Setting Up Cloudflare Tunnel

Access your home lab without opening ports on your firewall.

We recently changed our internet service provider from Vodafone to TalkTalk and one of the things I didn’t think about was accessing my home lab from outside the network. I just thought that I could open a few ports and Bobs your uncle. Turns out that TalkTalk’s Modem doesn’t allow you to open certain ports, which wouldn’t be a problem if I wasn’t running Nginx Proxy Manager to router tariff, requiring ports 80 & 443, and the 2 ports that TalkTalk have block being, you guessed it, 80 & 443.

So after a few days of banging my head against a wall trawling through forums, I came across Cloudflare Tunnels. Tunnels are part of Cloudflare’s Zero Trust Platform and allow you to send web traffic to your home lab by creating a tunnel out from your server to Cloudflare and then they use their infrastructure and technical wizardry to allow access to your services without opening any ports on your modem.

I thought this was so amazing that I thought I’d share it with you. Not only that I thought I’d write a short tutorial on getting Cloudflare Tunnels set up on Docker. So I’ve set up a free Instance on my Oracle Cloud Account that I’m going to set up docker on, run a container then open a Cloudflare Tunnel so I can access it from the outside world without having to mess with port forwarding.

I’ll say it now in case anyone is tempted that the instance is only temporary for this tutorial and has already been deleted so don’t be surprised if it doesn’t work should you try to access it.

Setting Up Docker

As I’m starting from a fresh install of Ubuntu 20.04 Minimal on my Oracle Cloud Instance, I thought this might be the best place to start this tutorial of sorts.

STEP 1 – Connect to Your Instance via SSH

If you are using an Oracle Cloud Instance like myself you’ll need to you a command like the one below to access your instance. (Just make sure to change the file path, username and IP address)

ssh -i <private_key_file> <username>@<public-ip-address>

STEP 2 – Update everything

If you have also decided to go with ubuntu use the commands below to make sure your instance is us to date.

sudo su -

apt update

apt upgrade -y

STEP 3 – Install Docker

Before we install docker we need to set up the repo. Follow the commands below to install the repo and docker too

apt install ca-certificates curl gnupg lsb-release

mkdir -p /etc/apt/keyrings

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

apt update

apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin

STEP 3 – Install Portainer

Some people might think this is not needed but I prefer to use a graphical user interface when setting this up on my machines. So, as this oracle instance is only going to run docker I’m only going to be installing Portainer rather than installing cockpit as well. As you can get 5 free installs of Portainer-s Business edition that’s the version I’ll be installing today.

docker volume create portainer_data

docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ee:latest

Now that Portainer is installed it’s time to set it up. You’ll need to temporarily open some firewall ports so you can access your Portainer instance if you are using cloud hosting (as each cloud host is different I’ll let you find the details on your cloud hosts website) for now you can just open port 9443

Now that Portainer is installed it’s time to set it up. You’ll need to temporarily open some firewall ports so you can access your Portainer instance if you are using cloud hosting (as each cloud host is different I’ll let you find the details on your cloud hosts website) for now you can just open port 9443

Once that’s done head to https://Your-IP-Address-Here:9443 and follow the props to set up your new Portainer install. On the second screen, you’ll be asked for your Portainer License. If you don’t have one yet click on the Don’t have a license? link and sign up for free to get your 5 free Portainer Business licenses. You should receive an email with your license key shortly.

Portainer Set Up

Once you have completed the initial setup You’ll be taken to the Quick Setup Screen. Just click on the Get Started box so that Portainer knows that you are using a local install of docker.

On the next page, under environments, click on the blue dolphin next to local and then click on Container once the next screen loads. This will show you a list of all your containers

Portainer Quick Start

Setting Up Cloudflare

Now everything on the server-side is set up it’s time to set up the tunnels themselves. This is a really easy process. You just follow the instructions on the Cloudflare setup wizard and everything works.

STEP 1 – Sign up for or Sign into CloudFlare

This bit’s kind of important as the tunnels won’t work if you don’t have an account. It does involve changing some of your DNS settings with your domain registrar but again Cloudflare are really good a helping you set everything up just follow the wizard (again I’ll let you find the info on how to change your DNS settings on your registrar website)

STEP 2 – Setup a Tunnel

Head to https://dash.teams.cloudflare.com As it has been a while since I set up my tunnels I can’t remember if there was a setup screen here to set up Cloudflare Zero Trust. Just follow the instructions on Screen and eventually you’ll get to the Zero Trust Dashboard. Once there click on Access in the menu on the left and then click tunnels.

The page you come to may be a little different to the one on the right as I already have some tunnels set up. but your next step is to click Create a tunnel

Cloudflare Tunnels Dashboard

Give your Tunnel a Name. I’ve called mine tutorial as this is a temporary tunnel for this tutorial.

On the next screen, you’ll be asked to configure your tunnel. You’ll see near the top an option to select your environment. Click on Docker. Under that, you’ll get a command to install Cloudflare Tunnel. Copy it and paste it into the same ssh window we used earlier to install docker. When the command has been completed, It’ll show that you have connected to 4 locations, close your ssh client. Go back to the Cloudflare Tunnel config and click next at the bottom of the page.

Cloudflare Tunnel Config

And now we reach the final step. All you need to do now is select your domain (and add a subdomain and/or path if you want them) and then in the service box below put the details of your service.

For this, I’ve just used my Portainer instance. so in the first drop-down box I’ve selected HTTPS and in the address box, I’ve entered the IP address of my docker container (172.17.0.2) a colon (:) followed by the port for Portainer 9443. Then click on Save Tunnel at the bottom. Now just head to your chosen web address and there you have it.

FUTURE JIM NOTE: I forgot to mention that if you have a secure web app you would like to tunnel to you may need to enable a setting in the Additional application settings. All you should need to do is enable the No TLS Verify option.

Cloudflare Tunnel Route

I told you the process wasn’t that bad. Not only can you access your home lab applications away from home debut you can do it without opening up holes in the security of your modem.

Will you be using Cloudflare Tunnels in your home lab? What apps are you running? Let me know in the comments below.

Jim (144)

Jim, with a vibrant career spanning 18 years in Customer Services and Event Production, has been on an exhilarating journey. From working in venues across the UK to being the go-to techie for some of his favorite bands, Jim’s passion for live events shines through.

He honed his skills at East Riding College, where he earned a BA in Contemporary Media, Design, and Production. These days, while he may not be as active in the live events industry, Jim keeps a watchful eye on the scene. His dream? To establish his own production house, championing local homegrown talent.

When he’s not immersed in the world of events, Jim enjoys family life with his wife and two children. And every now and then, he gets to share his intriguing discoveries through blog posts.

Categories: ,

Comments

2 responses to “Setting Up Cloudflare Tunnel”

Leave a Reply

Your email address will not be published. Required fields are marked *