Here is a docker-compose with a restart policy to help making deploying a CloudFlare tunnel a little more straightforward: dbt3ch.com/books/access-your-self-hosted-services-without-port-forwarding/page/cloudflare-tunnels-docker-compose Thanks to The Blue Portal for sharing this with the community.
Thanks for the video. I'm currently in the middle of it, but I'm don't really understand where we got the `root@196....` when performing ssh. Also, pinging my new domain says it doesn't exist.... but Cloudflare says I"m all good. Confused, please help.
@@NickTheCodeMechanic regarding the "root@192" stuff... "root" is the username of the device you're logging into. Your username might be different. The "192.168.0.x" is the IP of the device you're logging into. As far as the ping issue, it's likely a DNS issue. This is common. Try connecting to the internet via a VPN and then pinging your domain. It should return a CloudFlare IP address if things are working correctly.
omg, this is the first guide ive seen that doesnt involve creating dockers or other crap, its just simply, explained step by step, like a normal human being !! There is such a need for this, in this area, as not everyone is in front of a PC 12hrs a day!! Couldnt hit Sub quick enough
You sir, saved my sanity!!! No more NPM for this dude, Cloudflare tunnel all the way! Thanks for all the effort put into making this video and helping us out.
I've watched countless videos on using cloudflare specifically, this was the most straight to the point and easy to understand video. I can't say thank you enough!!
This is gold man. I've been leaning towards this solution and slowly learned the bits and pieces as time goes on. Thanks so much for laying all this out. Incredibly valuable!
One more top quality session from Dave! As a side note, most of the technical videos, I usually watch it 1.2x speed. Can't do it at Dave's speed of speech! 😆
You can also turn the docker file into a stack in portainer like this: version: "3.9" services: tunnel: container_name: cloudflared-tunnel image: cloudflare/cloudflared restart: unless-stopped command: tunnel run environment: - TUNNEL_TOKEN=YOURTOKENHERE You can also add this on to other stacks if you wanted to make a tunnel for each application
Replying again to let you know I've created a page on my wiki that has this info as well: dbt3ch.com/books/access-your-self-hosted-services-without-port-forwarding/page/cloudflare-tunnels-docker-compose
I am a noob when it comes to networking.. I was able to understand and follow each and every step ❤️. Now I am accessing my jellyfin server over the domain ❤ Thank you so much .. just subscribed
Followed another VERY well known tech blogger/tuber and got myself into deep poop (beware of stuff from the legacy Argo Tunnels days). This tutorial - and the others regarding remote/restricted access - saved the day. Clear, concise(ish), occasionally tangental (like my brain), and, if I'm sufficiently caffeinated, I can watch them at full speed! ;-) Thanks, David.
Thank you for your excellent video on Cloudflare Tunnel installation! Your clear instructions saved me hours of frustration, and I quickly achieved success. Your expertise is greatly appreciated!
All great recommendations as usual DB! Porkbun is by far the best for price and privacy (and ease of use). Cloudflare is incredible! I’d say they are sooo instrumental to daily operation, that I wonder what would happen if there was a significant outage. This all makes me think if I should think of some sort of ‘Plan B’ - if things go down, or receive maintenance. But if CloudFlare goes down - that everything might be as well... which is definitely a scary thought!
This was great!! Thanks. I never knew about Cloudflare tunnels and have only used DNS forwarding with open ports. Now I can close all those open ports on my router. And can have secure passwords for all my docker web interfaces maintained by keychain. Awesome.
That's awesome! I'm glad that my video helped you learn something new. Did you see my video about adding additional authentication for even more security? ua-cam.com/video/wdmbAo02ktQ/v-deo.html
NPM is being retired and I have closed off the ports that I used to have open on my Firewall. I did have to do something differently though. I use a cloud service and have a Tunnel setup for it. I wanted to restrict it using the IP Address and Bypass method you showed but that would not work. I could net get through. I changed it to Service Auth and it works. I can reach from my home IP but not when I fire up a VPN and my address changes. This is a great solution and no more worrying about Ports, Certs, and NPM.
Thank you so much for making this video. This is very informative and more so with the current environment where some ISPs restrict port opening from their end.
You trully are an network angel 😁😁. After all the port forwarding pain and you mentioned you dont do that anymore, this saved me! Thanks a lot for all your videos. You sir got new subscriber with the bell on 😊
Holy cow man this is the video I needed! Never could understand nginX proxy manager. This seems way easier to me. Thank you for showing this alternative method.
So, you've mentioned in other videos that you host Emby. Do you have that public-facing? If so, how do you get around the Cloudflare restriction on streaming? Do you run some other kind of proxy just for Emby?
Your video was very helpful. I was able to run Foundry VTT on my windows desktop and I'm grateful for your instruction. I've been trying to do this for over a year. Thanks!
I always stayed away from this as I thought "up to 50 users" meant only 50 people using the website should I day host a website or page with this... But I assume this is comparable to port forwarding in some ways? Is there any reason to not ditch nginx from forwarding traffic to docker containers, and instead access them "directly" with this?
Hey! Thanks for watching! I use Tunnels and get thousands of visitors to my online assets without issue. Using Tunnels actually removes the need to port forward at all, which, in theory, improves network security. I no longer use any sort of reverse proxy to access my self-hosted applications and rely on this solution exclusively
Superb video - (and hope you're feeling better?). Two questions though : 1 - I'd like to set it so that users outside of our LAN have to enter their email to get a PIN, but when they are on our LAN, they don't. We don't have a static IP though. Do you know if there is a way of telling Cloudflare to always allow access from inside our LAN? 2 - What's the best way of running the Tunnel service on a Raspberry Pi? The docker command in the video doesn't have an ARM image. Thanks so much and stay well! Andrew
This should help with you first question: ua-cam.com/video/65FdHRs0axE/v-deo.html I've heard people use the same process with Pi devices, but haven't tried it myself
Damn DB, I love all your stuff, and you have helped me so much over the years. I was going to do this, but there is an upload limit of 100mb for free plans. might be a good idea to let people know that these free accounts are limited. Now if that only applies to cloudflare hosting, then I will stand corrected, but it appears to be managment for the entire site which is not cool, at least for what I am trying to do. Just thought I would remind you, while I luv ya, to remember to point out limitations before people start changing thier registrar information!
Good point. I was implementing this and then thought maybe when this video was done there was no limit. For now I'll stick with NGINX and a Docker container to update my IP.
@@Sapious1 I just ended up purchasing a domain through cloudflare. It was more than fair on price and if I'm not mistaken, it provided a cost effective work around on the restriction yet still allowing me the ability to set up the home server via tunnel. I paid it up for like 5 years, and ultimately plan on migrating to web3 domains in the long run anyway. So far it has worked great, gaggle of musicians exchanging large multitrack files on my private server was the goal, and I can say mission successful. I am no pro like DB, and can not express enough how much I respect the guy for the time he gives to us, I'm just a guy determined to get what I need done. Thanks for the comment, and hope that helps!!
Thank you for the useful and free information. I have a question: I need to do a tunnel on my Mac High Sierra but cannot use Docker. Do you have any suggestions for other free tools I could use? Thank you in advance.
Containers run on ports. You could use Firewalls to block access to the containers to everything but your IP address to help prevent others from accessing your containers on the IP:Port and then use Tunnels to access them via domain names.
Just saying I found your video well googling around and I got it working with ease thanks to it. So, thank you for doing it. Going to go watch the securing CF next.
Thank you very much for your video, I had been looking for good information for a long time and you gave it to me. Subscribed and grateful, greetings from Venezuela.
Yes yes yes! That’s what I needed min 18. I don’t know why I never click on that top button smh 😂 you are the man. Thank you for such a great video. Must appreciate it!
Awesome guide! ⭐ Question: Are there any performance differences depending on how you host your Cloudflare Tunnel on your local network? Like installing the tunnel on your machine or when hosting it with Docker?
I was setting up the same thing to my proxmox installation, got ready the home assistant and some other services. I knew about this method at work, but they used Google Workspace account to log in, thanks for the video.
Great video, but I think it's missing an explanation that the CloudFlare connector container lives in our network, establishes a connection to CloudFlare and uses that connection to reverse-proxy the traffic from outside to the services inside of our network. I mean, of course it's obvious, but for some reason I had to pause and think about it before I could understand what the next steps with penvin do.
I followed this video and another one. I was able to get the tunnel working, but the Access - Application using email access one time pin via email isn’t working. I am not presented a login page. I bought the domain via Cloudflare just so I didn’t run into any DNS propagation issues during initial setup.
14:14 I would also add "-d --restart=always" here If the server is restarted or in the event of a power failure when you turn on the server, cloudflare tunnels will simply not work because docker has not started. --restart=always will automatically start docker (Please correct me if I'm wrong.)
Absoultly fantastic walk through thank you. Setup perfctly now. Thank you. Is there a limit to how many "Public Hostnames" you can have in a single tunnel?
I have PC running windows 10 but I am not sure where to run the CloudFlare Client. It is better to install Docker on Windows then run CloudFlare client or just install CloudFlare Client on PC? What is the better speed and advantages. I have extra PC that can use to install any OS.
DNS propagation isn’t controlled by any one company, depending on routes and caches it CAN take 24-48 hours but usually, especially with cloudflare, only takes a few minutes.
I know it's a year on, but followed this and all working nicely. Only caveat is I've tried to setup for just specific IP access, it's still bringing up a page requesting an email address?
what is a bit weird for me is: once I add each app and port in the tunnel definition, by default i can access all from outside the network. I tried as well access - application - selfhosted method. works perfectly, but is asking me for the code when I access from internal as well. What am I missing?
Рік тому
I have problem. I created tunnel and when I add public hostname with with HTTP service which point to local IP with certain port after add them for first time works well, then Proxied CNAME record turns into non-proxied A record which point to my public IP. Where I made mistake?
David, I'm using a VMware instance of Ubuntu that contains docker. I followed your video instructions but ended up with "Cloudflare --no-au…" Do you know why I'm getting this no auto-update error? Thanks
Dear sir, how would be the setup with Shlink? I have a domain proxied, and then with nginx redirected that domain to local_ip:port where shlink server is running. The urls are created but not accessible
Thanks for that tutorial. I'm trying to access pihole but it doesn't work. Every other subdomain works perfectly but i can't figure out how to make it work with pihole that need to point to /admin I tried to put admin in the path field but it doesn't work either.
How can I get Plex Remote Access working without port forwarding? I am locked behind a CGNAT, I have had a reverse proxy suggested but I do not have a clue how to set it up. My Plex is in a docker container, on OMV6, on a Pi 4.
18:29 But then you have to set up a subdomain for every port you want to "forward". What if an application uses a port range and both UDP and TCP on those ports?
Most of this works. However, I am having troubles connecting to the docking server. The connection times out when I try to SSH into it. How do I SSH using the CMD Prompt?
Awesome! Really glad the video was helpful!! I've got another video coming that will expand on this to use 3rd party authentication like Google and Github :)
David, I'm receiving a "yaml: line 5: mapping values are not allowed in this context" exception to the docker-compose example you provide. Here's a copy of what I did: version: "3.9" services: tunnel: container_name: cloudflare-tunnel image: cloudflare/cloudflared:latest restart: unless-stopped command: tunnel run environment: - TUNNEL_TOEKN=I inserted my cloudflare tunnel token here. Thanks for your help.
Dave this is brilliant cheers! ill be setting mine up over christmas. what about an updated nextcloud video including these options to get it up and running? , again cheers! :)
I guess I've underestimated how many people use NextCloud. I've never found a good use for it. But I made this video a while back: ua-cam.com/video/p0I8pikm2P4/v-deo.html
Hello, I'm a newbie in the industry, to set up DNS I have to have a tunnel configured, because I'm watching videos but they only explain how to set it up without saying the requirements, thanks and have a nice day.
Not sure if I missed in your video, but how can you have specific vm's from proxmox accessible directly on the tunnel? I have a linux container, vm and a windows vm created, but I can't seem to get them accessible across the cloudflare tunnel. I'm sure it's something I'm overlooking but would love any suggestions Great videos by the way. I love how detailed your videos are!
David - Another great video. I just have a minor hiccup, the tunnel is functioning properly when away from the home network or even over tailscale. When I connect locally, it cannot find the server. Any ideas? the only thing I can think of is there is something with cloudflare not liking my *.5.0/24 network compared to the *.0.0/24 network you use in the video. Any ideas oh great bearded wonder? Edit - figured it out - DNSSec needed to be set the same for both cloudflare and porkbun. Thank you again for the inspiration to tinker.
So what I want to know is what DNS records are you using then, once everything is setup? Are you still not using custom A records or CNAMES? I notice that Cloudflare seems to generate a CNAME that points to the connector. Is that enough for each new one that I create or do I need to also manually create new A records or CNAMES myself?
Once you set up the tunnel, you're. It creates all the records it needs. Just set it and forget it. However you might have to manually delete a record if you plan on changing things
I get an error at 17:20. Clicking the "public hostname" doesn't work, however, navigating to the "service" URL works as intended. Any pointers would be greatly appreciated! Thank you!
thank you so much this has been really informative. I would like to ask cause I see in most videos the tunnel is setup only for application or web, but what if you want to add servers to the tunnel, in my case to Azure Vm. Is this possible or been done?
After wasting a ton of time with haproxy, and always having suboptimal results, this is amazing. I wish there was a way to automatically enable HTTPS on tunnels but overall great video!
it doesn't matter what i do use localhost or my machine ip when i try to access my local website with the url it always timeout despite the tunnel being active and i can see in the docker container logs for the tunnel that it has my configs for the domain and ips
hello i have a question windows has become junk, because i search Cloudflare tunnel on windows 11 but i only come docker here docker there, and the command for windows is junk it doesn't work anymore does anyone have any advice for me
The only thing i am unable to tunnel is SSH access to my server. I also use a different port than the default 22. I can’t get to connect with tunnels with SSH. Can you give it a try?
Thanks for this. I watched many vidoes like this, and this is the 1st one I can sort of get my head around. But, can you clarify a point to help me understand this more thuroughly? I noticed that when setting up the tunnel, you are using your local IP address. Is this because, when installing Cloudflare, it included your token in the install instructions? At no point did I see you enter your IP, so im just wondering how this is working, since the host names you added were local IPs, 192.168....? Because to this point, I always thought this is why things like DuckDNS exist. You would give it your router IP, and from there it can connect to all the local IPs on your local network. (sorry for this probably very basic question... just trying to understand all this. very new to me)
the tunnel you create on the CF website and the agent you install on your server communicate directly, even through CGNAT and the like. You can use one agent on your system for multiple containers if you wanted, so each hostname gets the IP of the server and the port of the app. You never have to use the IP your ISP gives you.
Hi there great job you are doing. I do think that you should do a comprihemsive video series about Cloudflare Zero Trust several catagories: Analytics, Acces, Gateway, Teams, Logs and Settings. I really think this could render a lot of views. Cheers
Thank you for the howto. super helpful. I followed every step, but I have an issue with containers running in the k8s network and sharing the host ip. clouflare doesn't solve the redirection by port.
Here is a docker-compose with a restart policy to help making deploying a CloudFlare tunnel a little more straightforward:
dbt3ch.com/books/access-your-self-hosted-services-without-port-forwarding/page/cloudflare-tunnels-docker-compose
Thanks to The Blue Portal for sharing this with the community.
thank u very much. hopefully today ill get it goin.
Thanks!
Thank you!
Thanks for the video. I'm currently in the middle of it, but I'm don't really understand where we got the `root@196....` when performing ssh.
Also, pinging my new domain says it doesn't exist.... but Cloudflare says I"m all good. Confused, please help.
@@NickTheCodeMechanic regarding the "root@192" stuff... "root" is the username of the device you're logging into. Your username might be different. The "192.168.0.x" is the IP of the device you're logging into. As far as the ping issue, it's likely a DNS issue. This is common. Try connecting to the internet via a VPN and then pinging your domain. It should return a CloudFlare IP address if things are working correctly.
omg, this is the first guide ive seen that doesnt involve creating dockers or other crap, its just simply, explained step by step, like a normal human being !! There is such a need for this, in this area, as not everyone is in front of a PC 12hrs a day!! Couldnt hit Sub quick enough
Finally someone made a video with proper pace and no additional comment. Thanks very much! Very precise and on point.
You sir, saved my sanity!!! No more NPM for this dude, Cloudflare tunnel all the way! Thanks for all the effort put into making this video and helping us out.
I've watched countless videos on using cloudflare specifically, this was the most straight to the point and easy to understand video. I can't say thank you enough!!
really glad the video was helpful. I'd made it before, but really wanted to create something more streamlined :)
I don't know how, but I got this working on a CGNAT.
You are the greatest man to ever live.
That's awesome!
This was a thing that took me 5 days to figure out. A lot to learn. Of all my youtubers on this subject... you are the most reliable. Thank you.
Wow, thanks! Really appreciate your support :)
This is gold man. I've been leaning towards this solution and slowly learned the bits and pieces as time goes on. Thanks so much for laying all this out. Incredibly valuable!
Glad it helped!
One more top quality session from Dave! As a side note, most of the technical videos, I usually watch it 1.2x speed. Can't do it at Dave's speed of speech! 😆
I don't get it. He speaks fast so why would you speed up the video?
This is golden. Have been searching for this solution for weeks now. Thanks for this video ☺️
You can also turn the docker file into a stack in portainer like this:
version: "3.9"
services:
tunnel:
container_name: cloudflared-tunnel
image: cloudflare/cloudflared
restart: unless-stopped
command: tunnel run
environment:
- TUNNEL_TOKEN=YOURTOKENHERE
You can also add this on to other stacks if you wanted to make a tunnel for each application
Great info!
Replying again to let you know I've created a page on my wiki that has this info as well:
dbt3ch.com/books/access-your-self-hosted-services-without-port-forwarding/page/cloudflare-tunnels-docker-compose
@@DBTechYT Wow that's super dope!! Thanks for all the shoutouts!
Thanks for sharing!! The least I can do is credit the source of the awesomeness!!
Perfect. Just what i was looking for. Worked fine
I am a noob when it comes to networking.. I was able to understand and follow each and every step ❤️. Now I am accessing my jellyfin server over the domain ❤ Thank you so much .. just subscribed
Followed another VERY well known tech blogger/tuber and got myself into deep poop (beware of stuff from the legacy Argo Tunnels days). This tutorial - and the others regarding remote/restricted access - saved the day. Clear, concise(ish), occasionally tangental (like my brain), and, if I'm sufficiently caffeinated, I can watch them at full speed! ;-) Thanks, David.
Glad the video was helpful!!
Thank you for your excellent video on Cloudflare Tunnel installation! Your clear instructions saved me hours of frustration, and I quickly achieved success. Your expertise is greatly appreciated!
All great recommendations as usual DB! Porkbun is by far the best for price and privacy (and ease of use). Cloudflare is incredible! I’d say they are sooo instrumental to daily operation, that I wonder what would happen if there was a significant outage. This all makes me think if I should think of some sort of ‘Plan B’ - if things go down, or receive maintenance. But if CloudFlare goes down - that everything might be as well... which is definitely a scary thought!
I've been considering a plan b as well. Trying to figure out the best plan for me. Might make a video about it when I have something figured out
OMG !! You have saved me 100 hours of time and just maybe a few brain cells. Thank you !
Excellent!
This was great!! Thanks. I never knew about Cloudflare tunnels and have only used DNS forwarding with open ports. Now I can close all those open ports on my router. And can have secure passwords for all my docker web interfaces maintained by keychain. Awesome.
That's awesome! I'm glad that my video helped you learn something new. Did you see my video about adding additional authentication for even more security? ua-cam.com/video/wdmbAo02ktQ/v-deo.html
NPM is being retired and I have closed off the ports that I used to have open on my Firewall. I did have to do something differently though. I use a cloud service and have a Tunnel setup for it. I wanted to restrict it using the IP Address and Bypass method you showed but that would not work. I could net get through. I changed it to Service Auth and it works. I can reach from my home IP but not when I fire up a VPN and my address changes. This is a great solution and no more worrying about Ports, Certs, and NPM.
Thank you so much for making this video. This is very informative and more so with the current environment where some ISPs restrict port opening from their end.
You trully are an network angel 😁😁. After all the port forwarding pain and you mentioned you dont do that anymore, this saved me! Thanks a lot for all your videos. You sir got new subscriber with the bell on 😊
As a newbie I say: AWESOME! finally after hours of research... thanks man
Glad I could help!
Holy cow man this is the video I needed! Never could understand nginX proxy manager. This seems way easier to me. Thank you for showing this alternative method.
Glad it was helpful!
So, you've mentioned in other videos that you host Emby. Do you have that public-facing? If so, how do you get around the Cloudflare restriction on streaming? Do you run some other kind of proxy just for Emby?
Same question here
This is the video I was waiting for. Thanks mate ! I love Cloudflare ,... Cheers :)
Glad you found it helpful! 3rd party identity provider integration video coming tomorrow
Your video was very helpful. I was able to run Foundry VTT on my windows desktop and I'm grateful for your instruction. I've been trying to do this for over a year. Thanks!
Thank you so much for this vid as it helped me protect a service on my home server that didnt have a log in.
Thanks for the great video and for taking time to help me out with my SSH Question!
I always stayed away from this as I thought "up to 50 users" meant only 50 people using the website should I day host a website or page with this... But I assume this is comparable to port forwarding in some ways?
Is there any reason to not ditch nginx from forwarding traffic to docker containers, and instead access them "directly" with this?
Hey! Thanks for watching! I use Tunnels and get thousands of visitors to my online assets without issue. Using Tunnels actually removes the need to port forward at all, which, in theory, improves network security. I no longer use any sort of reverse proxy to access my self-hosted applications and rely on this solution exclusively
Thank you so much! I was following casaos setup for raspberry pi from you to access containers from the internet,
after this no more NPMs! :D
Dude, thank you so much for helping me understand all this jumbo mumbo bro fr❤❤❤thank you!
Happy to help!
@DBTechYT I hope you feeling better we been praying for you
Thanks so much! Was tearing my hair out trying to work this out. The closing the cmd and not editing the -d in I think was the problem
Superb video - (and hope you're feeling better?). Two questions though :
1 - I'd like to set it so that users outside of our LAN have to enter their email to get a PIN, but when they are on our LAN, they don't. We don't have a static IP though. Do you know if there is a way of telling Cloudflare to always allow access from inside our LAN?
2 - What's the best way of running the Tunnel service on a Raspberry Pi? The docker command in the video doesn't have an ARM image.
Thanks so much and stay well!
Andrew
This should help with you first question: ua-cam.com/video/65FdHRs0axE/v-deo.html
I've heard people use the same process with Pi devices, but haven't tried it myself
Damn DB, I love all your stuff, and you have helped me so much over the years. I was going to do this, but there is an upload limit of 100mb for free plans. might be a good idea to let people know that these free accounts are limited. Now if that only applies to cloudflare hosting, then I will stand corrected, but it appears to be managment for the entire site which is not cool, at least for what I am trying to do. Just thought I would remind you, while I luv ya, to remember to point out limitations before people start changing thier registrar information!
Good point. I was implementing this and then thought maybe when this video was done there was no limit. For now I'll stick with NGINX and a Docker container to update my IP.
@@Sapious1 I just ended up purchasing a domain through cloudflare. It was more than fair on price and if I'm not mistaken, it provided a cost effective work around on the restriction yet still allowing me the ability to set up the home server via tunnel. I paid it up for like 5 years, and ultimately plan on migrating to web3 domains in the long run anyway. So far it has worked great, gaggle of musicians exchanging large multitrack files on my private server was the goal, and I can say mission successful. I am no pro like DB, and can not express enough how much I respect the guy for the time he gives to us, I'm just a guy determined to get what I need done. Thanks for the comment, and hope that helps!!
Great informative video. I am a beginner to self hosting, your videos help me a lot. Thanks again.
Glad to help!
Start to finish video was SOOOOO smart. Well done sir
Thank you kindly! I really felt like I needed to make this one :)
Thank you for the useful and free information. I have a question: I need to do a tunnel on my Mac High Sierra but cannot use Docker. Do you have any suggestions for other free tools I could use? Thank you in advance.
Awesome thanks and how can we not expose ports of the containers on VPS if we want to use the tunnel?
Containers run on ports. You could use Firewalls to block access to the containers to everything but your IP address to help prevent others from accessing your containers on the IP:Port and then use Tunnels to access them via domain names.
Your videos are really great. I'm going back watching the ones now. Help so much! Thanks
Awesome video! I have learned so much from you over the years...
Just saying I found your video well googling around and I got it working with ease thanks to it. So, thank you for doing it. Going to go watch the securing CF next.
Awesome, thank you!
Thank you very much for your video, I had been looking for good information for a long time and you gave it to me. Subscribed and grateful, greetings from Venezuela.
Yes yes yes! That’s what I needed min 18. I don’t know why I never click on that top button smh 😂 you are the man. Thank you for such a great video. Must appreciate it!
YAY!! I'm glad this helped!! I've got another video coming that will show how to integrate 3rd party authentication like Google and Github :)
@@DBTechYT looking forward to see it. Now on my way to change some settings on my server and update my tunnel. 🍻
@@edgardoirizarry9997 YAY!!
the porkbun nameserver subdomains curitiba, fortaleza, maceio and salvador are cities in the northeast of Brazil
Very helpful video sir 👍. Please make a video on how to set up ftp server using cloudflared tunnelling ..
I'll see what I can do :)
Newb on devops. Where are applications coming from in this video? How would setup be different for application running on docker compose inside VPS?
Awesome guide! ⭐ Question: Are there any performance differences depending on how you host your Cloudflare Tunnel on your local network? Like installing the tunnel on your machine or when hosting it with Docker?
I was setting up the same thing to my proxmox installation, got ready the home assistant and some other services. I knew about this method at work, but they used Google Workspace account to log in, thanks for the video.
Thanks for watching! I hope the video was helpful
Thank you, this was exactly what I needed to day. Now I have a WebODM page up and running with email verification
Awesome!
Super clear! I'm gonna try this and see how it goes. Thank you so much for this
You're so welcome!
Great video, but I think it's missing an explanation that the CloudFlare connector container lives in our network, establishes a connection to CloudFlare and uses that connection to reverse-proxy the traffic from outside to the services inside of our network. I mean, of course it's obvious, but for some reason I had to pause and think about it before I could understand what the next steps with penvin do.
I followed this video and another one. I was able to get the tunnel working, but the Access - Application using email access one time pin via email isn’t working. I am not presented a login page. I bought the domain via Cloudflare just so I didn’t run into any DNS propagation issues during initial setup.
Perfect video!!!! BEST vídeo to Learn install and configure cloudflare
Glad you liked it!
14:14
I would also add "-d --restart=always" here
If the server is restarted or in the event of a power failure when you turn on the server, cloudflare tunnels will simply not work because docker has not started.
--restart=always will automatically start docker
(Please correct me if I'm wrong.)
Absoultly fantastic walk through thank you. Setup perfctly now. Thank you. Is there a limit to how many "Public Hostnames" you can have in a single tunnel?
I'm glad the video was helpful! I haven't run into any limits on hostnames :)
@@DBTechYT well you got a sub from me. Thanks again.
I have PC running windows 10 but I am not sure where to run the CloudFlare Client. It is better to install Docker on Windows then run CloudFlare client or just install CloudFlare Client on PC? What is the better speed and advantages. I have extra PC that can use to install any OS.
DNS propagation isn’t controlled by any one company, depending on routes and caches it CAN take 24-48 hours but usually, especially with cloudflare, only takes a few minutes.
Agreed but I've had companies wait literal days before making the change for the propagation process to even start
Your content is 💯🥶 new subscriber from kenya continue with good work
I know it's a year on, but followed this and all working nicely. Only caveat is I've tried to setup for just specific IP access, it's still bringing up a page requesting an email address?
what is a bit weird for me is: once I add each app and port in the tunnel definition, by default i can access all from outside the network. I tried as well access - application - selfhosted method. works perfectly, but is asking me for the code when I access from internal as well. What am I missing?
I have problem. I created tunnel and when I add public hostname with with HTTP service which point to local IP with certain port after add them for first time works well, then Proxied CNAME record turns into non-proxied A record which point to my public IP. Where I made mistake?
Hey Dave, great video as always.
im lucky to find your youtube channel somehow , keep up the good wok
Hey, thanks!
Great video. I will definitely look into Tunnels for my applications.
David, I'm using a VMware instance of Ubuntu that contains docker. I followed your video instructions but ended up with "Cloudflare --no-au…" Do you know why I'm getting this no auto-update error? Thanks
Dear sir, how would be the setup with Shlink? I have a domain proxied, and then with nginx redirected that domain to local_ip:port where shlink server is running.
The urls are created but not accessible
Thanks for that tutorial. I'm trying to access pihole but it doesn't work. Every other subdomain works perfectly but i can't figure out how to make it work with pihole that need to point to /admin
I tried to put admin in the path field but it doesn't work either.
How can I get Plex Remote Access working without port forwarding? I am locked behind a CGNAT, I have had a reverse proxy suggested but I do not have a clue how to set it up. My Plex is in a docker container, on OMV6, on a Pi 4.
18:29 But then you have to set up a subdomain for every port you want to "forward". What if an application uses a port range and both UDP and TCP on those ports?
Most of this works. However, I am having troubles connecting to the docking server. The connection times out when I try to SSH into it. How do I SSH using the CMD Prompt?
Just what I was looking for. Thanks man!
Awesome! Really glad the video was helpful!! I've got another video coming that will expand on this to use 3rd party authentication like Google and Github :)
What if my app1 (frontend) fires api requests to app2 (backend), both being hosted on localhost, which I've tunneled? It doesn't seem to work
Thank you for your brilliant explanation 👏.
David, I'm receiving a "yaml: line 5: mapping values are not allowed in this context" exception to the docker-compose example you provide. Here's a copy of what I did:
version: "3.9"
services:
tunnel:
container_name: cloudflare-tunnel
image: cloudflare/cloudflared:latest
restart: unless-stopped
command: tunnel run
environment:
- TUNNEL_TOEKN=I inserted my cloudflare tunnel token here.
Thanks for your help.
Dave this is brilliant cheers! ill be setting mine up over christmas. what about an updated nextcloud video including these options to get it up and running? , again cheers! :)
I guess I've underestimated how many people use NextCloud. I've never found a good use for it. But I made this video a while back: ua-cam.com/video/p0I8pikm2P4/v-deo.html
Hello, I'm a newbie in the industry, to set up DNS I have to have a tunnel configured, because I'm watching videos but they only explain how to set it up without saying the requirements, thanks and have a nice day.
Not sure if I missed in your video, but how can you have specific vm's from proxmox accessible directly on the tunnel? I have a linux container, vm and a windows vm created, but I can't seem to get them accessible across the cloudflare tunnel. I'm sure it's something I'm overlooking but would love any suggestions
Great videos by the way. I love how detailed your videos are!
If you're trying to do remote desktop stuff, I would look at my video about Guacamole: ua-cam.com/video/tg1CbMEzCsc/v-deo.html
David - Another great video. I just have a minor hiccup, the tunnel is functioning properly when away from the home network or even over tailscale. When I connect locally, it cannot find the server. Any ideas? the only thing I can think of is there is something with cloudflare not liking my *.5.0/24 network compared to the *.0.0/24 network you use in the video. Any ideas oh great bearded wonder?
Edit - figured it out - DNSSec needed to be set the same for both cloudflare and porkbun. Thank you again for the inspiration to tinker.
Thanks for this as I've always shied away from opening ports on my home network
Glad to help
So what I want to know is what DNS records are you using then, once everything is setup? Are you still not using custom A records or CNAMES? I notice that Cloudflare seems to generate a CNAME that points to the connector. Is that enough for each new one that I create or do I need to also manually create new A records or CNAMES myself?
Once you set up the tunnel, you're. It creates all the records it needs. Just set it and forget it. However you might have to manually delete a record if you plan on changing things
If I only want one tunnel, do I have to use a subdomain? Am I able to just use the domain I purchased?
I get an error at 17:20. Clicking the "public hostname" doesn't work, however, navigating to the "service" URL works as intended. Any pointers would be greatly appreciated! Thank you!
thank you so much this has been really informative. I would like to ask cause I see in most videos the tunnel is setup only for application or web, but what if you want to add servers to the tunnel, in my case to Azure Vm. Is this possible or been done?
great video, all I needed !
Amazing, thank you for the master class , i learn a lot of new cool things with your videos. Merry Christmas btw. :)
Thank you so much! Merry Christmas 🎄⛄
After wasting a ton of time with haproxy, and always having suboptimal results, this is amazing. I wish there was a way to automatically enable HTTPS on tunnels but overall great video!
It automatically enables SSLs on your domains.
@@DBTechYT Wow I did this at 2am and did not notice. I assumed it would not perform SSL offloading like HAproxy. This is even better!
Am trying to tunnel socks5 traffic via cloudflare tunnel not sure how to do that ?
it doesn't matter what i do use localhost or my machine ip when i try to access my local website with the url it always timeout despite the tunnel being active and i can see in the docker container logs for the tunnel that it has my configs for the domain and ips
Thx for this video. I needed to set that up for more security
Thanks for the video for another informative and easy to fallow video.
Awesome stuff. My ISP doesn't provide a static IP. I can now host applications and save bucks on cloud platforms.
Is it possible to use a security key for the restricted access of your applications inside/behind the Cloudflare Zero Trust Tunnels?
hello i have a question windows has become junk, because i search Cloudflare tunnel on windows 11 but i only come docker here docker there, and the command for windows is junk it doesn't work anymore does anyone have any advice for me
Great tutorial, thanks! Will this work (on the free tier) with Immich and remote file uploads? Cheers
It should work just fine on the free tier
The only thing i am unable to tunnel is SSH access to my server. I also use a different port than the default 22. I can’t get to connect with tunnels with SSH. Can you give it a try?
is porkbun brazilian? these are all state capitals (manaus, curitiba, fortaleza, etc) (btw thks for the channel)
Thanks for this. I watched many vidoes like this, and this is the 1st one I can sort of get my head around. But, can you clarify a point to help me understand this more thuroughly? I noticed that when setting up the tunnel, you are using your local IP address. Is this because, when installing Cloudflare, it included your token in the install instructions? At no point did I see you enter your IP, so im just wondering how this is working, since the host names you added were local IPs, 192.168....? Because to this point, I always thought this is why things like DuckDNS exist. You would give it your router IP, and from there it can connect to all the local IPs on your local network. (sorry for this probably very basic question... just trying to understand all this. very new to me)
the tunnel you create on the CF website and the agent you install on your server communicate directly, even through CGNAT and the like. You can use one agent on your system for multiple containers if you wanted, so each hostname gets the IP of the server and the port of the app. You never have to use the IP your ISP gives you.
How can I add the access automatically to a warp client?
Good. Thanks for the instructions.
Make please one more instructions for RDP connection as well.
You haven't even subscribed to my channel. How would you know if I made a video about it?
@@DBTechYT
I would count on your answer under this comment)
But I've subscribed for the future greate videos)
Hi there great job you are doing. I do think that you should do a comprihemsive video series about Cloudflare Zero Trust several catagories: Analytics, Acces, Gateway, Teams, Logs and Settings. I really think this could render a lot of views. Cheers
nice video, I just wanted to know if the process is as easy as you did with a dynamic ip ?
Yes, it is
Thank you for the howto. super helpful. I followed every step, but I have an issue with containers running in the k8s network and sharing the host ip. clouflare doesn't solve the redirection by port.
I don't do anything with Kubernetes. You're gonna have to get help with that from somewhere else :)
@@DBTechYTi think truenas-scale is docker. let me check
fixed. thanks again