By Ash in Self Hosting

Setting up Cloudflare Tunnel

Access your self-hosted apps from anywhere on the web

Cloudflare Tunnel allows you to securely expose your local web servers or services to the internet without opening inbound ports on your network or configuring complicated firewall rules.

I found this to be the easiest way to expose my self -hosted apps. Here's a quick overview of how it works:

Key Components

  1. Tunnel: This is an encrypted connection between your local machine (or server) and Cloudflare’s global network.
  2. Cloudflare Edge Network: Cloudflare’s network acts as a reverse proxy, handling requests from users and forwarding them to your local service.
  3. Tunnel Daemon (cloudflared): This lightweight software runs on your machine, establishes the tunnel, and forwards traffic between your service and Cloudflare.

How It Works

1: Create a Cloudflare Tunnel:

You start by running the cloudflared daemon on your server. This daemon establishes a secure, encrypted tunnel to Cloudflare’s edge. In CasaOS, this is available in the App store:

Cloudeflared is available in CasaOS Appstore

2: Domain and DNS Configuration:

    • Once the tunnel is up, you can configure your domain (e.g., ashis.dev) in the Cloudflare dashboard to point to the tunnel.
    • This eliminates the need to expose your server’s IP address publicly, as Cloudflare's global network acts as the intermediary.
Cloudflare dashboard

In the Cloudflare dashboard shown above, 'CasaOS' is the name of the tunnel I created. I added the domain ashis.dev to point to the local ip address of my Ghost CMS instance.

3: Cloudflare Edge Receives Traffic:

When a request comes from a user (e.g., trying to access ashis.dev), Cloudflare’s edge network first receives the traffic. The traffic doesn’t go directly to your server.

4: Tunnel Forwards Traffic:

    • Cloudflare uses the encrypted tunnel to securely forward the traffic from its edge network to the cloudflared daemon running on your server.
    • The daemon then forwards the traffic to the appropriate local service (in my case, the Ghost CMS instance running at port 2368).

5: Response is Returned:

    • The local service processes the request and returns the response through the same tunnel, back to Cloudflare’s network, which then returns the response to the user.

I have setup tunnels to most of my self hosted apps, so that I can access them from anywhere. Hope this helps!