Imagine working on a web service on your local computer, and you want somebody outside your network to access it on their PC. You have several options you can use to achieve that.
You could decide to purchase a hosting service, such as a server and configure all DNS settings to make the service available on the public internet.
If you decide to use containerization like Docker, Kubernetes, etc., you will need to set up even more configurations. That includes configuring ACLs, GRE tunnels, and rotating IP addresses.
But why all that hustle when you can easily expose your locally hosted web service using Cloudflare Tunnel?
Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address. With Tunnel, you do not send traffic to an external IP — instead, a lightweight daemon in your infrastructure (cloudflared) creates outbound-only connections to Cloudflare’s edge, allowing you to expose your localhost to the internet.
This tutorial will cover how to use Cloudflare Tunnel to create and manage tunnels to expose web services from a computer to the internet.
Let’s dive in and see how to create a tunnel with Cloudflare.
Table of Contents
- Step 1: Create a Cloudflare Account and Add a Domain
- Step 2: Download and Install Cloudflared
- Step 3: Connect Your Cloudflare Account
- Step 4. Create Your First Tunnel
- Step 5. Create a Configuration File
- Step 6. Setup Ingress Rules.
- Step 7. Setup Cloudflared systemd Service
- Step 8. Start Cloudflare Tunnel
- Step 9. Managing Tunnels
- Frequent Issues
Step 1: Create a Cloudflare Account and Add a Domain
Creating an account on Cloudflare is not a complicated process. Navigate to the official Cloudflare Dashboard and sign up with your email account. When done, make sure you check the verification email that Cloudflare will send to your inbox.
In the Cloudflare dashboard, you will see a section similar to the image below requesting you to add a new site. That shouldn’t sound complex; they simply want you to add a domain name to your site. Click the “Add Site” button.
A new screen will appear, and you will see a textbox to type in the new domain name. Enter your domain name and click “Add Site.”
Note: You need to enter a registered domain name, and you shouldn’t use a subdomain. For example, if we have the registered domain as “bytexd.com,” we cannot use a subdomain like “test.subdomain.com.”
You will see an option to select a pricing plan that you want to use. There are four plans to choose from – Pro, Business, Enterprise, and Free. We will stick to the free plan. Scroll to the bottom of the window, select the Free Plan, and click Continue.
You will be prompted to review your DNS records on the next screen. Luckily, Cloudflare will generate a report on what steps to take.
For example, if you had already set up a site for your domain and even added the nameservers to your domain registrar, you will need to change these nameservers and add the ones provided by Cloudflare.
After successfully setting up your domain, we can now proceed to step two, where we will download cloudflared – a command-line client for Cloudflare.
Step 2: Download and Install Cloudflared
Cloudflared is available for various platforms, including Linux, Windows, and macOS. For this post, we assume that you are running a Linux distribution. There are different Cloudflared packages depending on your Linux distro.
wget -q https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb sudo dpkg -i cloudflared-linux-amd64.deb
wget -q https://github.com/cloudflare/cloudflared/releases/download/2022.2.2/cloudflared-linux-386.rpm sudo dpkg -i cloudflared-linux-amd64.deb
Alternatively, you can manually download the cloudflared installation file for your distribution on the official Cloudflared GitHub page. After a successful installation, you can confirm the Cloudflared version running on your system by executing the command below.
Step 3: Connect Your Cloudflare Account
Up to this point, we have our domain fully set up on the Cloudflare account and the cloudflared command-line tool running on our system. Now, we need to synchronize these two services. Execute the command below on your Terminal.
cloudflared tunnel login
Your browser will open, and you will need to select a domain that you wish to authorize and use to create a tunnel. If the browser doesn’t open, copy the link generated on the Terminal and use it to access the Cloudflare dashboard.
You will see a prompt to select a domain to authorize a Cloudflare tunnel. Even though you don’t need to choose the right domain here. However, I highly recommend authorizing a domain you want to tunnel on. For example, you can select a domain like example.com, and later on, you can create a tunnel on a subdomain like test.example.com.
If the tunnel was successful, you should see a pop-up similar to the image below.
You should also see a similar message on your Terminal.
Step 4. Create Your First Tunnel
After a successful login, you are now ready to create your tunnels. Execute the command below to create your first tunnel.
Note: You can name this tunnel as you wish. In our case, we decided to call it TunnelOne.
cloudflared tunnel create TunnelOne
After executing the command above, you will get two vital pieces of information that we will need later.
- The path to the
.jsonfile that holds our tunnel credentials.
- The tunnel ID.
Step 5. Create a Configuration File
Up to this point; you can actually go ahead and run your tunnel. However, we wouldn’t recommend that yet! To make things easier, we suggest creating the configuration file and setting up a systemd service to control your tunnels. With that in mind, let’s get started.
First, create a directory called cloudflared inside the
/etc. directory by executing the command below.
sudo mkdir /etc/cloudflared
Navigate inside the cloudflared directory and create a configuration file called
cd /etc/cloudflared sudo touch config.yml
Now, we need to set tunnel ID and the path to the credentials file inside our configuration file. To do so, open the configuration file using the command below.
sudo nano /etc/cloudflared/config.yml
Add the details as shown below:
tunnel: 35b39cd0-f65d-4002-83f5-50d182b1ca0e credentials-file: /home/ubuntu-user/.cloudflared/35b39cd0-f65d-4002-83f5-50d182b1ca0e.json
Note: Beware of formatting! Ensure the details are formatted as shown in the image above. Additionally, if you are unsure of the details, you can just navigate to the
.cloudflared/ in your
home directory (
cd .cloudflared/) directory and see the contents of the
.json file. When done, save the file (Ctrl + S) and exit (Ctrl +X).
Step 6. Setup Ingress Rules.
To better understand ingress rules, we first need to start a web service that we want to tunnel to the public internet. If you don’t have one yet, there are several ways you can start a web service.
Start a Python Server
You can create a simple file server with Python by executing the command below on your Terminal.
python3 -m http.server 5555
Feel free to change the port number to any port number you wish.
To run the simple Python server in the background you can run:
python3 -m http.server 5555 &> /dev/null &
Install Apache Web Server
Another alternative is to install a full-featured web server like Apache. By default, Apache will run on port 80.
Execute the command below to install Apache for Debian-based systems.
sudo apt install apache2
Next start Apache:
sudo service apache2 start
Start an Application (Simple Website/WordPress/ReactJS/NodeJS/etc)
We will use Apache and Python3 file-server to test the Cloudflare tunnel for this post.
Now that we have the web service we want to tunnel up and running, we can dive into setting up ingress rules.
Ingress rules enable Cloudflared to direct a request to a particular service running on your localhost. For example, we have two web services running on our system:
- The Python file server (Running on port
- The Apache Web server (Running on port
We will tunnel these two services separately, each on its unique sub-domain with the help of ingress rules. Inside the
/etc/cloudflared/config.yml file, add the lines below.
You will also notice that we added one line at the bottom (
service: http_status:404). That instructs Cloudflare to serve a blank page if the requested request is not available.
ingress: - hostname: testOne.bytexd.com service: http://localhost:80 - hostname: testtwo.bytexd.com service: http://localhost:5555 - service: http_status:404
Remember to edit the hostname and service accordingly. When done, your
/etc/cloudflared/config.yml file should look similar to the image below. Save (Ctrl + S) the file and exit (Ctrl + X).
Step 7. Setup Cloudflared systemd Service
The last step we need to carry out before we can now run our tunnel is setting the cloudlfared
systemd service. That will enable us to control the cloudflared service with much ease. You can
disable cloudflared. Execute the command below to install the cloudflared service.
sudo cloudflared service install
After a successful install, you can now control the cloudflared service using the commands below.
sudo systemctl enable cloudflared sudo systemctl disable cloudflared sudo systemctl start cloudflared sudo systemctl stop cloudflared
You can check the logs by running the command below.
sudo journalctl -u cloudflared
You can enable and start cloudflared:
sudo systemctl enable cloudflared sudo systemctl start cloudflared
If everything was correctly set up, your tunnel should now be connected. You can confirm that by executing the command below.
cloudflared tunnel info mytunnel
Step 8. Start Cloudflare Tunnel
Up to this point, you have everything set up successfully, and you can now start the routing process. The process is much easier than you might imagine. Execute the command below, replacing testOne.bytexd.com with your sub-domain.
Create a Tunnel for the Apache Web Server
cloudflared tunnel route dns TunnelOne testOne.bytexd.com
Create a Tunnel for the Python File Server
cloudflared tunnel route dns TunnelOne testtwo.bytexd.com
When you head over to the Cloudflare dashboard, you will notice that cloudflared automatically added CNAME records for these two sub-domains. See the image below.
Wait for a few seconds for the DNS to update then open the subdomains on your browser.
Tip: If the DNS records are taking long to update and you cannot access the subdomains on your normal web browser, try using the Tor Browser.
Step 9. Managing Tunnels
To list all the tunnels create on your system, execute the command below:
cloudflared tunnel list
To delete a tunnel, execute the commands below:
cloudflared tunnel cleanup [ tunnel_ID or tunnel_Name ] cloudflared tunnel delete [ tunnel_ID or tunnel_Name ]
Note: After deleting a particular tunnel, remember to delete any CNAME records associated with it in the Cloudflare dashboard.
System has not been booted with systemd as init system (PID 1). Can’t operate.
This error is common when using WSL on Windows.
If you get this error when starting cloudflared then use:
sudo service cloudflared start
This post has given you a step-by-step guide on exposing a web service from your localhost to the internet with Cloudflare tunnel. At this point, you can now explore more by creating more tunnels, tweaking the ingress rules, and much more. Feel free to go through the official Cloudflare documentation.
If you encounter any error carrying out any of the steps described above, please feel free to hit the comments section.