Tunnel to Home — Cloudflare Tunnels

I recently started to selfhost some of the services like Bitwarden and it was actually pretty great at first. Then I had to access these services outside my home network. This was a problem for me and since my setup had many limitations. Normally we can access our services externally by,

  1. Buying a static IP from ISP and opening up ports.
  2. Setting up a VPS server to proxy traffic via a VPN.
  3. Or using Dynamic DNS (My ISP was using CGNAT 😒)

But none of this was actually possible for me. Then I came across a service called Cloudlfare Tunnels. Cloudflare tunnels can help you access your services like SSH, RDP, … etc. without opening any inbound ports. But this comes with some pros and cons.

Pros ✅

  • Traffic is proxied through Cloudflare.
  • Securing applications using different policies.
  • A second layer of authentication can be added.

Cons 🛑

  • All traffic is going through Cloudflare.
  • Not actually “selfhosted”.
  • All communications depend on Cloudflare network status.

Setting up 🏗️

The only prerequisite is that you should have a Cloudlfare account and a domain name. Once Its ready you can visit the Zero Trust Dashboard.

New tunnels can be created from Access ➡ Tunnels ➡ Create a tunnel . A connector should be installed to the host machine, instructions are provided on the same page. Once its done you will be able to see your machine with its current IP. On the next page you can add applications that you need to access. For example here I am adding an service that is running on 8080,

You can add multiple services that's working and each of these can be accessed via its own public hostname. In addition to this, you can protect these services by creating an Application. This can be done by Access ➡ Application ➡ Add an Application.

This adds an extra layer of security for your services. All authentications are handled by Cloudflare. Free plan comes with around 50 users, which is enough for most of us. You can always add more services to your existing tunnel by clicking configure from the list.


There are plenty of solutions out there to solve this particular issue. I used this solution mainly because of three reasons,

  1. My domain name was already managed by Cloudflare nameservers.
  2. Setup can be managed from the Cloudlfare Teams dashboard.
  3. Services can be protected by adding Cloudflare Access.
  4. Cost effective 😁(While using the free plan.).

There are many more services provided inside the Zero Trust dashboard like Gateway. These can be implemented in many situations for improving security and reliability. You can always opt for the methods I mentioned earlier as an alternative. Let me know your thoughts on this and how you have completed your home lab networking.

Made with 💟




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Blue Topaz 925 Sterling Silver aesthetic jaipur Ring Blue L-1in UK KMOQ

Refactoring an Internet Scanner/Crawler Application : The Journey

CS371p Spring 2021: Sejal Sharma

PaperTrail: The Ruby Gem We Never Knew We Needed

Your first steps with App Engine

Count minimum swap to make string palindrome

Log RingCentral call information into Google Sheets with Forms

An alternative for embedded Instagram feeds in 2020

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


More from Medium

How to install GEOS for PHP 8.1 on an Apple Silicon Mac

Creating two SSH keys on Mac for two different GitHub accounts

git-secret: Store secrets directly in the repository

Can you test Paypal in a production environment?