
Great video. Here are some quick follow up questions: 1. If this hosted/external service is currently proxied via HA-proxy in pfSense, should it be removed? 2. Are you still using HA-Proxy for any hosted/external services? If so, which? 3. Have you successfully used this tunnel process to expose your self-hosted bitwarden? Any issues? 4. This method should eliminate the need for running cloudflare_ddns to keep our changing public IP address in sync with Cloudflare, correct?
I did everything in the video the I can get a secure connection, but then I get the error that there were too many redirects. I have searched everywhere and I can't find a fix. I'm trying to access my HP servers iLO3 this way.
The traditional way to get around not having a static IP is to use dynamic hostname providers. A lot of people might not know, but cloudflare also supports dynamic IP's... Just saying, you can get around the CG NAT with a hostname. Tunnels are better for security and privacy purposes.
Question. What are the repercussions of using noTLSVerify? I'm wondering how safe this is. Does that open up the possibility of some kind of man in the middle attack? Is it possible to use a free SSL certificate from Cloudflare? Thanks for the video!
I think doing TLS through cloudflared tunnel is redundant and not necessary. Better to save cpu cycles and the headache of self signed certs and let cloudflare connect to HTTP instead of HTTPS over already encryped tunnel. HTTPS is necessary if you don't use cloudflared tunnel.
Good video, but I must say doing this through the CLI is way more confusing than using the Cloudflare GUI. I was also able to use the GUI restrict access and to setup authenication. However there is always more than one way to skin a kat. :) Thanks for the work you put into this videos.
I'm in the same boat with the same ISP. Up until finding this video I've been using a Hoppy connection (Wireguard Tunnel from VPS). While it fits the bill and works, I'm excited to give this a shot next. I'm kind of disappointed it only took me 8 months after he put this out there to find this video. lol
CF is a good option but I don't want to use another cloud based entity as my identity provider (Google, GitHub, Okta..). I would like to leverage the user level function similar to Open VPN. Thoughts on how to integration this CF Tunnel with User based that I control?
Finally a video that made sense! Without knowing it you did point out a few things I had missed! And the best part, I can now get rid of that monthly $5 fee for a public IP! Thank you! I do hope you take this another step and talk about WARP as well, and how to reach your LAN when your not at home, thus this also replaces my home VPN setup. :)
@@aagm. nailed it. Tailscale is freaking awesome. 20 devices with a free account, can't be beaten in my opinion. I use it everyday. It's actually my route back into my BlueIris box to check my cameras while I'm away from home. Stupid simple to use.
Brilliant overview and walk through guide. However after following instruction and checking repeatedly I still get the following error??? ERR Couldn't start tunnel error=" is an invalid address, please make sure it has a scheme and a hostname"
I know I am late to the party. But on your Heimdall dashboard there, being handled by cloudflared. If you click on one of those apps to open will they? Or do you need to add ingress to each app for that to work? I am following along with this video using my truenas scale server. edit: also it looks like the service takes a snapshot of the config file at the time of install "cloudflared service install" and drops it in "/etc/cloudflared/config.yaml" so if you ad anything you need to add it to the file in /etc or maybe symlink the two? Not sure
Great video! Does single dashboard subdomain works for all the services available in Hiemdall dashboard or each service require separate subdomain configuration?
I have to disagree using the web GUI is infinitely easier for me for cloud flare. I have a cloud flare tunnel because I have CG nat Internet. Bang my head against the wall for a week until I figured that one out 😂😂😂. If only we would have switched over to IPv6 by now SMH.
Thanks 😍 I'm under CG-NAT. I was using Ngork, Tailscale and all, never had a detailed video of Cloudflared tunnel set on RU-vid. This is perfect thanks a lot.😍
Question, how much of your instenet speed is lost while setting up these type of tunnels? (headers and what not) I have watch some of your other videos, but I think I missed it if you showed it. I would love to see the difference on an IPERF test. Thank you for the indept videos.
Now you can install wia apt get... if you add the repo. Can you talk about how to tunneling ssh in the near future? Thats seems a bit complicated to me...
I have a question kind sir! a comment first so that you understand. I am running on my own server in my home. If I run the tunnel (cloudflared tunnel run name) it works fine. as soon as I exit out of the path /cloudflared# the tunnel server stops. The only solution for me is to use an ssh source to constantly have it up. Or constantly have it up on my main server. Is there a way to have the tunnel constantly run in the background? I really dont undersstand why its doing this.
Nevermind. I solved it. If I type the "&" symbol after the command, it keeps it up and running.... I do want to say that your video was really good. You saved me some real time here. I'm in China, its firewall paradise here .
I'm getting an Error 1033 Argo Tunnel when running the command: cloudflared service install I'm on mac with the app deployed in Railway. Any suggestion what it's happening? :(
Thanks for this! I have a newbie question: Would you be able to connect from outside your network with this? For example, if you’re hosting Nextcloud and want to access from another city. Or did you you have to use a VPN? Thanks again!
trying to determine why I get "bad gateway" errors when trying to add, via the Zero Trust GUI, when I add an "https" site I used this CLI method; however, (clearly) made the mistake of "migrating" it on the Zero Trust dashboard which resulted in error 1033 errors
Excellent, I have a question. Can I do something similar for iredmail? I want to use the same tunnel I have already done it for iredmail. Thank You and Best regards.
I was thinking can I use it to route anyconnect ssl vpn traffic over ? Or it won't work? Surprisingly there is no tunnel option anymore under traffic (update, it's under zero trust, access ,tunnels)
Thank you very much we appreciate your time and effort. From where you got the 10.0.0.26:9444 for the ingress? I'm also facing an error "unable to reach the origin service" what could be the issue and it's resolution?
would this be workable to host a minecraft server without constantly opening and closing the port when using the server? I have a dedicated machine that is constantly hosting the server, and Nord VPN doesnt offer port forwarding, so I need a work around to keep the server accessible to friends, rather than me opening the port when i need to
Is it possible to show how it's done via the gui... I have a domain name. I installed using the docker command and it show connected but I get lost after that bit
After going through all the steps and giving many hours for the DNS to propagate the domain, I get a "400: bad request"response. Anyone has a hint on how to fix it?
This worked perfectly for one of the few sites I tried-Komga. However, tonight, I changed the port that my Komga server was running on to try a guacamole install (I thought I read that port 8080 was required). I changed the port in my config.yml for the new port Komga was running on, saved the yml file and restarted the tunnel. No dice. I looked to see if it was a firewall issue and that didn't seem to help at all. It took a little bit of time, but I finally got Komga working again on port 8080. Any advice on what may have happened? I put in the ingress rule that you showed, but that didn't appear to be the problem. Thanks!
This is pretty cool. I currently use nginx getting ssl certs via cloudflare. I run PFSense as my firewall / router and have a cablemodem with a routable IP address primary and a Starlink as failover backup. Problem is when it fails over to SL, none of my reverse proxied sites function. I need a tunnel just for Starlink and do not know if that is even possible. Please advise. Thank you!!
First - Excellent RU-vid Channel. Did you really quick your day job to do RU-vid? Kudos to your vidio editor too. 🙂 My question is. I currently expose a random port on my firewall and then use Cloudflare Origin rule to rewrite 443 to the random rule that I have open on my firewall - then port Forward from random port to 443 to my Nginx proxy server. And now for the question. With CloudflarD Tunnels, do I still need Nginx? Cuz the last two times I installed this on my Docker it broke my RPI. Thank you and keep up the good work. Chris
Hi there! Nah I currently still work a full time job and do all my own editing haha. For the tunnels you done need Nginx but it could make it easier if you don’t wanna set up Ingress rules and deal with ssl through the tunnel.
This is an awesome solution! So I am trying to limit the incoming connection to my host to just Cloudflare tunnels. Trying to locate what Cloudflare's IPs are (assuming it's on port 443) to configure my firewall. Has anyone successfully done it? If so, could you please share?
My old way was ha proxy on VPS forwarding requests to wireguard vpn clients on my home network. That hides my public IP and removes the need to open ports on my home network. It also let’s me run intrusion detection and prevention software on the VPS as another layer of protection. I’m going to add another HAProxy inside my network to forward requests to docker containers with macvlan assign IP addresses. I like the idea of using cloudflare tunnels to replace the VPS I’m using. But can you use one tunnel for multiple domains? I have a few fqdn’s pointed at my VPS , and it looks at the fqdn to decide where to forward it . Can cloudflare tunnel service multiple domains?
hi sir, i have a error root@raspberrypi:~# cloudflared tunnel run bismillah Tunnel credentials file '/root/.cloudflared/42f6016e-e8a4-4f0e-b4db-70>' doesn't exist or is not a file can you give me a slove this problem? thanks
It's hopeless hosting inbound connections on a home system. Internet providers seem to frown upon that since they are selling you the download bandwidth, and selling businesses the upload bandwidth. That's why your upload speed is less than download. The external IP address my router says I'm at, is not reachable from the Internet. The dynamic IP address also makes self hosting unreliable because it takes a while for a dynamic DNS to take effect if your address changes, and in that time your website will fail for users. A reverse tunnel solves all this and is a slam dunk obvious solution.
Another excellent how-to. If you're looking for more content, you may want to consider doing an update. Cloudflare has deprecated Tunnels, and replaced with Zero-trust. I know they're the same thing (just different branding on their part). Now the dashboard setup (vs cli) is much easier and quicker to setup and manage.
You can't do RDP in the dashboard though which is the worst part. Or SSH I believe. Maybe you can SSH but if you want any kind of graphics you got to do the CLI. I struggled through it for weeks until I finally got it working.
very good the video. I wanted to know if I can use email service using the tunnel mode that you demonstrated. using cloudflare public IP as outgoing smtp. I have dynamic IP at home. and i want to create a home mail server using cloudflare as outbound proxy for smtp and imap.
I'm fairly new to this stuff and will soon be building my own UnRaid server, along with expanding my networking hardware. My question is this... Why use this method over say, creating a Tailscale VPN between all your devices? Is it just different ways of achieving the same thing or are there pro's and cons to each? Cheers
@RaidOwl I came to this video yesterday to get this setup, and I thought I had it understood... I had to come back today, and take notes, so I can practice this over and over so I don't forget it. Something I am curious about is, if you use the UI in cloudflare zero trust, how do you add the ingress contents? Is it possible to add the config.yml by hand to the same location as you do it via CLI ??
Hi! Your English is good, don’t worry. I’m running Proxmox on my server which is a Linux-based operating system. When you install it, it hosts a web GUI on port 8006 of the server.
