Using Cloudflare Tunnels For Hosting & Certificates Without Exposing Ports On Your Firewall

preview_player
Показать описание
Cloudflare Tunnel Docs

pfsense HAProxy video

Jeff's How I survived a DDoS attack
Connecting With Us
---------------------------------------------------

Lawrence Systems Shirts and Swag
---------------------------------------------------

AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store

UniFi Affiliate Link

All Of Our Affiliates that help us out and can get you discounts!

Gear we use on Kit

Use OfferCode LTSERVICES to get 10% off your order at

Digital Ocean Offer Code

HostiFi UniFi Cloud Hosting Service

Protect you privacy with a VPN from Private Internet Access

Patreon

⏱️ Time Stamps ⏱️

00:00 Cloudflare Tunnels
00:30 Requirements
01:42 Security Considerations
04:06 Demo Lab Setup
06:43 Documentation & Dashboard Setup
07:42 Creating Tunnels
14:41 Adding Application Security

#homelab #cloudflare #firewall
Рекомендации по теме
Комментарии
Автор

I think it’s important to note that cloudflare tunnels have limitations. For exemple if you plan to use this to access stuff that require large file transfers like nextcloud, cloudflare tunnels are limited to 100mb per file.

ffjmr
Автор

I've been using this service for 2-3 months and I love it. Easy setup and it works very well. I'm stuck behind CG-NAT making self-hosting difficult, but Cloudflare tunnels have made life much easier.

KenPryor
Автор

Very informative. That extra layer of security was exactly what I was looking for

pablogc
Автор

I started using this to have my college labs accessible when out of home.

Making code changes real time and see them implemented makes life a lot easier.

lespinoz
Автор

You never fail to give me practical new information on new systems. Thanks 😀

adamisherwood
Автор

A few things to note: end-to-end encryption can be achieved by specifying a trusted CA and an expected hostname within the cloudflare zero trust dashboard.

Also, docker isolated networks are a MUST if you're going to host other containers/services that you don't want exposed to the internet

malachis
Автор

This is why I love this channel - first time I hear of the TLS intercept, which is okay, but you have to be aware of this. None of the other pointed this iirc...

nixxblikka
Автор

It's hilarious how many times in the past year I've search this up to bypass ISP port blocking, and still haven't done it... maybe this will be the recemented video that makes me implement it.

realMattGavin
Автор

thanks so much for your detailed videos - I have been struggling since last couple of days to fix the cloudflare tunneling problem with my docker container and continuously watching videos on youtube. But your video help me to resolve the issue, thanks again.

monirulislammonir
Автор

I'd love to see you run your ssh connections through a tunnel. I've only managed to do it with their in-browser ssh client, and not through a remote terminal.

LucS
Автор

Excellent video, very easy to follow and I have now restructured my remote connections using cloudflare tunnels and added another layer of security.Thanks!!!
One thing I noticed when testing though was that I needed to set the email rules to 'Require' rather than 'Include' for the restrictions to work as described in the video.

richardlewis
Автор

With the 'bug' you mentioned at the end, you can go to your DNS settings in cloudflare, and delete the subdomain forward manually

LucS
Автор

Excellent - as is your usual standard. Thank you.

KeithWeston
Автор

Great video Lawrence! I self host Guacamole and have a custom domain pointing to it, but I think adding the extra security layer Cloudflare offers is a good idea.

cloudagnostic
Автор

This service is brilliant, I had superficially seen something about it, but I hadn't tested it yet, now with this video, I'm going to try to implement it in some personal project to test it and see if it fits in some current or future project!

tacioandrade
Автор

Also, folks should consider setting memory limits on their Docker containers in case one runs wild and starts using up all the RAM on the docker host. It helps prevent problems down the road.

NonyaDamnbusiness
Автор

Damn… I already thought I must have a look at Cloudflare Zero Trust Platform, but still havent come around doing so. Thanks to this video, I now know I DEFINETILEY need to have a look at as soon as possible…

DJ-Manuel
Автор

thank god for u, everyone missed the tls setting

TheBeardedLibertarian
Автор

Hi Tom. Thanks for this great content! I successfully use CF tunnels to expose home services a good while. Using "Applications Policies" in conjunction with "Access Groups" give me a granular way to lock down certain services to special groups of users or devices (by country, ip-address ranges, e-mail addr). Using special "identity provider"s for certain applications provides more flexibility also. The use tunnels depends a lot of "trusting" CF. Controlling the SSL-endpoints is a real responsibility for CF. Hope that CF never suffers a data breach or use our data for their own purposes. Than the "shit hits the fan"... A good an successful year 2023 for everybody! See you next year (in 1 day) 😀

tomstechnews
Автор

Hey there. Not sure if you’ve figured out the bug already, but in case you haven’t. When you create a new public hostname, it’s actually creating a new CNAME entry in your DNS records. When you delete a tunnel before the hostname, you just need to go delete the DNS entry manually before you can recreate one of the same name. Deleting the public hostname “correctly” simply removes the DNS entry for you. Hope this helps!

namelesuser