Cloudflare Tunnel Setup
Cloudflare Tunnel and Cloudflare Zero Trust go hand in hand. This is the secure tunnel into your network and the mechanism that will allow you secure remote access
Last updated
Was this helpful?
Cloudflare Tunnel and Cloudflare Zero Trust go hand in hand. This is the secure tunnel into your network and the mechanism that will allow you secure remote access
Last updated
Was this helpful?
To run a Cloudflare Tunnel from UnRAID you will need to manually create the docker container.
Name: Cloudflared Tunnel
Repository: cloudflare/cloudflared:latest
Post Arguments: tunnel --no-autoupdate run --token <tunnel-token>
Icon URL: Any Icon URL you like
Your Tunnel Token can be found by creating a Tunnel within Cloudflare Zero Trust > Access > Tunnels. The token is provided in the docker run command
Once the container is running it will grab it's configuration automatically from Cloudflare and also make 4x seperate TCP/443 connections outbound using the QUIC protocol. The Cloudflare Tunnel should now have a status of "HEALTHY"
Cloudflare access is a product within Cloudflare Zero Trust. Access allows us to share HTTP, SSH and RDP session securely via the Cloudflare Tunnel
Head to Cloudflare Zero Trust > Access > Tunnels > "your tunnel" > Configure > Public Hostname and click Add a public hostname
This configuration is letting our Cloudflare Tunnel know how to route to our Authelia instance in our network. Authelia in my network is listening on https://192.168.0.2:9091 and has a self-signed SSL certificate
Subdomain: auth.<domain-name>
Service: HTTP or HTTPS
URL: IP Address & Port Authelia is listening
NoTLSVerify: Enable this if you are using a self-signed SSL certificate as Cloudflare only trust their own root certificates
Once saved Cloudflare will automatically push this configuration to your Cloudflare Tunnel and it will immediately be accessible via the specifed domain name
auth.<domain-name> is accessible via the internet and has a valid SSL certificate
We have now configured remote access to our Authelia application hosted on UnRAID
auth.<domain-name> must be accessible by any device needing to authenticate via OIDC
This is the only site not protected via Zero Trust
We can create Cloudflare Page Rules to restrict IP Addresses, Countries and others from accessing this site
