@@peejwilco1357 Please guide me to create a host name in zero trust under tunnel. Because their website tabs changed so i find difficult to try by this tutorial which is little old.
Not re-loading in a private window was what I was missing. I did everything you covered in your video on my own, and was confused why it wasn't prompting for authentication... Found your vid, skimmed to find what I needed and bam! Private window haha. Cheers
great video buddy, i've been having trouble securing my linux services for a while now i was about to give up. im pretty new to domains, but you're video was perfect showed me step by step and worked like a charm.👍
For mobile devices like phones and a use case such as using the immich app, I don't want to have to 'authenticate' with username/password to access the tunnel nor do I want some VPN running all the time.. Can this work by issuing a certificate to the device such that it never has to authenticate and always has access (unless revoked) to the tunnel?
What if you want Zero trust working with apps like Audiobookshelf to connect to Audiobookshelf server? The web login via authentication is fine for web based services but not apps. Is there a way to have a cloudflare app or service running on device trying to connect that will authenticate the device with Cloudflare and then allow connection for apps?
Hi. The whole point of using Cloudflare tunnels is to avoid exposing out Public IP address. But here in the video, you hardcoded the Public IP address instead of Private IP address. Was that intentional? If all we wanted was a domain name, we could have created a A record using our public IP. Correct me if I'm wrong. Thanks
Hey! Just wanted to know how did you get those domain names? And where can I get them? If yes, where are the paid ones and few ones? How can we map it with cloudflare!?
doing tunnel will it have any effect on bandwidth let see my home has 200mb up/down limited tunneling to do on Cf do it originally getting more bandwidth now from cloudflare or tunneling is just to mask and secure ur home ip
What ports need or not need to be open in the fierwall for the tunnel? Today I have 80 and 443 open and pointing to my pihole and from pihole are some directed to npm.
Thanks for the video! It works and adds an extra layer of protection. However, it can be challenging for applications with mobile and desktop apps. For example, my self-hosted password manager couldn't sync or save new credentials. There might be additional settings needed, but I couldn't figure them out yet, so I had to remove the application protection. I'm hoping to find a way to make it work without breaking the desktop/mobile app features.
I had the exact same issue with Nextcloud. Providing you have a static IP or you will need to adjust it when it changed. You can add a bypass rule to your Application Policy in Cloudflare, for your Public IP, so anything coming in via that IP bypasses the rules and this will allow your apps to reach the service
@@Techdox Thank you! The bypass rule is working flawlessly! Hopefully, they update the rules to add support for DDNS for users with dynamic IP addresses. Also, is there a way for users with a shared link to bypass the rules and retrieve a file from the application?
Excellent video, loving the channel👍. How would it work with VaultWarden or similar app which can't log in with the IDP web portal? Do you just expose it without that IDP part, while using the other Zero Trust settings like whitelisting country IPs?
In your application setting you can setup a new policy with a bypass rules based off location, IP etc which will completely skip the cloudflare auth. For example my Nextcloud app on my phone would get stuck trying to reach my service because of the Clouflare Auth page, having the bypass fixes that. I hope that was your question haha
@@Techdox related to other top comment/question ... Assuming you don't care about option to allow someone to access your Nextcloud install without setting up "VPN" (say for your parents that have gmail/facebook and can login through that) - it seems like TailScale on your phone and server with nextcloud instance would work for games/apps/etc.
I'm trying to set up a Cloudflare Tunnel for my root domain without using a subdomain. However, I'm facing issues where the root domain does not connect through the Cloudflare Tunnel as expected. I set up a CNAME record pointing to my tunnel's unique ID, but it still doesn't work properly. There’s no A record for the root domain, and Cloudflare seems to require the CNAME pointing to the tunnel, yet it doesn’t resolve. I’ve cleared caches and checked the tunnel status, but the root domain remains inaccessible. Any guidance on how to configure this correctly would be appreciated.
Hey, you don’t need to make the CNAME that should be made automatically when you set up the host name connection to the service in the tunnel. Feel free to join the discord and we can help you
@@Techdox Thank you for your response! I wasn't expecting such a quick reply. I did exactly as you suggested. You're awesome, by the way I subscribed to your channel
@Techdox the TCP port (eg 6881) is used for incoming connections (for seeding) on qbittorrent. If not part forwarded some how then will it ever seed? Thanks
Interesting, I have not needed to open any ports for my container to seed etc, give it a go and see without port forwarding and let me know how it works@@timsavory9718
Thank you for your nice works. I have some questions. 1. How much cloudflare turnel's network traffic price? (ex. AWS EC2 is '0.117$ per 1TB) 2. Can we use this as IP also? (Not domain) I hardly have found this, but I can't find it)
I could be wrong but Cloudflare tunnels are 100% free and there is no cap on traffic going through. You could use Cloudflare WARP which is a VPN to your services if you wanna connect via IP and not a domain name
Hi Man, So after u install the tunnel command in docker , I need more information on this whats the next step do you have any documents fot this pls thanks
You should be able to follow the steps I took on the video, once you have the tunnel running it should show as active in Cloudflare. Then you can setup your tunnel to expose your applications
Question I got everything to work, but on the padlock after I login it has a warning: Parts of this page are not secure (such as images). I see the error on Firefox, but not Google Chrome.
@@Techdox I am guessing it is because it used http for the ip address to connect to the local server and that is why there is a warning about mixed parts not secure. Anyway I am going to use proxmox and install a virtual machine for the Ubuntu server. I will see if the error still persists.
Your site is drawing resources from outside sources like Google fonts, but provided over http rather than https. W3 resources, for instance, often get hard coded as http. Find those references, make sure they can be accessed over https, and update your code. Fun, fun!
You show to use tunnel with docker of nginx. And i have question i don't see any valid reason to use tunnel when you after that use nginx which is anyway proxy pass + use cloudflare in front to protect ddos etc. Can you or someone explain if it's worht to use tunnel if i use anyway nginx to pass forward request?
@@Techdox Yes but you have to trust 100% that service from cloud flare because They can encrypt and read every traffic coming from your system. Or not?
hey man, why doen cloudflare keeps going down, it is not consistently connected, only last for less than one hour, but i need consistent nad permanent connection, what should i do my friend , thanks
@@Techdox the http serve runs on a linkstack docker, and my host server keeps running all the time, but the tunnel just keep going down, i don't know why
@@ricgondo so you are trying to SSH into a server with Cloudflare and it’s not working? I might need some more context but there’s two things here. Cloudflare tunnel will allow SSH via their tunnel but if you want to be able to connect to your services like normal via ssh from your terminal etc, you can use Cloudflare WARP, it’s a client you download on your pc and acts as a VPN for all your services
@@Techdox I was able to expose the Nginx just like you did via docker... then I also installed a SQL Server docker, which can be accessed internally but after adding it to the Cloudflare tunnel Public Hostname like the Nginx in your video, I'm still not able to access it. The same goes to the SSH. Thanks!
So focusing on the SQL server first, when you say access it you mean accesing it via it's public hostname via something like SQL management server? - I'm not sure if you have Discord but feel free to join it, it might make it easier to chat :) - discord.gg/m6ZMZkPBUG
@@Techdox My Nextcloud docker on unraid. I tried the tunnel with http and https. One said the error above. If I changed it I got that cloudflare screen with server down.. I'm using nginx proxy manager if that makes a difference. It's fine if I just have is as a regular A name so I guess I'll leave it at that.
The process is the same besides the tunnel setup which you can still do via Docker or you can install following their windows steps. The rest is still identical
tunnel now live under Networks not Access in cloudflare if anyone is wondering
Thanks for that, yeah that’s tech for you. Always changing haha
They be changing stuff and where things live a lot. Makes more sense tbh but yeah, if you didn't know :(
@@peejwilco1357 Please guide me to create a host name in zero trust under tunnel. Because their website tabs changed so i find difficult to try by this tutorial which is little old.
Worked so hard didn't work, searched everywhere and didn't find the information i needed. But in this video i got everything i wanted! THANKKSSS!
Glad I could help! :)
Thanks for explaining so clearly. You are very helpful
You're very welcome!
Not re-loading in a private window was what I was missing. I did everything you covered in your video on my own, and was confused why it wasn't prompting for authentication... Found your vid, skimmed to find what I needed and bam! Private window haha. Cheers
Easy to understand explanations. It works! Thank you.
Glad I could help :)
Fantastic video, just what I was looking for. Subbed!
Thanks!
Thank you so much ❤
great video buddy, i've been having trouble securing my linux services for a while now i was about to give up. im pretty new to domains, but you're video was perfect showed me step by step and worked like a charm.👍
Amazing introductory video to Cloudflare Zero Trust. It really helped me out with my project. Thanks
Fantastic! Your Vaultwarden video and this one helped me get it running in Docker. I greatly appreciate your clear and concise explanations! 😊
Great video. still using this in 2025 especially the security part at the end
Thanks for this Video. Tried to do it myself and didn't get it to work. With your video it was a piece of cake.
Thanks for this overview; it is very helpful.
Well done. From the Duke of Dockers!! 😊
Thank you!
Your content is so good. Just cmt to send a thank, already subscribed
Appreciate you :)
For mobile devices like phones and a use case such as using the immich app, I don't want to have to 'authenticate' with username/password to access the tunnel nor do I want some VPN running all the time..
Can this work by issuing a certificate to the device such that it never has to authenticate and always has access (unless revoked) to the tunnel?
What if you want Zero trust working with apps like Audiobookshelf to connect to Audiobookshelf server? The web login via authentication is fine for web based services but not apps. Is there a way to have a cloudflare app or service running on device trying to connect that will authenticate the device with Cloudflare and then allow connection for apps?
Hi. The whole point of using Cloudflare tunnels is to avoid exposing out Public IP address. But here in the video, you hardcoded the Public IP address instead of Private IP address. Was that intentional? If all we wanted was a domain name, we could have created a A record using our public IP. Correct me if I'm wrong. Thanks
@@nkumarme2 hey I wouldn’t have used a public IP anywhere everything points to the local IP. Do you have a timestamp in question?
Hey! Just wanted to know how did you get those domain names? And where can I get them? If yes, where are the paid ones and few ones? How can we map it with cloudflare!?
I bought most of these via Cloudflare itself and doing that it shows up in Cloudflare as an option to use them
This was useful. Thanks! 🎉
this cloudflare feature is amazing
Did you add the name servers from your registrar to cloudflare to get the domains to work properly? Thanks again sir.
@@michaelcooper5490 for the ones not bought via Cloudflare, yeah
thankyou sir. you are great!!!!!
You are great!
which flag should I use if I want to use not a docker but Mac for tunnel in detach mode? same as -d for docker
doing tunnel will it have any effect on bandwidth let see my home has 200mb up/down limited tunneling to do on Cf do it originally getting more bandwidth now from cloudflare or tunneling is just to mask and secure
ur home ip
What ports need or not need to be open in the fierwall for the tunnel? Today I have 80 and 443 open and pointing to my pihole and from pihole are some directed to npm.
You shouldn’t need to open any ports, it will run via 443 I believe which should be a standard port that’s open
The documentation on connecting NextCloud to CloudFlare Zero Trust Tunnels says to use port 11000. I'm having issues with it. Any insight?
Join the discord and I can help :)
@Techdox awesome, will do! Thank you!
Thanks for the video! It works and adds an extra layer of protection. However, it can be challenging for applications with mobile and desktop apps. For example, my self-hosted password manager couldn't sync or save new credentials. There might be additional settings needed, but I couldn't figure them out yet, so I had to remove the application protection. I'm hoping to find a way to make it work without breaking the desktop/mobile app features.
I had the exact same issue with Nextcloud. Providing you have a static IP or you will need to adjust it when it changed.
You can add a bypass rule to your Application Policy in Cloudflare, for your Public IP, so anything coming in via that IP bypasses the rules and this will allow your apps to reach the service
@@Techdox Thank you! The bypass rule is working flawlessly! Hopefully, they update the rules to add support for DDNS for users with dynamic IP addresses. Also, is there a way for users with a shared link to bypass the rules and retrieve a file from the application?
Excellent video, loving the channel👍. How would it work with VaultWarden or similar app which can't log in with the IDP web portal? Do you just expose it without that IDP part, while using the other Zero Trust settings like whitelisting country IPs?
In your application setting you can setup a new policy with a bypass rules based off location, IP etc which will completely skip the cloudflare auth.
For example my Nextcloud app on my phone would get stuck trying to reach my service because of the Clouflare Auth page, having the bypass fixes that.
I hope that was your question haha
@@Techdox related to other top comment/question ...
Assuming you don't care about option to allow someone to access your Nextcloud install without setting up "VPN" (say for your parents that have gmail/facebook and can login through that) - it seems like TailScale on your phone and server with nextcloud instance would work for games/apps/etc.
I'm trying to set up a Cloudflare Tunnel for my root domain without using a subdomain. However, I'm facing issues where the root domain does not connect through the Cloudflare Tunnel as expected. I set up a CNAME record pointing to my tunnel's unique ID, but it still doesn't work properly. There’s no A record for the root domain, and Cloudflare seems to require the CNAME pointing to the tunnel, yet it doesn’t resolve. I’ve cleared caches and checked the tunnel status, but the root domain remains inaccessible. Any guidance on how to configure this correctly would be appreciated.
Hey, you don’t need to make the CNAME that should be made automatically when you set up the host name connection to the service in the tunnel. Feel free to join the discord and we can help you
@@Techdox Thank you for your response! I wasn't expecting such a quick reply. I did exactly as you suggested. You're awesome, by the way I subscribed to your channel
How do I get this working for UDP?
Thanks for the video. If i expose qbittorrent using cloufare then presumably i still need to froward the TCP port (eg 6881) on my router?
That's the great thing about Cloudflare, not port forwarding needed. Just expose the UI port to access it via Cloudflare and that's it
@Techdox the TCP port (eg 6881) is used for incoming connections (for seeding) on qbittorrent. If not part forwarded some how then will it ever seed? Thanks
Interesting, I have not needed to open any ports for my container to seed etc, give it a go and see without port forwarding and let me know how it works@@timsavory9718
Thanks again, i also host a mail server on my NAS, will cloudfare block it?
Cloudflare only has access to what you give it access to, any existing services won't be touched by Cloudflare
Can i use my synology nas.
And can i use that nas’s nfs storage for recording my nvr outside my home network with or with a public ip.
Yeah, Synology NAS should be fine, just run the tunnel via Docker. Also, the NAS storage via Public IP I would need more details on the setup
Thank you for your nice works.
I have some questions.
1. How much cloudflare turnel's network traffic price? (ex. AWS EC2 is '0.117$ per 1TB)
2. Can we use this as IP also? (Not domain)
I hardly have found this, but I can't find it)
I could be wrong but Cloudflare tunnels are 100% free and there is no cap on traffic going through.
You could use Cloudflare WARP which is a VPN to your services if you wanna connect via IP and not a domain name
Hi Man, So after u install the tunnel command in docker , I need more information on this whats the next step do you have any documents fot this pls thanks
You should be able to follow the steps I took on the video, once you have the tunnel running it should show as active in Cloudflare. Then you can setup your tunnel to expose your applications
Question I got everything to work, but on the padlock after I login it has a warning:
Parts of this page are not secure (such as images).
I see the error on Firefox, but not Google Chrome.
Interesting, I don’t use Firefox but worth looking into. Did you find any answers so far?
@@Techdox I am guessing it is because it used http for the ip address to connect to the local server and that is why there is a warning about mixed parts not secure. Anyway I am going to use proxmox and install a virtual machine for the Ubuntu server. I will see if the error still persists.
Your site is drawing resources from outside sources like Google fonts, but provided over http rather than https. W3 resources, for instance, often get hard coded as http. Find those references, make sure they can be accessed over https, and update your code. Fun, fun!
Hi please help me I am not understanding what is the zero trust plan for if I choose free plan does it limit my website user limit
Hi, no the free tier does not limit website users. Your zero trust users within Cloudflare is limited to 5 I believe
@@Techdox Oki thanks 🙏
Is necessary to use Cloudflare WAF Rules with Zero Trust to expose services?
No, only if you wish to add rules on who can access it
@@Techdox only the zero trust rules.
Nice mate 👍
😊
You show to use tunnel with docker of nginx. And i have question i don't see any valid reason to use tunnel when you after that use nginx which is anyway proxy pass + use cloudflare in front to protect ddos etc. Can you or someone explain if it's worht to use tunnel if i use anyway nginx to pass forward request?
Totally up to you. I use it so I don’t need to expose my public IP address and you get the added protection from Cloudflare
@@Techdox Yes but you have to trust 100% that service from cloud flare because They can encrypt and read every traffic coming from your system. Or not?
Don't forget to set it to autorun after the machine turns on
Hi can i use another programm besides docker a need a tunnel for my mac high sierra 10.13 and i cant install docker
Yeah in the zero trust screen where you see the steps for setting up the tunnel they have more options that just docker for a tunnel
@@Techdox thank you ,for you kindness
hey man, why doen cloudflare keeps going down, it is not consistently connected, only last for less than one hour, but i need consistent nad permanent connection, what should i do my friend , thanks
Ii will stay up as long as the host stays up, where is it runnign and do you restart the host often?
@@Techdox the http serve runs on a linkstack docker, and my host server keeps running all the time, but the tunnel just keep going down, i don't know why
when I sweat "docker ps" it doesn't show me what you show in the video, it offers me to download two
I know I am a bit late, but what is the actual message?
Can you use Authentik as an identity provider?
I just checked the list and could not see it there
@@Techdox I guess it would work with the Generic SAML 2.0 option?
Yeah, doesn’t hurt to find it a shot :)
Wow, nicely done! I was able to expose my nginx as well! Can I do the same for my ssh server?
Hey! Thanks for being a member! Yes you can also expose SSH as well :) just like you can select HTTPS etc there is an option for SSH :)
@@Techdox I don’t know why, but my SQL Server and SSH connections are not working, any tips 😝?
@@ricgondo so you are trying to SSH into a server with Cloudflare and it’s not working? I might need some more context but there’s two things here.
Cloudflare tunnel will allow SSH via their tunnel but if you want to be able to connect to your services like normal via ssh from your terminal etc, you can use Cloudflare WARP, it’s a client you download on your pc and acts as a VPN for all your services
@@Techdox I was able to expose the Nginx just like you did via docker... then I also installed a SQL Server docker, which can be accessed internally but after adding it to the Cloudflare tunnel Public Hostname like the Nginx in your video, I'm still not able to access it. The same goes to the SSH. Thanks!
So focusing on the SQL server first, when you say access it you mean accesing it via it's public hostname via something like SQL management server? - I'm not sure if you have Discord but feel free to join it, it might make it easier to chat :) - discord.gg/m6ZMZkPBUG
Does this help to hide the IP address of the site?
Yeah, this will show up as Cloudflare IP addresses, not yours
So, perhaps this will help protect against DOS attacks such as hotlinking?@@Techdox
This worked for about 1 minute then I suddenly got a ""the plain http request was sent to https port"" error. I can't resolve it.
What are you trying to expose?
@@Techdox My Nextcloud docker on unraid. I tried the tunnel with http and https. One said the error above. If I changed it I got that cloudflare screen with server down.. I'm using nginx proxy manager if that makes a difference. It's fine if I just have is as a regular A name so I guess I'll leave it at that.
make windows 10 Cloudflare Zero Trust Tunnel Guide
The process is the same besides the tunnel setup which you can still do via Docker or you can install following their windows steps. The rest is still identical
Pardon, what kind of English do u use? Where r u from?🤔
@@OldPekar standard English 😂 I’m from New Zealand
bro lowkey looks like leclerc
I'll take that haha
promo sm 😥
Hey, what’s up?
Selfish show idea. Install every single bitcoin node software option available!!
I think at some point they are all the same just a different UI haha
Thanks!
You are very generous 😊 Thank you for your support