DEV Community: thirzq

How I SSH the Cloudflare Tunnel based Home Server

thirzq — Sat, 17 Jan 2026 16:29:41 +0000

Continuing from the setup of a home server using Cloudflare Tunnel, the next step is enabling SSH access so the device can be accessed remotely. Normally, SSH access is done using ssh user@ip-address. However, as explained in the previous article, the server uses a dynamic IP address, which means the IP can change at any time.

To solve this, the SSH setup must use an address that does not change. Cloudflare Tunnel makes this possible by allowing SSH access through a domain name instead of an IP address. With this configuration, SSH access can be done using ssh user@domain.

Verify Cloudflare Tunnel status
Ensure that the Cloudflare Tunnel is active and its status is shown as Healthy in the Cloudflare Zero Trust dashboard.
Edit the tunnel configuration
Click Edit on the active tunnel, then navigate to Published Application Routes.
Add a new published application route
Click Add a published application route to create a new route for SSH access.

Configure the SSH route
- Subdomain: Use an unguessable subdomain for better security. For this example, use ssh.
- Domain: Select the active domain, which in this case is nevatal.tech.
- Service Type: Select SSH.
- URL: Set the URL to localhost:22, the default SSH port.

The next step is to secure SSH access by configuring Access Control.

Open Access Control
Go to Access Control and select Applications.
Choose the application type
Select Self-Hosted as the application type, since the server is a self-hosted device.
Set the application name
Enter an Application Name of your choice. For clarity, you can use a name such as ssh-server.
Configure the session duration
Set the Session Duration as needed. This controls how long a user can remain logged in before being required to reauthenticate.

And then Add the public hostname using the subdomain and domain configured earlier. In this case, the hostname is ssh.nevatal.tech.

After that, you need to create an Access Policy. This is done under Access Policies and is used to define who is allowed to access your SSH service.

Create a new policy
Create a new policy and fill in the Basic Information.
Set the policy name and action
Enter a Policy Name of your choice. In this example, use john-access.
Set the Action to Allow, since this policy is intended to permit SSH access.
Configure the session duration
Set the Session Duration to any value you prefer, or choose the same duration as the application session timeout. In this case, it is set to 24 hours.
Add access rules
Add Rules to define who is allowed to access the SSH service.
Choose the authentication method
For the Selector, choose the authentication method you want to use. In this example, select Email.
Add the allowed email address
Enter John’s email address to grant him access to the SSH service.

After that you can access it from browser by input the link of ssh to the browser search in my case that is ssh.nevatal.tech

Step 1: Input the User Login

Enter the username that will be used to access the server.

Step 2: Fill in the Password

Provide the password for the user, then proceed. In this step, you can also input your private key; however, for this setup, I will sign in using a password.

Step 3: SSH Browser Rendering Appears

After enabling Browser Rendering, the SSH Browser Rendering option will appear.

You can now run commands and interact with your server through a terminal-like interface directly in the browser using SSH.

Conclusion

With this setup, SSH access to the home server is now available without relying on a static IP address. By combining Cloudflare Tunnel, a dedicated SSH route, and Access Control policies, the server can be accessed securely using a domain name instead of an IP.

How I handle Dynamic IP for my Home Server

thirzq — Fri, 09 Jan 2026 08:24:05 +0000

Running a home server is a great learning experience, but it comes with a major headache: Connectivity.

I recently ran into a specific problem. I am running my Ubuntu home server using a SIM card through a mobile hotspot rather than a traditional wired connection. As a result, my public IP address is dynamic and changes every time I restart the connection or the device. Additionally, mobile networks often use CGNAT, which makes traditional port forwarding impossible.

Re-configuring my domain to point to a new IP address every single day was painful and unsustainable.

I found a solution that eliminates the need for a static IP entirely: Cloudflare Tunnel. Here is how I set it up to expose my Docker containers to the internet securely.

What You Need

A Server: I am using a laptop running Ubuntu.
A Domain Name: You need a custom domain.
- Tip: If you are a student, you can get a free domain from Name.com via the GitHub Student Developer Pack. Alternatively, eu.org offers free subdomains (for non-commercial use).
A Cloudflare Account: The free tier works perfectly for this.

Step 1: Connect Your Domain to Cloudflare

Before setting up the server, Cloudflare needs to manage your domain’s DNS.

Enter your domain name (e.g., nevatal.tech) and click Quick Scan.
Select the Free Plan. Cloudflare will scan your current DNS records.

The Important Part: Cloudflare will provide you with two Nameservers (e.g., ns1.cloudflare.com and ns2.cloudflare.com).
Go to your domain registrar (Name.com, GoDaddy, etc.).

Find the Nameservers setting, delete the existing ones, and input the two provided by Cloudflare.
Save changes.

Note: It may take anywhere from a few minutes to a few hours for the nameservers to update globally. You can bookmark the page and come back later if it’s taking time.

Step 2: Create the Tunnel in Cloudflare Zero Trust

Once your domain is active on Cloudflare, you need to create the tunnel configuration.

Go to the Cloudflare Dashboard.
On the left sidebar, click Zero Trust.

In the Zero Trust dashboard, go to Networks -> Tunnels (sometimes labeled as "Connectors").
Click Create a Tunnel.

Select Cloudflared as the connector type.
Name your tunnel: I named mine my-server.
Click Save Tunnel.

Step 3: Install Cloudflared on Ubuntu

After saving the tunnel name, Cloudflare will ask you to choose your environment. Since I am using Ubuntu, I selected Debian.

Cloudflare provides a set of commands to install the cloudflared agent and link it to your account. Open your Ubuntu terminal and run the following:

1. Add Cloudflare GPG Key

sudo mkdir -p --mode=0755 /usr/share/keyrings
curl -fsSL https://pkg.cloudflare.com/cloudflare-public-v2.gpg | sudo tee /usr/share/keyrings/cloudflare-public-v2.gpg >/dev/null

2. Add the Repository

echo 'deb [signed-by=/usr/share/keyrings/cloudflare-public-v2.gpg] https://pkg.cloudflare.com/cloudflared any main' | sudo tee /etc/apt/sources.list.d/cloudflared.list

3. Install Cloudflared

sudo apt-get update && sudo apt-get install cloudflared

4. authenticate and Start the Service

Look at your Cloudflare browser window. It will provide a command that looks like sudo cloudflared service install [LONG-TOKEN]. Copy and paste that into your terminal:

sudo cloudflared service install [YOUR_TOKEN_HERE]

Once you run this, the cloudflared service will start automatically. If you look at your Cloudflare dashboard, the status of your Connector should change from "Inactive" to "Healthy" or "Connected".

If you are unable to activate it, or if it has already been registered but the terminal session was exited, you can activate it again by

cloudflared tunnel run --protocol http2 --token [YOUR_TOKEN_HERE]

Step 4: Exposing Your Applications (Routing)

Now that the tunnel is running, your server is connected to Cloudflare, but no one can access your apps yet. You need to tell Cloudflare where to send the traffic.

In the Zero Trust Dashboard, inside your Tunnel configuration, open the Public Hostname or Published Application Routes tab.
Click Add a Public Hostname / Published Application Routes.
Subdomain Choose a prefix that represents your application. This can be any value that makes sense in your context, for example:
- www for a main website
- app for a web application
- blog for a blog service
- note if you are deploying a note-taking application This subdomain will be combined with your domain (e.g., note.nevatal.tech).
Domain Select your registered domain, nevatal.tech, from the dropdown list. Cloudflare will automatically bind the chosen subdomain to this domain.
Service Type Select HTTP if your application is served over HTTP internally (Cloudflare Tunnel will handle HTTPS externally).
URL / Service Address Specify the internal service that Cloudflare should forward traffic to, for example:
- http://localhost:3000
- http://127.0.0.1:8080
(Optional) Path If your application is exposed under a specific path or you want to route different paths to different services, you can define it here. Examples:
- /api → forwards to an API service running on a different port
- /admin → forwards to an admin panel on another server This is useful when multiple applications are running on the same host but different ports or backends.

Click Save Hostname.

Conclusion

That’s it! Now, when I type app.nevatal.tech into my browser, Cloudflare receives the request, sends it through the secure tunnel to my laptop (connected via SIM card), and my Ubuntu server responds.

I no longer have to worry about my IP address changing or setting up complicated port forwarding rules. My home server is accessible from anywhere, completely free of charge.

Nevatal Joins Hacktoberfest 2025: Build the Future of AI Functions Hub 🚀

thirzq — Sun, 19 Oct 2025 08:47:22 +0000

🧠 What is Nevatal?

Nevatal is an all-in-one platform that connects multiple AI functions through a single hub.

It’s designed to make experimenting with AI simple and accessible. Just plug in your Gemini API key, and you’re ready to start building.

🏗️ Tech Stack Highlights

Backend: Django REST Framework
AI Integration: Gemini API
Frontend: Vite + React + TailwindCSS + TypeScript
Deployment: Dockerized for quick setup anywhere

In short, Nevatal delivers a smooth, modern developer experience from setup to execution.

💡 Why Contribute?

Hacktoberfest is about growing the open-source community, and Nevatal offers a perfect playground to explore AI-powered systems.

By contributing, you’ll:
✅ Learn how to build AI-driven backends and interactive frontends
✅ Gain real experience in AI system design
✅ Boost your open-source portfolio
✅ Earn Hacktoberfest swag 🌱

🛠️ How You Can Contribute

There are plenty of ways to get involved:
🧩 Add new AI use cases or endpoints
🎨 Improve frontend components and UX
⚙️ Enhance Docker setup and deployment
📖 Write documentation or tutorials

Every pull request counts, whether you’re fixing a small issue or adding a major new feature.

📍 Get Started

Ready to contribute?

🔗 GitHub Repo: Nevatal Repo

Fork the repository, create a branch, make your changes, and open a pull request.
Don’t forget to ⭐ the project to show your support!

💫 Let’s Build Smarter Together

Nevatal is about making AI development easier, faster, and more collaborative.
With your help, we can turn it into a go-to hub for AI creators and developers around the world.

Join us this Hacktoberfest and let’s make Nevatal smarter together 💻✨

Hacktoberfest #OpenSource #AI #Django #React #GeminiAPI #Docker