Skip to content

Cloudflare

  • You can use the free plan even for business use (reference)
  • IPs that Cloudflare uses (reference)
  • Don’t use most of Cloudflare’s tooling on-stream: it’s easy to leak tokens and IP and email addresses.
  • What: can be used to expose a service to the internet via a domain name without the public being able to know your IP address. Great for hosting something from your home network.
  • Requirements: your domain must be managed by Cloudflare.
    • This is free and took me maybe about an hour to switch over.
  • How: it’s dead simple to use. Just click the “View in Dashboard” button here and follow the instructions. Whichever computer will host a service should have its own version of cloudflared.
    • If you set up many computers on the same protocol/port (e.g. localhost:3000), then they’ll just get round-robin’d through DNS. What’s actually happening is that Cloudflare adds a CNAME record with your tunnel ID in it, and the tunnel knows which connectors you added.

Gotchas:

  • The tunnel only has a health check for your machine, not your service. This means that if you run the sudo cloudflared tunnel install command and do nothing else, Cloudflare will still route traffic to your machine only for it to 404. You would need to start your web server in that example.
  • The sudo cloudflared tunnel install command contains a secret token, so you should delete the command from your history after running it.
  • You should obviously be incredibly careful exposing anything to the internet. It’s probably a good idea to delete the tunnel entirely if you’re done testing something.
  • You cannot tunnel UDP connections (reference).
  • See basic information about a tunnel and its connectors:
    • cloudflared tunnel listcloudflared tunnel info NAME_OR_UUID_FROM_THE_LIST_COMMAND
  • Delete a connector
    • First, you have to stop cloudflared. By default, the installation commands do sudo cloudflared service install, so you need to run sudo cloudflared service uninstall. This means that the tunnel will no longer start at login.
    • Then run cloudflared tunnel delete TUNNEL_NAME_FROM_THE_LIST_COMMAND
    • Note that this does not delete your DNS entry that you may have added when creating the tunnel.

Certificate issues with cloudflared

Section titled Certificate issues with cloudflared

If you get an issue about a missing certificate when using cloudflared, just do cloudflared login and choose the domain that you want to manage. It’ll install a certificate for you.