Cloudflare tunnel

Securely Exposing yourservice with Cloudflare Tunnel

Cloudflare Tunnel allows you to expose your local yourservice server (running at 192.168.0.170:9000) to the internet securely, without opening any firewall ports.

Step 1: Set Up a Cloudflare Account

Sign up for Cloudflare (if you haven’t already) at Cloudflare.
Add your domain (e.g., yourdomain.com) to Cloudflare.
Ensure your domain uses Cloudflare’s nameservers.
- This is required to use Cloudflare’s security and DNS services.

Step 2: Install Cloudflare Tunnel (cloudflared) on yourservice Server

Download and install Cloudflare Tunnel (cloudflared)
On your yourservice server, run the following:

curl -fsSL https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o cloudflared
chmod +x cloudflared
sudo mv cloudflared /usr/local/bin/

(For Windows, download from here.)

Authenticate Cloudflare Tunnel with Your Account
Run:
Terminal window
```
cloudflared tunnel login
```
- This will open a browser window.
- Select your domain and authorize the tunnel.

Step 3: Create a Cloudflare Tunnel

Create a new tunnel:
Terminal window
```
cloudflared tunnel create yourservice-tunnel
```
- This will generate a tunnel ID and store the credentials.

Set up a configuration file
Create the Cloudflare Tunnel config file:

sudo mkdir -p /etc/cloudflared
sudo nano /etc/cloudflared/config.yml

Add the following:

tunnel: yourservice-tunnel
credentials-file: /root/.cloudflared/yourservice-tunnel.json

ingress:
  - hostname: yourservice.yourdomain.com
    service: http://localhost:9000
  - service: http_status:404

Save and exit (CTRL + X, then Y, then ENTER).

Step 4: Route Tunnel to Your Domain

Route traffic through Cloudflare DNS
Run:
Terminal window
```
cloudflared tunnel route dns yourservice-tunnel yourservice.yourdomain.com
```
- This creates a CNAME record in Cloudflare pointing to the tunnel.
Start the tunnel:
Terminal window
```
sudo cloudflared tunnel run yourservice-tunnel
```
- Now, your yourservice server is accessible at https://yourservice.yourdomain.com.

Step 5: Secure Access with Cloudflare Access (Optional but Recommended)

Go to Cloudflare Dashboard → Zero Trust → Access.
Create an Access Policy for yourservice.yourdomain.com:
- Allow only specific users or IPs (e.g., your Shuffle server IP).
- Use Google/Microsoft authentication for secure login.
Now, only authorized users can access yourservice!

Step 6: Run as a Systemd Service (for Auto-Start)

Create a systemd service to keep the tunnel running automatically:

sudo nano /etc/systemd/system/cloudflared-yourservice.service

Add the following content:

[Unit]
Description=Cloudflare Tunnel for yourservice
After=network.target

[Service]
ExecStart=/usr/local/bin/cloudflared tunnel run yourservice-tunnel
Restart=always
User=root
WorkingDirectory=/root
StandardOutput=journal
StandardError=journal

[Install]
WantedBy=multi-user.target

Then enable and start the service:

sudo systemctl daemon-reload
sudo systemctl enable cloudflared-yourservice
sudo systemctl start cloudflared-yourservice

To check its status:

sudo systemctl status cloudflared-yourservice

Benefits of Using Cloudflare Tunnel

✅ No need to open firewall ports
✅ Hides your real IP
✅ Adds Cloudflare security (DDoS protection, WAF, etc.)
✅ Restricts access via Cloudflare Access (optional)