Wednesday, October 22, 2025

Cloudflare Tunnel + Zero Trust

 

    I have my Homelab, and I wanted to test Cloudflare tunnel to expose my service to wordl wide. I want to develop my Homelab YAGNI principle. At this moment I decide to not dig in 1 subject but move forward. But I have secure it from unwanted internet traffic. 

Before I begin to present my entry, a few proceses need to completed to start. This steps are essential, but main hero of this entry is Cloudflare. 

First step is to create account on Cloudflare main website. Instruction is very deatiled. In second step, buy we domain. I bought on webside goodaddy.con. I buy webdomain: andrzejsidor.online

In next step, I choose free plan and I forwarded DNS on godaddy.com according cloudflare instruction.



For each selected in Overview tab Cloudflare provide dashboard with statistics for eacg domain.


 


To connect my local server with world, I selected Cloudflare tunnel to this job.

First set is select Zero Trust in menu 

In next step I select Networks and Tunnels. To create tunnel click button     >Create a tunnel<.



In tunnel properieties I select enviroment DOCKER. I have plan to create docker in my homelab. In next step create via docker compose my app. At the end create network and add both containers.

* Update:

I try few times combine creation cloudflare tunnel and my apps. Later I found out, that Dockder was not natively made by CNI standard (Docker was before CNI. Docker is made CNM - Container Network Model. 


I rework code from Cloudflare as docker composer, to save code. I do not want it to be efemerical. I want it store code for later, only to change TOKEN in future.

Token I save in .env file. I do not want it to commit to Github for security reason.

CODE:

docker-compose.yml                                                         
 

services:
  cloudflared:
    image: cloudflare/cloudflared
    container_name: cloudflared
    environment:
      - TZ=Europe/Amsterdam # Change this to your timezone
      - TUNNEL_TOKEN=${TOKEN}
    restart: unless-stopped
    command: tunnel --no-autoupdate run
    networks:
      - cloudflared

networks:
  cloudflared:
    name: cloudflared


Here docker compose is up with -d flag.


In app was visible under url: https://portainer.andrzejsidor.online/

Access to app was secured by Cloudflare. To open to app user need proviode my Github credentials  with MFA. 

 


 
 

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

K8s cluster - bash install

     In my homelab, I testes another method of installation of Kubernetes. Average time of installation of Kubernetes via Ansible was 15 min...

  • Kubespray Homelab
            In the past I broke my K3s homelab more than few times. To set up K3s cluster again it was not complicated. I want to automate proce...
  • K9s install
      K9s K9s is a terminal based UI to interact with your Kubernetes clusters. The aim of this project is to make it easier to navigate, obser...
  • K3s HA + Cllium homelab set up - Updated
             Today I would like to document my base set up for my homelab. I try serveral Linux distros RHEL, Ubuntu, Fedora combined with K8s, ...