Post

Cloudflare Tunnel

Posted
By Sena Perdiana 2 min read

Cloudflare Tunnel enables secure remote access to internal networks or devices over the internet without requiring open inbound firewall ports. By establishing an outbound connection to Cloudflare’s network, the tunnel directs internet traffic through a secure, encrypted pathway to internal systems. This setup allows internal systems to be accessible for remote management while protecting them from direct internet exposure and potential attacks.


To configure Cloudflare Tunnel, we need a domain name. Here we purchase a $1 domain named “helenalab.site” for this purpose

x


Next go to Cloudflare, sign up for an account, and register the newly purchased domain

x


Choose the Free version, this requires a payment method even though we’ll not be charged. Here we use PayPal for this

x


Then hit Continue to Activation

x


Next we need to point the nameserver to Cloudflare to route internet traffic through Cloudflare’s network before it reaches the internal systems. Copy the nameservers

x


Then on the domain provider update the DNS configuration by pasting the nameservers. Updating the DNS settings to Cloudflare’s nameservers allows all requests for the domain to go through Cloudflare first, allowing Cloudflare to handle security, traffic management, and tunneling configurations.

x


After couple minutes the domain should be registered on Cloudflare

x


Next on Zero Trust » Network » Tunnels, add new tunnel

x


Select Cloudflared

x

  • Cloudflared is used to expose internal services to the internet by creating a secure tunnel from a private network to Cloudflare, making applications accessible externally without opening firewall ports.
  • WARP Connector is designed for individual devices, routing all of their traffic through Cloudflare to provide secure remote access to internal resources and protect internet browsing.


Then give it a name

x


Here we can choose the connector types, the easiest one is Docker so that’s we’re choosing. Copy the docker command

x


Run the command on the linux server, here we use RHEL

x


After that the connector should be listed on Cloudflare Tunnel

x


Next create a Public Hostname that we will access from the internet, here we’re trying to access the vCenter server on the Internal Network over Internet

x


Just like that now the internal app is accessible on the Internet

x


We can also have multiple Public Hostnames pointing to different internal servers in the same tunnel

x

x


Other, Cloudflare Tunnel
This post is licensed under CC BY 4.0 by the author.