I am currently going through a home server rabbit hole. I've wanted set up a nice home server that serves also as cloud storage for personal files, and I wasn't sure about going forward because of security. This is seriously giving me motivation to try it out and set up a personal server.
without cf tunnels you can still have a relatively locked down home server if you just open the port to vpn in and nothing else. But vpns are not as neat.
Chris, This was so easy to set up in a matter of a few minutes. I admit the TLS had me a little tweaked. But all has been rectified and working as it was intended. Thank you.
Great tutorial! One thing to note: g. You will be required to add a payment method even though it's free. Add the payment on the main page if you get an error when prompted for a payment elswhere. Works like a charm.
When hosts deliberately omit key aspects especially costing etc. I simply follow cancel culture and move on. Why would you omit key aspects? its the same as some omitting certain steps in a process etc. Time is value, I already wasted time writing this. :)
I just find there are simply too many youtube channels promoting aspects of learning which are in demand, but end up to be a promotor or affiliate or such, without the facts being put forward before-hand. It takes away from the positive experience and leave viewers such as myself feel cheated. @@doujinflip
Because the account can turn on paid features as well. I've been using it for the past year and love it. Haven't personally paid a cent but I liked it so much that I end up using it at work so their strategy worked.
Thanks for this Chris. Very well presented. I might set this up as a secondary access model. I currently use WireGuard running on a VM and will keep it that way. My concern about the CloudFlare setup it that its "cloud service" that the user is giving a lot of personal information, and even control. Then tying security authentication back to Google, who we all know retains more information on people than they know, just like this message I am send you, further makes me not want to do this. CloudFlare states it keeps 24 hour "logs", another reason to avoid. No logs, maybe, but we all know that all ISP and VPN providers retain logs, even when they lie and say they dont. Nothing is perfect or secure. Best regards, this was a great video.
Add on abit, vpn providers market vpn services as secure connection while not exposing any information on your device. But This can be only true if you have logs to verify that the connection is secure. Without it, the claim is vague.
It should ALWAYS be mentioned that when using Cloudflare's services they can decrypt all of your tunneled TLS-encrypted traffic. There is a reason this service is offered for free, and it's not because Cloudflare is a charity. I wouldn't touch it with a ten foot pole.
I'm using this to externally connect to my Home Assistant instance, as well as a couple media management tools I have, and it's flawless! Very glad that this exists, and is aimed at making things simple, while being secure.
thinking of doing the same , just a matter of remembering my CF account last time I was just pointing the CNAME . Domain Name to what ever port I wanted *edit* finally found the correct email account so on tomorrows todo list
I'm glad you went over the locking it all down stuff, because I was thinking yeah i'd still prefer a VPN. But after seeing the options available for securing it I'm thinking I might give it a try now.
Chris... I have implemented CF in my homelab as well similar to your configuration. Only difference was using an Ubuntu Virtual Machine as my cloudflare connector server. Works like a charm...
Hey Chris, again great video! it's worth mentioning that people who set up Zero trust for the first time, need to pick a plan. You can choose a $0 free plan, but you do need to enter CC details or another payment method.
Please do more videos on this technology, including other Zero Trust solutions from Zerotier and Tailscale. These tunneling technologies are the future of secure remote access. Traditional VPNs are failing in terms of performance. When everyone has fast upload Internet speeds with no data cap from home, running private servers will be an attractive option to keep one's data inhouse. This comes at the cost of security. These new secure access technologies will play a major role in this new data sharing lifestyle.
Man, this is actually awesome! Thank you very much for the walkthrough! I already played around the console with some domains I own but never actually explored the tunnels! Awesome stuff! You just got yourself a new subscriber!
I appreciate your instructive dialog! You have a great way of slowing down enough and explaining WHY something is being selected! Extremely helpful! Thank you!
I think it's important to note (learned from doing with Home Assistant) section 2.8, which restrict usage to "website" like services. I am not sure if Cloudflare will block/warn if you do a lot of traffic over the tunnel.
they will... you will get ip banned.. you cannot use these for your NAS or media related stuff... only html websites... if they see you are using it for something else then static websites you will get banned... Cloudflare Tunnels are very limited... i would choose for wireguard vpn since that is opensource and selfhosted
I shill cloudflare every chance I get, all their stuff is top notch and rock solid. I heavily use tunnels, workers, and ZT, and can’t imagine a world without them now.
Thanks Chris, it is a great tutorial. I appreciate your time and effort to make this video. but I think it might not be a great solution for everyone. There is a limitation on serving non-html content such as video, audio and pictures especially for their free plan. I believe Cloudflare should be more transparent about their services.
It is worth pointing out that Cloudflare is able to MITM all of your traffic if they wanted to. They already effectively do this for HTTPS, because TLS is terminated on their systems and not on yours.
I am at a loss for words. That's the best explanation for the Cloudflare tunnel I've ever seen. Congratulation. Subscription is set. Thank you very much.
Wow, first of all, love the way you vividly and clearly present this. Secondly , this is sth I've been thinking of for months, since providers in Brazil and in Europe are massively switching to cg-nat. Making my VPN a hassle. Would be awesome if Mikrotik will support the function that you put in the docker. Seems the right function for a router to me. Thanks.
THANK YOU!! I’ve been searching for something like this to access my LAN while away from home. I have been on Starlink for just over a year and haven’t found a great solution to access my NAS, security system and cameras. Touring the country this summer will be a lot less stressful! :)
Hi Chris, great tutorial - well paced and easy steps to follow. As with Jeff, tripped up on TLS which needed to be turned on - as you had documented so I would recommend people download this too. Great Job
Help! Everything was working good until around the 12:18 mark. When I clicked "Traffic," there was NO Cloudflare Tunnel button to click! It's missing! Now what??
I have a raspberry pi 4 based on 32-bit ARM, and I could not use the docker command from the cloudflare website zero trust dashboard to work (and yes I installed docker and cloudfared before trying the command). However, if you follow an online guide for setting up a cloudflare tunnel on raspberry pi through the CLI, you can migrate it over to the Zero Trust Dashboard once you are finished. Then, you can manage everything easily the same way as Chris shows in the video. I even have retronas running on the same rasperry pi and after everything was done, everything still works concurrently.. even after multiple reboots.
As you mentioned, this just scratches the surface of what can be done with Cloudflare/d. How about a high level video on the various services and things that could be done, as I don't even know what else to look for on the CF connector. It looks like the sky's the limit.
Thanks for the walkthrough! The basic Cloudflare docker setup procedure you outline for the Synology NAS will also work for QNAP NAS that have the QNAP ContainerStation installed.
for those who get an empty page with HTML code when setting up the nas subdomain, you have to disable the Automatically redirect HTTP connection to HTTPS for DSM desktop option from Control panel -> Login portal -> DSM
Thanks for the tutorial. I have a Synology NAS and was able to set it up exactly as you outlined. Can remotely manage my home network. Initially had some issues connecting to my Synology NAS but figured it out. Works like a charm. This is so much better than using a VPN and it's complicated for me to open ports because my LAN is behind two NAT routers.
Dude you're amazing. I first thoght "an overexplained version" but no, as someone else pointed, you mention all the critical steps thst others YTbers skip. A MEGA thank you brother, keep it up. ❤❤❤
I had Cloudflare already installed but this video explained a lot more. Further if you are running Home Assistant on a Raspberry Pi then there is a Cloudflare Add on which you can install. Question: How do you need to set it up if you want Synology apps like Photo and DS Video and want to use 2FA ? In the app you need to setup the server name but then an authentication is needed ?
Man this is so cool, I love networking! This is going to make security of company resources way easier, no hassle of using VPN's for employees. Thanks for the video!
I was already using cloudflare tunnels, but you gave me new information I hadn't known about. I originally set up individual applications with standardized rules for everything I'm hosting, but when you mentioned using a wildcard for the subdomain a light bulb went off in my head to change how I have it set up. Thanks!
A super secure DDNS server on steroids. If Docker can be integrated into consumer-based routers through a software repository without the need for a secondary device to run 24-7, it would be a major game changer for home and small office users that require remote access to NAS devices, surveillance systems, and other basic resouirces. Thanks for the info! I've never heard of this service before! A very informative video!
wow! after all these failed trials with forwarding ports, public IP and other nonsens stuff and wasted literally days of my life, I finally managed to access to my home services outside of my local network. Thank you! I am so glad I have found your tutorial with potential problem examples. These problems weren't potential in my case.
Thank for this very helpful tutorial. I had a few bumps in the road for my particular situation, but using both the video and the blog post, I finally succeeded.
If you set up a tunnel through Cloudflare and transfer a lot of data (lets say 20 terabytes per month) would you have to pay for that traffic going through this Cloudflare tunnel? (Think off-site backups to a datacenter.)
Hi Chris, I'm at the traffic part, but It is not giving the choice for a tunnel. I have looked everywhere in cloudflare but I can't find it. What options do I have? thanks.
Wiele poradników obejrzałem, ale żadena z konfiguracji nie działała. Twój poradnik jest najlepszy i co ważne cloudflare działa!!!! Dziękuje po wielokroć!!!
@@joshpoore5288 No not yet, I am currently looking into a few other options. I never could get RDP to work with cloudflare. It might be due to the free version I have like you mentioned.
Came over here after watching Network Chuck, compared to him I like the way you go over the details slowly but also explain things in simple terms. I'll be trying this out tomorrow morning. You earned by sub! Look forward to more tutorials.
Hi, So Tunnels is not available until you enable Argo, so you must have a credit card in order to get that service up and running. But you will probably generate less than a gig of traffic for this purpose. Thank for sharing this info!!! Love this video. Subscribed!!!!
I'd love to see a comparison of Cloudflare to Tailscale. With Tailscale, you don't need a domain name and that's a big hurdle for some of us as easy as it may be.
Nice tutorial. Didn't work for what I wanted but a little more research and I was able to get that going. Thanks for the info, I'll be testing this quite a bit before home and work implementation.
I looked at their zero trust pricing plans and couldn't find any transfer limitations mentioned for the free plan, I'm guessing that's hidden somewhere. Can you give a synopsis of the limitations or a pointer on where to find that information from cloudflare?
What is not mention is that you don't need a dynamic DNS, which can be a hassle. Also you can use this for publishing a public website. I don't know if this will replace VPN though, since you don't get full access to the remote network, which is often required. If you use multiple porta than setting up tunnels can become impractical. Thanks for a fantastic introduction to tunnels! I actually might start using them!
For example, if the sales team only has to access the network drive, we can restrict their tunnel to the file server only instead of the whole network when they work remotely. If I need a contractor to help setup a new app on a server, and they have to work remotely, so I can only restrict their tunnel to 1 server only. Yes this will replace our vpn in a month or two, I can't wait. This is also a very affordable and secure solution for small business.
@@jackwong64 It's a great tool - there's no doubt about it. In most cases it can replace VPN and is even much easier to setup than VPN. But it also has its limitations. I'm talking about system administration where you need an unrestricted access to every server/device in the network. Then it becomes impractical due to the fact you need to create a DNS entry and a publishing rule for each of the servers and it's ports. And then you would need to maintain that list with each added or removed (virtual) server or device. And then there's the question of security - in some sensitive business cases such as banking/military it is not acceptable to allow a full access to the internal network to a 3rd party (CloudFlare). To conclude - although it's a great tool it will not replace VPN completely.
@@nderezic I completely agree with you. We have client that is a road warrior that needs to access multiple server, like finance and file server. If cloudflare needed to be setup a tunnel for each server, then the road warrior will need to connect to 2 different domain to access 2 different server, which is not very practical. Plus some of the road warrior will get confused. VPN is still way to go
The video was excellent and I agree that the use of tunnel connections like these will likely become increasingly popular. I'm wondering if it's possible to set up a Cloudflare tunnel that would allow me to establish an SSH connection to servers on my home lab?
it was very informative & Very educative content. I highly encourage you to keep this type of content up!i'm waiting for your next video about cloudflare Tunnels . thnx
Fantastic video and walkthrough! I had no issues following along and setting this up for my self-hosted services. I'm glad you went to LTX and I found your channel after watching the home lab panel.
I was going to try this INSTEAD of Tailscale and coulant figure out why decide to device wasn’t working till I found out it’s limited to HTTP without a paid plan. I still LOVE this for a second way to connect to my devices from the internet or to share access to things like Synology DSM.
like, sub, comment - this is wonderful information and will help me to mature my home office setup as I am V E R Y averse to punching holes in my firewall
Hey Chris, awesome tutorial. I have 2 Questions maybe you or someone else can answer. 1. You talking about not using pi, because you need to use commandline on it for configuration. I think you talking about to directly installing the application on the linux system on the pi. Does anything speak against using the Docker Container on the pi? 2. You talk about that with using the tunnel you don't have to punch holes in your firewall and it even hides your global ip, but on the other side you confirm at the end that with that tunnel you break down the whole firewall and give cloudflare access to anything. I do like the pro points of that tunnel approach but what is the best way to eliminate the cons point and restrict the access of that docker container to the local network, so that it only has access to the services I allow it to access?
If you use their tunnel, they decrypt your data, save it, and then re-encrypt it to send to the destination. They have an unencrypted copy that anyone can use.
Now that I have this setup, can I take the next step and add a public hostname to VNC into my Mac over web browser? Really great tutorial, the best I've ever seen.
'Skinning a Cat with a Knife is easier the Skinning a Cat with a Spoon'? I'll take that Bet! 😁 Great video - well explained and concise. PS. I'd like to see this used as a 'general' VPN for internal users. Subscribed.
I set up a cloudflared docker container to create a tunnel to access another docker container running on a linux host that has a public IP. When setting this up to access docker containers, make sure you turn off the target container's port forwarding or you will still expose the container to your public IP. Also, join that container to the same network that your cloudflare container is connected to. (Use the "external = true" under networks in your docker-compose). Then set your CF tunnel to point to the local IP address/port of the docker container you are trying to access. So this way the only thing that can access the container is the tunnel. I am new to all this so take it with a teaspoon of salt.
I love the way you present the video we can feel confidence in your voice (Security=knowledge=certainty and vice versa) I like to experience new things so I did step 1 and 2 so as I am not going to use Synology but a Mac Pro as a server do I really need to use Docker as tunel or I can choose Mac option instead
I am currently going through a home server rabbit hole. I've wanted set up a nice home server that serves also as cloud storage for personal files, and I wasn't sure about going forward because of security. This is seriously giving me motivation to try it out and set up a personal server.
curl into the fetal position and lay on the floor
without cf tunnels you can still have a relatively locked down home server if you just open the port to vpn in and nothing else. But vpns are not as neat.
Chris, This was so easy to set up in a matter of a few minutes. I admit the TLS had me a little tweaked. But all has been rectified and working as it was intended. Thank you.
Great tutorial! One thing to note: g. You will be required to add a payment method even though it's free. Add the payment on the main page if you get an error when prompted for a payment elswhere. Works like a charm.
When hosts deliberately omit key aspects especially costing etc. I simply follow cancel culture and move on. Why would you omit key aspects? its the same as some omitting certain steps in a process etc. Time is value, I already wasted time writing this. :)
Or because the account was set up some time before, the host either forgot or wasn't required to enter a payment method at the time of enrollment.
I just find there are simply too many youtube channels promoting aspects of learning which are in demand, but end up to be a promotor or affiliate or such, without the facts being put forward before-hand. It takes away from the positive experience and leave viewers such as myself feel cheated. @@doujinflip
Why are they requiring a payment method if its free?
Because the account can turn on paid features as well. I've been using it for the past year and love it. Haven't personally paid a cent but I liked it so much that I end up using it at work so their strategy worked.
Thanks for this Chris. Very well presented. I might set this up as a secondary access model. I currently use WireGuard running on a VM and will keep it that way. My concern about the CloudFlare setup it that its "cloud service" that the user is giving a lot of personal information, and even control. Then tying security authentication back to Google, who we all know retains more information on people than they know, just like this message I am send you, further makes me not want to do this. CloudFlare states it keeps 24 hour "logs", another reason to avoid. No logs, maybe, but we all know that all ISP and VPN providers retain logs, even when they lie and say they dont. Nothing is perfect or secure. Best regards, this was a great video.
Add on abit, vpn providers market vpn services as secure connection while not exposing any information on your device. But This can be only true if you have logs to verify that the connection is secure. Without it, the claim is vague.
@@huyongjie2992 Or you can run independent live-test certifications to verify the security without logging the user traffic.
And if the provider is in the USA, they legally have to provide logs if asked by the authorities.
Yes! Please. A video on setting up cloudflare to access your entire network! Fantastic content.
It should ALWAYS be mentioned that when using Cloudflare's services they can decrypt all of your tunneled TLS-encrypted traffic. There is a reason this service is offered for free, and it's not because Cloudflare is a charity. I wouldn't touch it with a ten foot pole.
😂👍
how dare you
Not a good idea. Why expose your entire network ???
Sarcasm?
Thank you for a very thorough and easy to follow tutorial. This is exactly what I've been looking for for months.
I'm using this to externally connect to my Home Assistant instance, as well as a couple media management tools I have, and it's flawless! Very glad that this exists, and is aimed at making things simple, while being secure.
would you mind sharing how you did it? Thank you!
thinking of doing the same , just a matter of remembering my CF account last time I was just pointing the CNAME . Domain Name to what ever port I wanted *edit* finally found the correct email account so on tomorrows todo list
I'm glad you went over the locking it all down stuff, because I was thinking yeah i'd still prefer a VPN. But after seeing the options available for securing it I'm thinking I might give it a try now.
Chris... I have implemented CF in my homelab as well similar to your configuration. Only difference was using an Ubuntu Virtual Machine as my cloudflare connector server. Works like a charm...
5:36
I love and appreciate all of your help with serious information online for CHRISTOPHER FAWCETT!!
@@machook1987 I have submitted the features of business.
Hey Chris, again great video! it's worth mentioning that people who set up Zero trust for the first time, need to pick a plan. You can choose a $0 free plan, but you do need to enter CC details or another payment method.
Thanks, I was confused until I read this.
Please do more videos on this technology, including other Zero Trust solutions from Zerotier and Tailscale. These tunneling technologies are the future of secure remote access. Traditional VPNs are failing in terms of performance. When everyone has fast upload Internet speeds with no data cap from home, running private servers will be an attractive option to keep one's data inhouse. This comes at the cost of security. These new secure access technologies will play a major role in this new data sharing lifestyle.
Tailscale is easier
Man, this is actually awesome! Thank you very much for the walkthrough! I already played around the console with some domains I own but never actually explored the tunnels! Awesome stuff! You just got yourself a new subscriber!
Yes! Please. A video on setting up cloudflare to access your entire network would be great! Thank you very much.
I have cloudflare tunnels running on a pi zero w. It works great, has been running for months, and has never gone down.
I can recall at least 2x Cloudflare had major outages causing huge issues online...wonder how it works at that point
I appreciate your instructive dialog! You have a great way of slowing down enough and explaining WHY something is being selected! Extremely helpful! Thank you!
Pretty sweet. I didn't even know this was offered, let alone for free. As of this date the tutorial went flawlessly.
I think it's important to note (learned from doing with Home Assistant) section 2.8, which restrict usage to "website" like services. I am not sure if Cloudflare will block/warn if you do a lot of traffic over the tunnel.
they will... you will get ip banned.. you cannot use these for your NAS or media related stuff... only html websites... if they see you are using it for something else then static websites you will get banned... Cloudflare Tunnels are very limited... i would choose for wireguard vpn since that is opensource and selfhosted
so I wouldn't be able to use this cloudflare service for my website?
@@ayden7241 I think for websites, it is okay. They removed that section. However there is vague definition of fair usage. Your site is self-hosted?
@@hunordori yes, they're self-hosted
@@ayden7241 Websites are ok. I have my Home Assistant. Anything that is not a high traffic.
I shill cloudflare every chance I get, all their stuff is top notch and rock solid. I heavily use tunnels, workers, and ZT, and can’t imagine a world without them now.
Thanks Chris, it is a great tutorial. I appreciate your time and effort to make this video. but I think it might not be a great solution for everyone. There is a limitation on serving non-html content such as video, audio and pictures especially for their free plan. I believe Cloudflare should be more transparent about their services.
Cloudfail is a downgrade compared to vpn.
i vouch for cloudflare tunnel, super quick to setup and no ports opened on my network. great video btw!
It is worth pointing out that Cloudflare is able to MITM all of your traffic if they wanted to.
They already effectively do this for HTTPS, because TLS is terminated on their systems and not on yours.
Back to my trusted OpenVPN tunnel on my Synology NAS then.
Yes! Either the op is a total newb/idiot, or he was payed/sponsored by cloudfail.
This is not OK. If they have access to this the government and theoretically anyone with clout can "Man in the middle" your data..
Facts
@@xpediteafrica5177the feds can mitm you by compelling your isp to do it to your connection anyway.
i've seen a lot of videos to do this, this is BY FAR the best, thanks.
Great Tutorial Video !!! Could you create a video tutorial on how to use Cloudflare Tunnel to access servers/PCs via RDP?
I am at a loss for words. That's the best explanation for the Cloudflare tunnel I've ever seen. Congratulation. Subscription is set. Thank you very much.
Wow, first of all, love the way you vividly and clearly present this. Secondly , this is sth I've been thinking of for months, since providers in Brazil and in Europe are massively switching to cg-nat. Making my VPN a hassle.
Would be awesome if Mikrotik will support the function that you put in the docker. Seems the right function for a router to me. Thanks.
Went looking for Mikrotik solutions right away. Seems they are fully supporting it. Awesome.
THANK YOU!! I’ve been searching for something like this to access my LAN while away from home. I have been on Starlink for just over a year and haven’t found a great solution to access my NAS, security system and cameras. Touring the country this summer will be a lot less stressful! :)
Hi Chris, great tutorial - well paced and easy steps to follow. As with Jeff, tripped up on TLS which needed to be turned on - as you had documented so I would recommend people download this too. Great Job
Help! Everything was working good until around the 12:18 mark. When I clicked "Traffic," there was NO Cloudflare Tunnel button to click! It's missing! Now what??
I have a raspberry pi 4 based on 32-bit ARM, and I could not use the docker command from the cloudflare website zero trust dashboard to work (and yes I installed docker and cloudfared before trying the command). However, if you follow an online guide for setting up a cloudflare tunnel on raspberry pi through the CLI, you can migrate it over to the Zero Trust Dashboard once you are finished. Then, you can manage everything easily the same way as Chris shows in the video.
I even have retronas running on the same rasperry pi and after everything was done, everything still works concurrently.. even after multiple reboots.
This tutorial is definitely worth $5 in coffee. Thanks for the details. I got it running in a QNAP docker.
As you mentioned, this just scratches the surface of what can be done with Cloudflare/d. How about a high level video on the various services and things that could be done, as I don't even know what else to look for on the CF connector. It looks like the sky's the limit.
Very helpfull. Please another video on how to set up full access to LAN .
Thanks for the walkthrough! The basic Cloudflare docker setup procedure you outline for the Synology NAS will also work for QNAP NAS that have the QNAP ContainerStation installed.
for those who get an empty page with HTML code when setting up the nas subdomain, you have to disable the Automatically redirect HTTP connection to HTTPS for DSM desktop option from Control panel -> Login portal -> DSM
THANK YOU! Been beating my head against my desk for an hour. This fixed it.
Thanks for the tutorial. I have a Synology NAS and was able to set it up exactly as you outlined. Can remotely manage my home network. Initially had some issues connecting to my Synology NAS but figured it out. Works like a charm. This is so much better than using a VPN and it's complicated for me to open ports because my LAN is behind two NAT routers.
What did you do to fix it? I am currently having issues and can't seem to figure it out.
This service is very compelling and most important of all FREE. Which begs the question… what’s the catch?? 😅
means we are the product.... info you used is collected
Dude you're amazing. I first thoght "an overexplained version" but no, as someone else pointed, you mention all the critical steps thst others YTbers skip.
A MEGA thank you brother, keep it up. ❤❤❤
Use tailscale also free with SSH security and wireguard. Very simple and works.
Oh my damn this was awesome. I also have Synology and have always struggled trying to have secure access outside my network. This was perfect.
I had Cloudflare already installed but this video explained a lot more. Further if you are running Home Assistant on a Raspberry Pi then there is a Cloudflare Add on which you can install. Question: How do you need to set it up if you want Synology apps like Photo and DS Video and want to use 2FA ? In the app you need to setup the server name but then an authentication is needed ?
Man this is so cool, I love networking! This is going to make security of company resources way easier, no hassle of using VPN's for employees. Thanks for the video!
I was already using cloudflare tunnels, but you gave me new information I hadn't known about. I originally set up individual applications with standardized rules for everything I'm hosting, but when you mentioned using a wildcard for the subdomain a light bulb went off in my head to change how I have it set up. Thanks!
Same
For me, with a cgnat internet connection this is GOLD! Thanks!
Great tutorial, really appreciate you going through what breaks linkages, particularly with respect to TLS certs.
This is cool. It opens up a whole host of remote LAN access options.
Chris bringing quality and useful content as always! Keep it up! You are doing great! :)
This was extremely useful and clear. Thank you, I didn't know Cloudflare offered free tunneling!
A super secure DDNS server on steroids. If Docker can be integrated into consumer-based routers through a software repository without the need for a secondary device to run 24-7, it would be a major game changer for home and small office users that require remote access to NAS devices, surveillance systems, and other basic resouirces. Thanks for the info! I've never heard of this service before! A very informative video!
wow! after all these failed trials with forwarding ports, public IP and other nonsens stuff and wasted literally days of my life, I finally managed to access to my home services outside of my local network. Thank you! I am so glad I have found your tutorial with potential problem examples. These problems weren't potential in my case.
This is great, Cloudflare and government agencies will also be able to access your home more easily, it's so cool.... so cool🤣🤣🤣
@@elbgFr xD
THIS LOOKS GREAT!! i love zerotier! wonder how these two services compare? perhaps another video? :)
Thank for this very helpful tutorial. I had a few bumps in the road for my particular situation, but using both the video and the blog post, I finally succeeded.
If you set up a tunnel through Cloudflare and transfer a lot of data (lets say 20 terabytes per month) would you have to pay for that traffic going through this Cloudflare tunnel? (Think off-site backups to a datacenter.)
Been using cloudflare with warps for 3-4 years now, no complaints
Hi Chris, I'm at the traffic part, but It is not giving the choice for a tunnel. I have looked everywhere in cloudflare but I can't find it. What options do I have? thanks.
Wiele poradników obejrzałem, ale żadena z konfiguracji nie działała.
Twój poradnik jest najlepszy i co ważne cloudflare działa!!!!
Dziękuje po wielokroć!!!
If you have a chance can you please do a video with cloudflare and a setup with Remote desktop, thanks!
Running Guacamole in a Docker container is a good way to achieve this. Not sure if this is the answer you want though
Did you ever figure this out? I saw a comment on another channel that said cloudflare closed RDP on the free version
@@malasoat1 thanks for the suggestion, I'll look into this.. it might be what I need.
@@joshpoore5288 No not yet, I am currently looking into a few other options. I never could get RDP to work with cloudflare. It might be due to the free version I have like you mentioned.
Hello, this is the most descriptive, detailed and step-by-step video I have ever watched. Thank you very much.
Came over here after watching Network Chuck, compared to him I like the way you go over the details slowly but also explain things in simple terms. I'll be trying this out tomorrow morning. You earned by sub! Look forward to more tutorials.
i can't believe i learn a such hard thing in one go. will definitely try it.
Hi, So Tunnels is not available until you enable Argo, so you must have a credit card in order to get that service up and running. But you will probably generate less than a gig of traffic for this purpose. Thank for sharing this info!!! Love this video. Subscribed!!!!
I'd love to see a comparison of Cloudflare to Tailscale. With Tailscale, you don't need a domain name and that's a big hurdle for some of us as easy as it may be.
Exactly the video I was looking for - thanks so much buddy!
Nice tutorial. Didn't work for what I wanted but a little more research and I was able to get that going. Thanks for the info, I'll be testing this quite a bit before home and work implementation.
It seems like wireguard is more functional then this, there are some serious file transfer limitations in their terms.
I looked at their zero trust pricing plans and couldn't find any transfer limitations mentioned for the free plan, I'm guessing that's hidden somewhere. Can you give a synopsis of the limitations or a pointer on where to find that information from cloudflare?
I have been looking for a cheaper tunnel solution for my nvidia jetson box. These instructions are easy to follow. Thanks!
Great Review. You have demonstrated this so almost anyone could setup there own setup!
Remember friends... Nothings free.
What is not mention is that you don't need a dynamic DNS, which can be a hassle. Also you can use this for publishing a public website.
I don't know if this will replace VPN though, since you don't get full access to the remote network, which is often required. If you use multiple porta than setting up tunnels can become impractical.
Thanks for a fantastic introduction to tunnels! I actually might start using them!
For example, if the sales team only has to access the network drive, we can restrict their tunnel to the file server only instead of the whole network when they work remotely.
If I need a contractor to help setup a new app on a server, and they have to work remotely, so I can only restrict their tunnel to 1 server only.
Yes this will replace our vpn in a month or two, I can't wait.
This is also a very affordable and secure solution for small business.
@@jackwong64 It's a great tool - there's no doubt about it. In most cases it can replace VPN and is even much easier to setup than VPN.
But it also has its limitations. I'm talking about system administration where you need an unrestricted access to every server/device in the network.
Then it becomes impractical due to the fact you need to create a DNS entry and a publishing rule for each of the servers and it's ports. And then you would need to maintain that list with each added or removed (virtual) server or device.
And then there's the question of security - in some sensitive business cases such as banking/military it is not acceptable to allow a full access to the internal network to a 3rd party (CloudFlare).
To conclude - although it's a great tool it will not replace VPN completely.
@@nderezic I completely agree with you. We have client that is a road warrior that needs to access multiple server, like finance and file server. If cloudflare needed to be setup a tunnel for each server, then the road warrior will need to connect to 2 different domain to access 2 different server, which is not very practical.
Plus some of the road warrior will get confused. VPN is still way to go
The video was excellent and I agree that the use of tunnel connections like these will likely become increasingly popular. I'm wondering if it's possible to set up a Cloudflare tunnel that would allow me to establish an SSH connection to servers on my home lab?
Yes, ssh is a supported protocol.
Although it is supported, using something like Guacamole is highly recommended, since it secures it much more, rather than running SSH on port 22
Amazing, just amazing and simplifies video to what I was struggling with.
More cloudflare content would be really great!
The blog guide is simply amazing! Congrats for the hard work.
it was very informative & Very educative content. I highly encourage you to keep this type of content up!i'm waiting for your next video about cloudflare Tunnels . thnx
Exaclty the video I needed to make things work with Starlink... Thanks & kudos...😎
Fantastic video and walkthrough! I had no issues following along and setting this up for my self-hosted services. I'm glad you went to LTX and I found your channel after watching the home lab panel.
Hello Chris! Many thanks for this great tutorial
I was going to try this INSTEAD of Tailscale and coulant figure out why decide to device wasn’t working till I found out it’s limited to HTTP without a paid plan.
I still LOVE this for a second way to connect to my devices from the internet or to share access to things like Synology DSM.
like, sub, comment - this is wonderful information and will help me to mature my home office setup as I am V E R Y averse to punching holes in my firewall
This is so cool I just did , awesome , thanks Chris , new subscriber
Great Video. Certainly interested in learning how to apply it to give access to local domain instead of using VPN
Thank you very very much for this step by step easy to follow tutorial.
Was actually looking for a good video and found this to be more relevant to what i was looking for. Thank you
Awesome. I now have access to my home assistant application.
Hey Chris, awesome tutorial. I have 2 Questions maybe you or someone else can answer.
1. You talking about not using pi, because you need to use commandline on it for configuration. I think you talking about to directly installing the application on the linux system on the pi. Does anything speak against using the Docker Container on the pi?
2. You talk about that with using the tunnel you don't have to punch holes in your firewall and it even hides your global ip, but on the other side you confirm at the end that with that tunnel you break down the whole firewall and give cloudflare access to anything. I do like the pro points of that tunnel approach but what is the best way to eliminate the cons point and restrict the access of that docker container to the local network, so that it only has access to the services I allow it to access?
This was so easy to set up in a matter of a few minutes. Thank you
Great video!!! You literally answered all my questions during the tutorial, keep it up, you are great
Hope to have deep dive tutorials about this
bUt i dOnT tRuSt a tHiRd pArTy
Hi Chris, thanks for the tutorial, that's pretty clear, and you showed well how powerfull cloudflare tunnels are !
wow this was an awesome video - thanks for sharing, Chris.
No. Just no. Cloudflare tunnels deletes all privacy.
But privacy regarding the service u r using or all privacy at all?
?
If you use their tunnel, they decrypt your data, save it, and then re-encrypt it to send to the destination. They have an unencrypted copy that anyone can use.
It’s better if you don’t want to port forward anything
@@Rastlovno not anyone can use it
Now that I have this setup, can I take the next step and add a public hostname to VNC into my Mac over web browser? Really great tutorial, the best I've ever seen.
'Skinning a Cat with a Knife is easier the Skinning a Cat with a Spoon'? I'll take that Bet! 😁 Great video - well explained and concise. PS. I'd like to see this used as a 'general' VPN for internal users. Subscribed.
Absolutely great video tutorial! Many thanks for figuring all of this stuff out and explaining it so well!
This is amazing. Subscribed!
Love the tutorial!
Thank you so much. I'm a new sub
Great overview! I'm going to set this up 👍
I set up a cloudflared docker container to create a tunnel to access another docker container running on a linux host that has a public IP. When setting this up to access docker containers, make sure you turn off the target container's port forwarding or you will still expose the container to your public IP. Also, join that container to the same network that your cloudflare container is connected to. (Use the "external = true" under networks in your docker-compose). Then set your CF tunnel to point to the local IP address/port of the docker container you are trying to access. So this way the only thing that can access the container is the tunnel. I am new to all this so take it with a teaspoon of salt.
I love the way you present the video we can feel confidence in your voice (Security=knowledge=certainty and vice versa) I like to experience new things so I did step 1 and 2 so as I am not going to use Synology but a Mac Pro as a server do I really need to use Docker as tunel or I can choose Mac option instead
The seven words that make the algorithm love You.
This is huge!
I can also elimanate my reverse proxy and firewall rules.