ฝัง
- เผยแพร่เมื่อ 4 ส.ค. 2024
- Cloudflare Tunnel is the easiest way to connect your infrastructure to Cloudflare, whether a local HTTP server, web services served by a Kubernetes cluster, or a private network segment.
No port forwarding and no unnecessary exposure!
🔔 Subscribe for more tech tips and tutorials: @IBRACORP
👍 Like this video if you find it helpful, and tell us in the comments what other tutorials you'd like to see.
🚀 Timestamps:
0:00 Intro
1:38 Cloudflare Tunnel GUI
2:46 Installing on Linux
3:45 Configure Tunnel
5:45 Final Words
📌 Follow us on social media for the latest updates:
Website: ibracorp.io/
Discord: / discord
Reddit: / ibracorp
Twitter: / ibracorp_io
Facebook: / ibracorp
💖 Support Us:
Your support helps us to keep producing high-quality tech tutorials and content. If you've found value in our videos, consider supporting us in the following ways:
PayPal: www.paypal.com/donate/?hosted...
Shop: shop.ibracorp.io/
Subscribe and share our videos with friends and colleagues.
Every bit of support makes a huge difference and enables us to continue delivering content that helps you make the most of the latest technology!
For business enquiries, please email support@ibracorp.io
#cloudflare #tunnels #ibracorp - วิทยาศาสตร์และเทคโนโลยี
Great work as always mate!
Thanks for the demo and info, have a great day mate =)
Cheers Chris have a great weekend!
I tried your tutorial, but I got HEALTHY as the status of my tunnel not ACTIVE nor INACTIVE, and when I tried to visit it says "Error code 502 BAD gateway"
for some reason when using your CLI method I keep getting 502 error when trying to access reverse proxied entries, using the GUI method and adding them to public hosts ( after deleting DNS for any subdomain used previously) has worked flawlessly and I ended up adding -d --restart unless-stopped to the command given by CF and keeping it running since I wasn't able to do it through the CLI method.. can't figure out whats wrong with it..
Nice update 👍
Thanks for the visit
Do I still need to setup NPM on Unraid? Because following this video, I can already access the domain without using NPM.
for those looking to use nginx proxy when configuring the tunnel via the GUI, you need to change the Catch-all rule at the bottom of the public hostname and insert the ip and port of your nginx proxy manager.
Edit
So you have to put the npm ip and port in two different places?
hey Juan, can you provide some more details? I am trying this also
What about a NPM that points to a NextCloud instance, shouldn't the tunnel points to the apache container instead?
I type my ngnix ip and port in. But it doesn’t stick after saving it?
I really appreciate all the works you guys been doing for unraid! I got a lot of stuff working on ipv4 and was wondering if ipv6 transistion is really needed, be neat if you can make a vid for it. Thanks!
Haven't crossed into that yet but for sure we'll take a look!
I would love to know where the docker app is storing the configuration files on the UnRaid system since it’s not specified in the docker run command?
This is so helpful. Wondering how you have you internal DNS setup for your self hosted services? Assume on your LAN you have DNS resolving to Nginx Proxy Manager so your not having to go out to the Internet and back in via the tunnel to reach these applications? Also, are you still doing letsencrypt certs on NPM in addition to the cloudflare certs?
Do you know how to update the tunnel in my server? I have a notification that says that an update is available but I can't figure out how to do so. I'm using unraid
It would seem Cloudflare had remove tunnel option as far as I can tell. Any chance for an updated video? Either way, the CLI version from the previous video still works for me.
I want to dig more into the private network option. If I specified a segment of my private network like a full /24, would I t hen need to use the WARP client in order to access that, or is that more meant for a tunnel-to-tunnel option?
If i go to tunnels it wants me to select a plan, even though i already created one through the cli. Anyway to get around this? Dont want to add my credit card
Do we still need to setup nginx proxy manager for the origin certificate to be end-to-end encrypted? Thanks!
I may be dumb, but I cannot figure out where the .json file is being created for this the unraid needs. Any help?
So I need the cloudflared docker for every tunnel (service) ?
Was following this and kept getting stuck, I've realized that at no point is there a mention of connecting to an already existing docker network. which is something he mentions in the CLI that he has setup.
I seemed to encounter a error it says that may tunnel is inactive. I don't know why. Is there a way to reactivate it and is there soomething else I need to do for it not deactivate again ?
Hello! I've decided to try and get this going via the GUI (have not previously done the CLI method) and am struggling to get this setup. Any chance you could do a full from scratch video using only the GUI and pointing to NPM? My NPM is using standard ports (80, 443, 81) and I'm not having any luck reaching my services. The tunnel is setup and active and I have my domain name pointed to the tunnel. I also have a cname setup for my service pointed to my domain name, just as you did in the CLI video.
Any luck on this having the same issues!
Super helpful and easy to follow as always. One thing though - do you know how to configure the GUI docker run command to restart the service unless stopped? The default requires a manual restart in docker whenever docker goes down or the server is rebooted.
--restart unless-stopped
It worked! Thanks. How do I install authelia over that?
how to make own cloudflare tunnel using a vps like the backend selfhosting it would be great if their exists such thing
anyone know how to setup ingress rules when setting it up this way?
Thank you so much. Had this working in my previous server and I now moved to Unraid. How do I run the docker command in Unraid? Do I do it in the Docker section or do I enter the command directly in the CLI console of Unraid?
In the CLI for Unraid will do it!
Thank you so much for the content. I have a question. Do we actually need NGINX Proxy Manager for this?
Yes and no. You just need some sort of reverse proxy still
@@IBRACORP Do I need a reverse proxy or not?!
Great work mate! thx for that!! My question is...if we use a tunnel from our windows laptop for instance, that would be like having a VPN set?
Thanks Raul. Depends what you mean mate, it's really designed to link the two locations via a tunnel, so suppose if you were on the recieving end then yes. Otherwise I would still be using something like Tailscale or Wireguard to protect you and your device
What editor are you using for SSH?
Termius
Do you still need to set up a ssl certificate, e.g via letsencrypt, for your services running on your home server if you use such a Cloudflare Tunnel? Thanks
No need
@@IBRACORP Last thing. Do you need to create a tunnel for each service running on your server which is managed by Nginx Pm or another reverse proxy? Thanks
how to use cloudflare tunnel services with aapanel panel with homeserver please make video tutorial i need help
I’m loving your videos and much prefer this GUI option over the CLI method. However, ’m confused by the docker run command. Can’t I just install the cloudflare docker container in the gui permanently? I’ve never used Unraid before but with Portainer I usually install docker container through a stack. That way they always run and I can make changes and re-deploy if need be. Is there a reason why this wouldn’t work? If it does work it would be amazing to see an updated tutorial. Thanks for all your work!
I edited the command generated by CF tunnel creation and added the following after docker run
-d --restart unless-stopped
there are no changes to be made though, its a command that opens up a tunnel, the rest can be done through the cloudflare dashboard
You can also create a basic docker compose file for it. You can completely destroy the container and rebuild it and as long as you don't delete the tunnel in your zero trust dashboard, you can reuse that same token that you find under the configure (that you originally ran in the docker command) and make a new container with whatever commands you need using CLI or docker compose / portainer. The token is the important part.
Great video as always. I want to set up a simple tunnel directly to nginx proxy manager, but for the life of me, I cannot get it to work. If I disable NPM and use Cloudflare as the reverse proxy by setting up a tunnel for each of my services that works, but I would like to set up a single tunnel for NPM and have it do the reverse proxy for all of my services. Any suggestions on what I might be doing wrong?
Did you figure it out?
Hi, Unraid and Docker rookie here. I've set up a tunnel using the CLI method before, but also wanted to try out this method. But, having trouble getting this even started. Don't really know enough about how Unraid and Docker works to understand what I am doing wrong, and trying to Google around I haven't been able to find anything about getting this method to work within Unraid. Anyone know where I should look/start?
Hi mate, you can run commands in the terminal for Unraid. I would stick with the CLI method if you already have it running
Awesome video. would it be possible le to have a follow up video on how to setup Authelia with these tunnels ?
Hi Fred! Certainly thanks for the suggestion
Fantastic video. Just wondering if there will be a video on setting up cloudflare zero trust access.
Yes, absolutely
Can you make a video how to use Windows 10 RDP using cloudFlare Tunnel.
Thanks for this video. Do you think you could make a video setting up a server through pterodactyl using a cloudflare tunnel that way you wouldn’t need to open ports? Or is that not possible?
This would be against CloudFlare TOS. Instead, try looking into TCPshield to achieve what you want
@@IBRACORP thanks. Why is it against tos to do so but it’s okay to access next cloud from another location?
Don't know for sure all I can say be sure to look at section 2.8 of the TOS. At the end of the day it's at Cloudflares discretion so we can't make claims of what is and isn't safe
@@iamthe7yearold587 it wouldn't even work anyways, because a game server like Minecraft doesn't operate over http/https which is what couldflared operates with.
Edit: The web-panel technically can be used behind the cloudflared tunnel, but the game servers themselves can't.
@@fizzyfrys There are options for ssh, rdp, and arbitrary TCP in the cloudflared documentation.
"In addition to HTTP, cloudflared supports protocols like SSH, RDP, arbitrary TCP services, and Unix sockets."
Well a week into these and still no go. I am sure I am doing everything right. It must be my Unifi Dream Machine Pro that is blocking something. Anyone with a Unifi controller willing to help?
Just setting up an unraid box and tried this today. I dont think this is the right solution. Off to look for a different approach. Ibra might need to make a new video for this one.
Thankyou for video, it is showing "error 502 bad gateway" for some applications like nextcloud,home assistant, shellinabox when I try to access via domain name cloudflare tunnel. These applications works perfectly locally. It works for other containers like jellyfin,portainer etc. Please help
Edit:- Login to your Cloudflare Tunnels dashboard. Go to the "Public Hostname Page" for each of the domains that you are having issues with. Find where it says "Additional application settings" and open that section of the page. Then, under "TLS" look for "No TLS Verify" and set that to "Enabled". This is the solution
I can't seem to get this to work for my prowlarr set-up and I enabled "No TLS Verify". Do you have any other suggestions?
@@zeusro163 can you access it locally?
@@mohamedirfan2816 Yes, I can access it locally, but I cannot access the cloudflared url for it. I got Mylar to work, but not sure what I did wrong for Prowlarr.
@@zeusro163 Does prowlarr have 'trusted domain' settings or something like that? In nextcloud I had to add my domain name as a trusted domain. If the problem still persists ask in subreddits r/selfhosted and r/cloudflare , some one might be able to help you :)
I use a 1 Buck VPS with a static ip and wireguard to give my unraid server a public static ip address. you don't find a lot of content about that maybe you could make a video.
Hi DitaSoft, thanks for being a subscriber. That's a great idea thanks for sharing!
and TCP tunnel??
Will this work on the raspberry pi?
Yes it should do
For the service, would we use the port that traefik is running on?
Correct Shane yep
@@IBRACORP Thanks mate. I have also worked out that the webgui can be used in conjunction with unraid by simply adding --token to the post arguments [tunnel run --token XXXXXX]
Scratch that, didnt work. just use tunnel run "tokenhere"
@@savageaus81 if you already did this via CLI, then you probably should not change it to this GUI setup as it appears that it is not necessary. I have also noticed the UnRAID cloudflared app locks you into a certain version with no hope of an update ever. I manually changed the repository from `cloudflare/cloudflared:2022.1.0-amd64` to `cloudflare/cloudflared:2022.4.0-amd64` and it updated perfectly. WTF is that about? That is completely stupid and should never be that way unless updated versions are problematic which does not appear to be the case.
Hi D Bishop, I agree and have said in the video no change required if you already have it running. All tunnels will appear in the GUI, whether you used CLI or not.
However to clarify, the container is the official one from CloudFlared which does not support using the 'latest' tag and must provide a version number.
In terms of production use this is the recommended approach to avoid a breaking change in an update but I agree it should be a working option
Would you recommend using this for production?
Absolutely. The tunnel means you launch it on any server regardless of location which is great for load balancing if you lose one server and want to spin up another without redoing DNS changes.
Also the fact that ports don't need to be open
But does it die or collapse when you run it in the shell. For example unraid, it builds it but if close the terminal it would break it?
The issue is yes you're using it as a Docker run command, so in hindsight what our reply should have been regarding production use is, we always recommend either compose or using the template in Unraid to allow to recreate the container
@@IBRACORP I’m ok with this. It’s a great way to test. Heck of a job on this video. You guys do awesome work!
Thanks Ivan!
great video. unfortunately when I go to "tunnels" it asks "choose a plan", when I click on that I have to choose a "plan", there is one that is free, but I have to enter "Credit card details" and I don't have a credit card. does anyone know anything about this? I'll check out that other video of yours to see if that works.
Is very nice service , can you make a guide how to secure the tunnel , i am been able only to use the email, would be noce to use e service like google authenticator, also can you make a guide how to create a tunnel for nextcloud installed on unraid, i tried several time but is not working the tunnel
I´ve already try this, but i can not use my NGINX Proxy Manager anymore on my Unraid-system in this combination. What do you think ? Should i use the NGINX anymore or is it obsolete ?
NGINX is definitely not obselete. Many members of our community use CloudFlare tunnels with NGINX without issue
@@IBRACORP hmm ... strange ... i must be configure somethin wrong. Did you tried to configure the new Agro-Tunnel in combination with NGINX ?
It should be no different to the manual method you need to add the port of the reverse proxy. Have you tried following our full length video on this? If not, link is in the description
@@IBRACORP yes, i was inspired of this full video to establish a argo :) in this new methode the local config-file not needed anymore, hm ? i created a public hostname (zero-trust - tunnels) which is pointing to my local npm https-port. the other sub-domains (CNAMEs) are pointing to the public hostname (with the UUID). Can you share a example how you integrate the NPM in the new Argo Gui ?
@@JaBe1303 yes I have a similar problem. I think it’s a bit different like cli setup.
Tips: Don't show your key even if you remove it after. Those key a simili-random generated based on YOUR account.
Wow, this can be a competitor to NPM..
Have them working together! See our full length Cloudflare Tunnel video to see it in action with NPM: th-cam.com/video/RQ-6dActAr8/w-d-xo.html
Nahh you have to add payment even if its free.
Still free 🙂