DEV Community

Cover image for How to Set Up a Cloudflared Tunnel on Your Homelab
Tan
Tan

Posted on

How to Set Up a Cloudflared Tunnel on Your Homelab

#networking #homelab

Want to expose your private service to the world without revealing your real IP? Let Cloudflared Tunnel be your secret weapon.

Running a homelab can be exciting, especially when you want secure remote access to your self-hosted services without exposing your entire network. With Cloudflare Tunnel (previously known as Argo Tunnel), you can expose local services to the internet via a secure, private tunnel, even without a public IP.

Forget Port Forwarding
One of the biggest advantages of using Cloudflared Tunnel is eliminating the need to expose ports on your router. No more struggling with NAT, firewall rules, or worrying about open ports being scanned by bots.

This guide walks you through setting up a Cloudflared tunnel on your homelab
How Cloudflared tunnel works

Forget Port Forwarding
One of the biggest advantages of using Cloudflared Tunnel is eliminating the need to expose ports on your router. No more struggling with NAT, firewall rules, or worrying about open ports being scanned by bots.

This guide walks you through setting up a Cloudflared tunnel on your homelab.

Prerequisites:

  • A Cloudflare account
  • A domain managed by Cloudflare
  • A machine in your homelab (Linux or Windows) with Docker or direct access
  • Basic command line skills

Step 1: Install Cloudflared

On Linux (Debian/Ubuntu): 

sudo apt update && sudo apt install cloudflared
Enter fullscreen mode Exit fullscreen mode

Or via Docker: 

docker pull cloudflare/cloudflared:latest
Enter fullscreen mode Exit fullscreen mode

Step 2: Authenticate with Cloudflare

Run the following command and log in via the browser when prompted:

cloudflared tunnel login
Enter fullscreen mode Exit fullscreen mode

This authorizes the machine to create/manage tunnels under your account.

Step 3: Create a Tunnel 

cloudflared tunnel create <TUNNEL_NAME>
Enter fullscreen mode Exit fullscreen mode

This generates credentials and assigns a unique tunnel ID.

Step 4: Configure Tunnel Routing

Create a configuration file at ~/.cloudflared/config.yml (Linux) or %USERPROFILE%\.cloudflared\config.yml (Windows):

tunnel: <TUNNEL_ID>
credentials-file: /home/user/.cloudflared/<TUNNEL_ID>.json

ingress:
  - hostname: service.example.com
    service: http://localhost:8080
  - service: http_status:404
Enter fullscreen mode Exit fullscreen mode

Make sure to replace <TUNNEL_ID> and paths appropriately.

Step 5: Set Up DNS Record

Use the Cloudflare dashboard or run:

cloudflared tunnel route dns <TUNNEL_NAME> service.example.com
Enter fullscreen mode Exit fullscreen mode

Step 6: Run the Tunnel

For testing:

cloudflared tunnel run <TUNNEL_NAME>
Enter fullscreen mode Exit fullscreen mode

To run as a service:

sudo cloudflared service install
Enter fullscreen mode Exit fullscreen mode

Or with Docker Compose:

version: '3.8'
services:
  cloudflared:
    image: cloudflare/cloudflared:latest
    restart: unless-stopped
    command: tunnel run <TUNNEL_NAME>
    volumes:
      - ~/.cloudflared:/etc/cloudflared
Enter fullscreen mode Exit fullscreen mode

Final Notes:

  • Make sure your local service (e.g., Nginx, Home Assistant, etc...) is accessible at the configured internal URL.
  • Check Cloudflare Zero Trust dashboard for traffic and analytics.
  • Always secure your Cloudflare account with 2FA.

Happy tunneling! This setup allows you securely access your homelab services from anywhere without dealing with port forwarding or public IP concerns.

Source: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/

Author: Hoang Tan Tan
GitHub | LinkedIn

Top comments (0)