Cloudflare Tunnel Tutorial

Acces Home Lab Remotely Easy: Cloudflare Tunnel Tutorial

In the past if you wanted to expose a service or application in your home lab environment to the internet you had 2 options:

  • use a VPN to connect to your local network and then gain acces to your home lab
  • buy a domain name and use a DDNS service to link your public IP address to the domain

Both options are decent and somewhat secure, but they have some drawbacks.

The first drawback and the biggest one in my opinion is the fact that you have to expose some ports to the internet.

And by doing so you must make sure to have a decent router/firewall at home to configure some strict ACL rules and to make sure that suspicion attempts to acces those ports are blocked.

Even so this can lead to suspicious traffic and in some rare cases hacking/flooding attempts.

Also some IPS are not allowing certain ports to be publicly exposed and they may apply some traffic limitations.

And in the case of using a DDNS to update the A record of your domain name, it can be a little complicated to setup.

Especially if you have multiple services that you want to acces from a public internet connection.

You need to use an extra application on your server (a reverse proxy) that manages all the incoming traffic and then make the correct connections to your local machine.

I know! For most of you that are reading this article those are not huge drawbacks. Because im sure you are pretty tech-literate and can figure those quirks out. But if you are a beginner in this space it can be overclaiming and the learning curve can be a little steep.

But i have a better way! Using a Tunnel from Cloudflare

How does a Cloudflare Tunnel Work?

„Cloudflared establishes outbound connections (tunnels) between your resources and Cloudflare’s global network. Tunnels are persistent objects that route traffic to DNS records. Within the same tunnel, you can run as many cloudflared processes (connectors) as needed. These processes will establish connections to Cloudflare and send traffic to the nearest Cloudflare data center.”

Acces Home Lab Remotely Easy: Cloudflare Tunnel Tutorial 31
How a Cloudflare Tunnel Works

So basically a secure connection is established between your Server and Cloudflare though a domain name that you setup in your Tunnel Configuration, without exposing any ports to the internet and without ACLs.

Learn more about Cloudflare Tunnels here.

Configure a Cloudflare Tunnel connection in 3 minutes (on average)

Before we start!

Register a Cloudflare account here that is free.

Make sure that you have acquired a public domain name. You can register a domain name on Cloudflare or you can use any other TLD providers out there.

After that you need to change the nameservers of your domain with Cloudflare ones.

This method is for configuring a Cloudflare Tunnel inside of docker, but if you dont have Docker or dont want to use Docker there are other options available such as Debian, Red Hat, Windows or MacOS.

The configuration process will be done one the home lab server that has an active internet connection.

  • Go to and add a website
  • Then click next and you will see the nameservers that you need to change for your domain
  • After changing the nameservers wait a few minutes so the update propagates
  • Now click on Acces (the option is on the left side menu) and then click on the blue Launch Zero Trust button
  • Go through the configuration process
  • You will see again in the left side menu an Acces option, expand it and then click on Tunnels
  • Click on Create tunnel and give it a name
  • Now choose your environment in witch you want to configure the tunnel connection & follow the instructions for your operating system
  • All is left to do is configure the domain or subdomain for the tunnel and the service IP

Important things to take into consideration

Some limitations apply to streaming services/file sharing services

Because Cloudflare is not really meant for Big Data services or Streaming Services, in some cases the connection to the tunnel may be interrupted.

On the free plan Cloudflare if you use also the Proxy feature for your domain, you will be limited to a request size of 100mb, so in this case you need to disable the Proxy.

If you disable the Proxy some of the security features of a tunnel will be disabled.

WARP disabledWARP enabled
Proxy disabledNo limitNo limit
Proxy enabled (Free)100 MB100 MB
Proxy enabled (Pro)100 MB100 MB
Proxy enabled (Business)200 MB200 MB
Proxy enabled (Enterprise)500 MB (default)500 MB (default)

Activate full SSL/TLS encryption

I highly recommend you enable SSL/TLS from the Cloudflare control panel.

To do so go to and select your domain that youve just added then click on SSL/TLS and set it to full and also check SSL/TLS Recommender.

Enable no TLS Verify for https services with a locally signed certificate

Go into your Zero Trust menu and select your subdomain or domain.

Click configure and scroll down for Additional application settings and under TLS disable No TLS Verify.

Are you planning in using a Cloudflare Tunnel? Let me know in the comment section below

Dan Mutu este fondatorul și editorul șef la Contribuitor activ la secțiunile revistei Geek Chronicles și la secțiunea de Forum. Cunoștințele predominante sunt în domeniile: tehnologiei, marketing și suport tehnic.
Geek Chronicles

Pasionat de tehnologie?

Te invităm în grupul nostru de Facebook unde purtăm discuții constructive despre tehnologie și nu numai.

Articole direct pe mail săptămânal

Îți trimitem săptămânal un email cu toate articolele/materialele noi publicate fără spam

Prin abonare confirmați că ați citit termenii și condițiile și aveți peste 16 ani