Set Up a Cloudflare Tunnel to Expose Local Servers to the Internet
If you are running a local server at your home on an old laptop or PC—such as a Plex Media server, a file server, a web server, or any other server—you’re able to expose it to the internet by using the port forwarding option in your router. However, it’s neither secure nor recommended to access a server that way in a production environment.
We will show you how to expose your local servers securely with an HTTPS connection to the internet using the free Cloudflare Tunnel service—without disclosing your public IP.
What is Cloudflare Tunnel?
Cloudflare Tunnel, formerly known as Argo Tunnel, helps users to securely expose their resources, such as local servers, to the internet without a public IP address or having to enable port forwarding in the router. When you set up a Cloudlfare Tunnel in your Windows, macOS, or Linux system, a lightweight tunneling daemon (cloudflared) is installed and sits between your resource (local server) and the Cloudflare network. With Cloudflare Tunnel, you can safely expose and connect any local HTTP web servers, remote desktops, SSH servers, or various other protocols to the internet.
Below, our stepwise instructions show how to set up the cloudflared tunneling daemon on Windows, macOS, Linux, and Raspberry Pi for exposing local servers to the internet.
Before You Begin
To install and set up the cloudflared tunneling daemon on your system, you need to fulfill these prerequisites:
Once these requirements are met, you can follow the steps below to set up the Cloudflare Tunnel on your Windows, macOS, Linux, or Raspberry Pi computer.
Install Cloudflare Tunnel on Windows
Setting up Cloudflare Tunnel on a Windows system requires you to install a lightweight server-side daemon. Go thecloudflared releasespage and download the correct version for your version of Windows:
After downloading the cloudflared daemon setup, go to the folder where the setup is located and rename the file tocloudflared.exe. Then open the Command Prompt and navigate to the location where the cloudflared daemon is located using thecdcommand. For instance:
Then run the following commands to check the version and install the latest update.
If you see an output as shown in the screenshot below, you are good to go.
You must check for cloudflared updates every once in a while, to keep the setup updated and avoid connectivity issues.
Install Cloudflare Tunnel on macOS
On macOS, you’re able to use the Terminal app to download and install the cloudflared daemon and then use commands to create a secure tunnel and expose local servers to the internet.
To download cloudflared, run the following command in the Terminal:
Alternatively, you may run this command to download cloudflared:
Install Cloudflare Tunnel on Linux
Based on the Linux operating system you are using, download thecloudflared package. Then open the Terminal app, navigate to the location where the package is downloaded, and install it. Alternatively, depending on your Linux distro, you could use one of the following commands to download and install cloudflared.
DEB Install
RPM Install
Arch Linux
On Arch Linux, use the pacman tool to install cloudflared.
Install Cloudflared Tunnel on Raspberry Pi
There’s no official cloudflared build or repository for Raspberry Pi Zero, 2, 3, or 4. However, you’re able to install and use the ARMv6 unofficial builds for Raspberry Pi to set up the cloudlfared tunnel in Raspberry Pi OS. We have already covered a few tutorials, such as theself-hosted BitWarden password manager on Raspberry Pi Zero, where we have used the unofficial builds to expose our local servers to the internet with an HTTPS connection via a Cloudflare Tunnel.
To install cloudflared on Raspberry Pi OS Bullseye (or another version), run the following command in the Terminal.
To check for the latest unofficial versions for Raspberry Pi, check out theARMv6 builds page.
Create and Set Up a Cloudflare Tunnel
Once the cloudflared daemon is downloaded and installed on your Windows, macOS, Linux, or Raspberry Pi, you can create a Cloudflare Tunnel by using the following command in the Terminal app or Command Prompt:
On Windows, macOS, or Linux, this will open the Cloudflare login page in your default web browser. If the browser window does not open automatically, copy the URL displayed in the command output and then paste it into the web browser and log in to your Cloudflare account.
Once logged in, select the domain you added to the Cloudlfare account and clickAuthorize.
Once authorized, you will see the “You have successfully logged in…” message. It will also generate acert.pemfile and store it in the default cloudflared directory location:
Next, we need to create a tunnel by using the following command:
you’re able to name your tunnel whatever you like. For instance, wehosted a WordPress site on an old laptopand used the site name as the tunnel name; this makes it easy to remember.
The command will create a tunnel and also a JSON file with a unique alphanumeric tunnel UUID. Copy the JSON file path and tunnel UUID, paste it in a Notepad or Notes List, and keep it safe as we will need these to create a configuration file.
To create the configuration file in macOS, Linux, or Raspberry Pi OS, run the following command,
In the editor, paste the following code.
Make sure to replace the TunnelUUID and the JSON file path in thecredentials-filecode line. PressCTRL + XorCommand + X(macOS) and then theYkey followed byEnterto save the changes in theconfig.ymlfile.
On Windows, you can use File Explorer and navigate to the following location:
Then right-click, selectNew>Text Document,and paste the aforementioned block of code.
ClickViewin the File Explorer and enable theFile name extensionsoption.
Then edit the text document namedconfig.yml.
You can add multiple hostnames and services in the configuration file to access them via the internet via a Cloudlfare Tunnel. Simply, copy the first two lines below theingress:code line and paste them before the-service: http_status:404. Replace the hostname and the local server IPs to forward the traffic from the internet to the particular local server. See an example below.
An example for multiple hostnames and services:
Save the changes and then create the CNAME records in Cloudflare DNS using the following command.
For instance:
Once the CNAME is added, you can start the tunnel to access your local server via the internet using the hostname you assigned.
If you see a similar output as in the screenshot above, the tunnel has started successfully. you may now open the web browser on any device connected to the internet and visit the hostname. For this case, it’smyhome.smartghar.org.
Since we want the hostname to load our router configuration page, we added the IP192.168.0.1, which otherwise was only accessible via the local network.
You must enable the SSL/TLS option to Flexible or Full (whichever works for you) to enable a secure HTTPS connection with your local instance.
Endless Possibilities
With Cloudlfare Tunnel, you can access any server setup in your home via the internet for free. You can use this service to host a website on a local system and test it before deploying it on a web server or allowing access to the public. You can also use it to securely access your local smart home running on Home Assistant or any other server via the internet.
We have set up the Cloudflare Tunnel service on a Raspberry Pi Zero W, which has a smaller footprint, consumes less power, and works perfectly fine, allowing us to access all our local servers remotely.
If you can nail this DIY project, you may never have to pay for cloud storage again.
Unlock a world of entertainment possibilities with this clever TV hack.
If an AI can roast you, it can also prep you for emergencies.
You’ve been quoting these famous films wrong all along!
Your phone is a better editor than you give it credit for.
The best features aren’t the ones being advertised.
