Access Your Self Hosted Services WITHOUT Port Forwarding
HTML-код
- Опубликовано: 29 сен 2024
- Today's video is sponsored by Linode!
Sign up today and get a $100 60-day credit on your new Linode account, link is in the description.
🔗 dbte.ch/linode
/=========================================/
For more than a year we've been talking about using a reverse proxy to access your self-hosted apps via a domain name.
In this video we're going to take a look at setting up remote access to your self-hosted applications with CloudFlare Tunnels. Using CloudFlare Tunnels allows us to create an encrypted connection between our server(s) and CloudFlare without the need to forward any ports.
Prerequisites
We only need 2 things to get things set up (aside from our Docker server and self-hosted apps):
1. A domain name from your favorite registrar
2. A CloudFlare account
Resource links:
✅ dash.teams.clo...
✅ hub.docker.com...
✅ dbt3ch.com/boo...
Get early, ad-free access to new content by becoming a Patron or signing up for the members' only website!
✅ / dbtech
✅ dbtech.fans/
✨Ways to support DB Tech:
✅ / dbtech
✅ www.paypal.me/...
✅ ko-fi.com/dbtech
✅ Cashapp: cash.app/$dbte...
✅ Venmo: venmo.com/dbte...
/=========================================/
The hardware in my recording studio is:
✔ Lenovo ThinkPad T580 i7-8650, 512GB NVMe, 32GB RAM (Bought used on eBay)
✔ Panasonic LUMIX G7 4K Digital Camera: amzn.to/3IGEOcb
✔ Lenovo 4K Display: amzn.to/3nzuo5N
✔ Neewer Lights: amzn.to/3nZcoSX
✔ Light Power Supply:amzn.to/3Konpqf
✔ 55" Gaming Desk: amzn.to/3AkgHgw
✔ Sabrent USB-C Hub: amzn.to/3qFcwbV
✔ Das Keyboard 4 Professional: amzn.to/3G9rPxM
✔ Eutuxia Type-S Black Tempered Glass Monitor Stand: amzn.to/33VgyEg
✔ Fuqido Big and Tall Gaming Chair: amzn.to/3IGegrq
/=========================================/
✨Find all my social accounts here:
✅ dbte.ch/
✨Ways to support DB Tech:
✅ / dbtech
✅ www.paypal.me/...
✅ ko-fi.com/dbtech
✅ Cashapp: cash.app/$dbte...
✅ Venmo: venmo.com/dbte...
✨Come chat in Discord:
✅ dbte.ch/discord
✨Join this channel to get access to perks:
✅ / @dbtechyt
✨Services (Affiliate Links):
✅ Linode: dbte.ch/linode
✅ PrivadoVPN: dbte.ch/privad...
✅ Digital Ocean: dbte.ch/do
✅ Bunny CDN: dbte.ch/bunnycdn
✅ Private Internet Access (PIA) VPN: dbte.ch/piavpn
✅ Amazon: dbte.ch/amazon...
✨Hardware (Affiliate Links):
✅ TinyPilot KVM: dbte.ch/tpkvm
✅ LattePanda Delta 432: dbte.ch/dfrobot
✅ Lotmaxx SC-10 Shark: dbte.ch/sc10shark
✅ EchoGear 10U Rack: dbte.ch/echoge...
The hardware in my current home servers:
✔ Synology DS1621xs+ (provided by Synology): amzn.to/2ZwTMgl
✔ 6x8TB Seagate Exos Enterprise HDDs (provided by Synology): amzn.to/3auLdcb
✔ 16GB DDR4 ECC RAM (provided by Synology): amzn.to/3do7avd
✔ 2TB NVMe Caching Drive (provided by Sabrent): amzn.to/3dwPCxj
✔ TerraMaster F5-221 (provided by TerraMaster)
✔ 5x6TB WD Red Plus NAS: amzn.to/3LnbPvC
✔ 8GB DDR3: amzn.to/3kfLTX3
✔ TerraMaster F4-423 (provided by TerraMaster): amzn.to/3kjUms5
✔ 16GB TEAMGROUP Elite DDR4: amzn.to/3MzzFV9
✔ 512GB Silicon Power NVMe Caching Drive: amzn.to/3MzkBae
All amzn.to links are affiliate links.
/=========================================/
Remember to leave a like on this video and subscribe if you want to see more!
/=========================================/
Like what I do? Want to be generous and help support my channel? Here are some ways to support:
✅ Patreon: dbte.ch/patreon
✅ PayPal: dbte.ch/paypal
✅ Ko-fi: dbte.ch/kofi
/=========================================/
Here's my Amazon Influencer Shop Link:
✅ dbte.ch/amazon... - Наука
With regards to routing streaming services like Plex, Emby, Jellyfin, etc., here is the portion of CloudFlare's TOS that covers it:
www.cloudflare.com/terms/#:~:text=2.8%20Limitation%20on%20Serving%20Non%2DHTML%20Content
I'm trying to get more information about what service(s) need to be purchased as to not break TOS with CloudFlare.
Someone already knows this? I'm a bit paranoid of getting banned.
Hey again,
Do you have any updates here? Thank you in advance!
@@zlatizlatev8632 unfortunately nothing more than is on their website
@@DBTechYT I guess that means we shouldn't use this for Plex or Emby, right?
@@zlatizlatev8632 Based on their terms, that's correct
A note for those doing this fresh, cloudflare takes up to 24 hours (or more) to verify new domain names, and during this time you will NOT be able to set up a self-hosted application. However you can do the rest of the instructions.
Also if you use portainer the docker run command will show up if you run it in the host machine of portainer, so just do that. Trying to make a docker compose for this that exposed the right network correctly was a nightmare for me :D
I directly run docker run command in my machine. I have portainer setup. Should I go thorough that? Also, cloudflare is taking more than 24 hours. Is it expected?
Great Video! Thank you for sharing!
Thank you too!
I like to know how use a path like db3tech/path, i tried simple put in public hostname setup but gives me 404 error
Can I use cloudflare tunneling with plex media server?
Technically yes, but it goes against CloudFlare's TOS and they could terminate your CloudFlare account
@@DBTechYT ah darn, that's sad, my isp put me behind cg nat so there's no way to access plex remotely.
I've been banging my head to overcome this with wireguard for days, then I reach this video and make it work within 5~10 minutes... Great job and THANK YOU!
Glad I could help!
Great video David, thanks
Quick question: What to do with the services that need certificates to work, example adguardhome, since now that you have removed the cloudflare dns record, they cannot be requested by NPM.
Thank you.
+1, also would like to know how to deal with certificates in this case.
Thank you very much! This is what I was looking for, as I was always a little uncomfortable opening ports in my router. Despite using NPM, Fail2Ban and other helpers. Thank you for your effort!
Glad I could help!
NPM? What exactly does the package manager do to boost security? What other helpers do you use? Other than UFW?
@@trapOrdoom „NPM“: Nginx Proxy Manager.
By using this method opening port 80 is not necessary for making wp site available outside the LAN?
@@latesthollywood3745 was thinking the same question
Hey David! I got this working.. kind of. All my devices keep sending IPv6 addresses, so just putting my IPv4 in like you did at 13:10 doesn't work for me, it returns the access forbidden page. The tunnel works, but I have to keep adding new v6 addresses to the policy every time my PC or phone decides to change or add a new one. Any way to "prefer using IPv4"? My v4 hardly ever changes.
Excellent video. One question though - CloudFlare has a container that let's them know if your home ID has changed, so that they can always point the domain to the correct server IP.
Is it possible to use that mechanism to restrict access to your sites to whatever is the current IP address that your ISP has given you?
There may be an API for that, but I've never looked into it.
I'm not sure about this under their tos.
"you hereby grant us a non-exclusive, fully sublicensable, worldwide, royalty-free right to collect, use, copy, store, transmit, modify and create derivative works of Customer Content, in each case to the extent necessary to provide the Services."
The problem with this, is they can claim all your content necessary to provide service.
I've been using them for more than a decade and have never had an issue with them other than better security
I'm trying to configure cloudflare zero trust with traefik, and I can't manage. Did someone manage? If so, which address is pointing the tunnel to, as no ports are exposed? On the other hand, with nginx I have no problems.
Hey! So define "configure cloudflare zero trust with traefik". Are you trying to access a Traefik instance, or trying to use Traefik through a tunnel? What OS or environment are you using? If you mean you're trying to access your Traefik instance from another device, using a tunnel, you would just need to type in the internal IP address of whatever device is running Traefik like Dave does around the 6:00 mark. If you're trying to use Traefik as a reverse proxy to access other applications from outside your home network you don't need to, Cloudflare handles your proxy and the tunnel is the security from the outside world, see 14:12 for restricting access to only YOUR devices.
Hi sir, I'm building a TrueNAS right now. I'm not really good at this networking thingy. Right now, I do have NGINX Proxy Manager (for nextcloud) set up. So if I decided to use Cloudflare Tunnel, I don't need NPM anymore? I can just connect cloudflare to docker and point it to portainer which contains nextcloud, some web project? Thank you in advance
I'm trying to do this on unraid and everything gets set up but I keep getting a bad gateway error and the log says: "ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: x509" Can't seem to figure this out.
same here. Did you find a solution?
I already had my domain on cloud flare and I’ve been dreading setting up a reverse proxy and integrating to the CF proxy for just a home assistant instance. This was the answer I didn’t know existed!! Thank you!!!!
I'm glad the video was helpful. It took me a bit to wrap my head around so I'm glad I was able to help others :)
It's even easier with Home Assistant. Use the Cloudflare Add-On, add a few lines of code in HAOS, and done.
Thank you for this awesome tutorial! I just have a question - does this eliminate the need for nginx proxy manager totally?
Yes it does
@@DBTechYT awesome! No more npm fiddeling
I have been using this solution for just over a month now, and it works perfectly. However, how do you update the docker containers to the latest cloudflared version?
My containers are all complaingin they are running on an old version. How about a tuiturial on that :) ?
The amount of giddy I got when I accessed my self hosted stuff after disabling port forwarding... hoah yeah. HEH!
THANK YOU!
This exactly the type of solution I have been looking for! Thanks!
how about dynamic ip ? with this method the ip will be autoupdated ?
EDIT:
Worked fine with dynamic ip, i suggest to install the cloudflared docker on vm or lxc that contain Portainer, it will automatically show on portainer dashboard and it's easy to stop & restart it
Glad you got it sorted!
Hey DBTech, really appreciate all you do for our community! Your channel was one of the main reasons that inspired me to become a content provider. Thank you for everything!
Got this working for Unraid web GUI. But how to configure for nextcloud docker as its showing bad gateway?
This is a fantastic and thoughtful guide. I set out to do exactly this on a Raspberry Pi and your instructions worked flawlessly. Thank you for posting this!
Glad it helped!
"Once you've got your domain setup and ready to go"
well I DON'T have it setup and ready to go, and I DON'T KNOW how to set it up.
So the rest of this video is useless :(
Thanks anyway.
When you get your CloudFlare account set up and click "add a domain," CloudFlare gives you instructions on how to configure your domain.
@@DBTechYT I've read some guides online and found out the way to do it.
Only to find more problems in the way. :D
I've setup everything, and when I access the domain I've set, I get a "Bad Gateway" error.
Anyway, this is far too complicated for me. I must do more research I guess.
Thanks again.
Hi, I have followed this method. Hosting OMV on RPi 4. But only http tunnels are working. SMB is not working. SSH is working if it is browser rendered. Not working in SSH client. Please help. I have spent lots of hours but couldn't figure out. Please show how to tunnel SMB.
If I remember correctly, CF tunnel solution explained in this video only works with HTTP traffic, not for other TCP based services (SSH, SMB, etc.)
Cloudflare .... If you do not need video or photo thransfering from/to your site true it its ok but ... but there is limits and pretty Hard to find ind license agreements you must agree with ... so i prefer another more transparent services...
hey thanks for this awsome video
i really like this setup a lot
currently iam trying to setup some authorization method to secure my service/pages from others
for my old setup i used in NPM http-basic (simple and quick)
but this doesn't really work for cloudflare, so my idea was to use something like keycloak as Identity Provider which i can setup in cloudflare and keycloak itself is running as a docker container also
but right now i am kinda stuck, i only get the auth selection screen shown from cloudflare and no keycloak login screen
even tried SAML (guide from cloudflare itself) and OIDC
maybe you or someone else has any idea how to get this setup working that would be awesome
I might have to make a video about adding authentication to apps via CloudFlare... :)
This is great! I can now access all of my HTTP services through Cloudflare tunnel, however, I am having issues with Wireguard. Is it possible to connect to my wireguard server through a Cloudflare tunnel? If so I haven't gotten it to work yet. :/
I'm glad you got most everything working. I haven't tried getting a wireguard server to work with tunnels, but I feel like they would actively work against each other
I'm not sure for your specific case, but I have Unraid's built-in wireguard going and followed David's tutorial here using the main terminal in Unraid, it set up a tunnel in the Docker, and everything works as intended. I have a Wireguard tunnel from my server to my phone, when I'm not on my home network with the VPN off I get the intended "Forbidden" page but as soon as I connect the VPN everything works. Not sure if that's what you meant but yeah.
doesnt this break TOS? Is there a way to use this service without breaking TOS?
Things like this is exactly why I love cloudflare
is it free ? Becose it say it free and it ask for ccv or PayPal ?? Thx.
It is free and I've never had it ask me for billing information
@@DBTechYT in the zero luncher
@@DBTechYT and thx
Great video David, thanks
Quick question: Does anyone have any issue when UFW is enabled ?
(Digitalocean's Docker instance works flawlessly without UFW enabled, but cannot access with UFW enabled)
Thank you.
I have followed this guide to share my Jellyfin server, but the download speed from the tunnel cap at 300KBps, streaming 1080p videos is always buffering every 1 sec
Because CloudFlare doesn't want people using their service for streaming media.
Hi can you make a tutorial how to connect ssh using cloudflare without opening ports?
this is a great idea!
Greetings my fellow Canadian ! It seems that every time I restart my computer, I lose the the data. How could I make it "persistent." If that's the correct term?,
I'm honored to be called Canadian, but I'm from the USA. As far as persistent storage (which is the correct term 😊), there is no persistent storage for Cloudflare Tunnels, but if you use the docker-run command they provide... well... it's not great. Try this docker-compose: dbt3ch.com/books/access-your-self-hosted-services-without-port-forwarding/page/cloudflare-tunnels-docker-compose
Just be sure to replace the YOURTOKENHERE with the token that Cloudflare gives you in the docker run command for the setup process
When I want to install by the command from the Cloudflare, it says "docker: no matching manifest for linux/arm/v8 in the manifest list entries." :(
Because you're trying to install on a Raspberry Pi. It's not compatible with that.
Could this be used to remotely view/access cctv nvr?
Hey, this video is fantastic! Although, I’m just wanting to make sure, with this process, you can for a fact access your media from outside of your home network.
For example, if my home server was located in California, and I went to New York, could I still access my media through the domain?
Another question I have is, can this be used for Jellyfin? If not, what’s the reasoning?
This method will allow you to remotely access your services from wherever you want that has an internet connection. Cloudflare used to have a section of their TOS that explicitly forbade hosting media services. They've removed that section, but I would still be careful.
I just installed a fresh install on my RPI 4 B 2022-04-04-raspios-bullseye-arm64.img.xz . But when I go to install cloudflare/cloudflared:latest I get docker: no matching manifest for linux/arm/v7. Can you help??
cloudflare/cloudflared:latest doesn't work with ARM processors.
You need to go here: hub.docker.com/r/cloudflare/cloudflared/tags
Find a tag that works with your setup. Then change cloudflare/cloudflared:latest to cloudflare/cloudflared:
Nice Cloudfare 💙😎🤘
However can I access not just the domain but my home computer without having to port forward...this seems like it's only for the domain itself and not your device...is it possible without port forwarding and SSHing ???
Here's how I do it: ruclips.net/video/tg1CbMEzCsc/видео.html
Thank you for all of your work…your videos have been such a help in getting my home nas running well. This video is extremely welcomed as I’d like to not forward any ports if possible. Ill definitely be trying this out….Can i use a synology domain name?
You have to use a purchased domain that you've routed through cloudflare
So I learned to use nginx for nothing! Great find. Any benefits to using this method over nginx? Or is it just not needing any ports open?
No port forwarding. App restriction based on IP address, email address, etc. Firewall built in. SO many things you can do with CloudFlare tunnels that you can't easily do with NPM
@@DBTechYT I watched your video on NPM and Authelia but this seems similar and much easier. Great work!
When trying to deploy I get Unable to find image 'cloudflare/cloudflared:latest' locally> Any thoughts or suggestions?
It will always say that the first time you try to deploy a container. It has to download the assets to build the containers locally
Can you make a video to access Windows via RDP using cloudflare tunnel? I have installed it on Windows 10 but not able to RDP.
You really only need to ask this one time. All new comments get posted in chronological order in the creator dashboard.
Great video, thanks! I am using DNS Made Easy as my name server. Do I need to switch to Cloudflare DNS for the tunnels to work or can keep my existing NS?
You'll have to switch your DNS to Cloudflare
You can also delegate a subdomain to cloudflare and keep the main domain at current name server...
do you know how to set it up with support for websocket?
is there any tuts for docker/portainer?
Ive followed this a few times yet always come to the same Error 502 bad gateway. Showing browser and cloudflare working but the host is not. Any thoughts on what the cause might be?
why returns " no matching manifest for linux/arm/v7 in the manifest list entries"
What can I do to solve it. I am trying in a pi.
That error message means that it isn't compatible with Pi
I could not install Zero Trust because I don't have a craditcard (even though the option is free). does anyone have other options?
Then I think you did something wrong. I've been using it for months and have no issues. Same with lots of others, so It hink you missed something.
How can I check the url is running on tunnel?
does it automatically updates the IP address of home server, if internet provider uses dynamic IP address?
Yep. This works on dynamic IP addresses and CGNAT
I'm using a windows 11 box. You are showing container list but you don't show how to get there. I have no idea where to go from here.
Windows 11 has NOTHING to do with your Docker setup unless you're running Docker ON Windows. To show the docker containers on your system, SSH into your docker server and type: docker ps
Would this work with the domain name provided by TPLink Deco?
No. You don't have any control over the actual DNS for that domain name
Thank you for the video. I followed the instructions (have Ubuntu 20.04 with Portainer) but when I try to access the public URL I keep getting "Bad Request - Error code 502). Can you let me know how to debug this? I can access these locally and through NPM but accessing through tunnels is throwing up error.
The page image depicts: You Browser (working) --> Newark Cloudfare (working) --> My domain Host (not working)
Hello DB Tech, I really hope you can help me out, since i'm struggeling for a week now to get it done.
I'm running a proxmox server, where i have home assistant running in a VM (HAOS). In a LXC container i'm running nginx proxy manager, witch i'm trying to setup with a argo tunnel from cloudflare. I tried many ways, tried to setup docker swag, tried to setup a tunnel myself with all the info i could find on the web, but i don't get it to work. Everytime i get dnsprobe errors or to many redirections error. Anyway, i can't seem to make nginx proxy manager host my subdomains thru a argo tunnel. I really hope you can make a video on how to set it up, it would greatly help me out! Thanks in advance!
very cool @DBTechYT !!
Do you (or anyone else) know is this also works with running your app inside Kubernetes? Would you need to expose the cloudflare agent or your app with a ClusterIP or NodePort?
First - Excellent RUclips Channel. Did you really quick your day job to do RUclips? Kudos to your vidio editor too. 🙂 My question is. I currently expose a random port on my firewall and then use Cloudflare Origin rule to rewrite 443 to the random rule that I have open on my firewall - then port Forward from random port to 443 to my Nginx proxy server. And now for the question. With CloudflarD Tunnels, do I still need Nginx? Cuz the last two times I installed this on my Docker it broke my RPI. Thank you and keep up the good work.
Chris
Can you make a video how to use cloudflare zero trust tunnel with nginx and authelia?
They are very different systems. With CloudFlare, you don't use Nginx. CloudFlare Tunnels completely replaces Nginx
Hi sir
I have an hp server installed windows server on it. I’m using some applications that users can connect to those through port forwarding. Im interesting to know whether I can use your method instead of port forwarding for my apps or this way is special for cloud based servers?
You can use it just about anywhere. I use it in multiple devices in the server rack in my garage
So if an app like Output messenger uses server ip can i use this method?@@DBTechYT
david your video is a blast bro thnaks! i have cgnat that's why I have contracted a vps with a wireguard vpn and a nginx to acces my (high videos traffic) wordpress´s and bitwarden and other stuffs... do you think this solution (free or paid) could be for me? or better than solution currently i got? or are there any kind of bandwidth limit or something bad for services of "high traffic"? hope your answer please
QQ. After setting up the docker container and making the connection with cloudflare, how can maintain running? If I ctrl+c out of the 'docker run . . .' in the terminal, the connection servers and am unable to use the tunnel anymore
do i need to do https when the pad lock is working? pros cons? how to do it as https and disable TLS 1.0
you only select the https option if the container has an SSL built into the container and then only if you're pointing your tunnel to that https port in the container. If there's no SSL built into the container, then you do NOT user the https option
Hi There, if is possible use Cloudflared and TVHeadend Streams ?
Check the pinned comment
I successfully set up a tunnel. The only issue I have is that it redirects to my domain with the port number shown. I can't seem to find any information on this. Any ideas?
Great Stuff - I will try it on my Pi first then I want to add it to my contabo vps. For that I wonder if I added FW to block all trafic will it still let the Cloudflare access tunnel through?
wordpress worked like a charm but nextcloud was having issues. so I had to resort back to NGINX
Hi, Me again :)
Do you know if i Cloudflare Tunnel will allow to set up subdomains for different local IPs instead of being one Docker IP.
Example, i would like to have DOMAIN pointed to local_ip_1 but subdomain like plex (dot) domain or cloud (dot) domain to point to local_ip_2
I have one tunnel with agents on mutiple devices and I point to different IPs that way
@@DBTechYT Amazing. Thank you for quick example. RESPECT !
I'm sure I'm missing something obvious, but what do I need to do so that it will auto-start? I think I need to add the restart policy, but I'm not sure where I add it in the copy/paste I get from cloudflare. Any ideas? --restart unless-stopped
thanx for the Video! how can i tunnel "rustdesk" it needs a lot of Ports 21115-21119? any idea?
hey what's up dawg, your public ip is showing on the video.
Not my IP any more. It's been changed a few times since then ;)
Will this work with Kasm?
Great video, can you please show how to setup and use RDP with cloudflare zero trust. Thanks
is there any service can use for VPN ? like accessing HomeLab server using VPN without port forwading ?
that's what this is
@@DBTechYT but we are exposing as a website, i want VPN
I was about to deploy Cldflr tunneling for my services and specially that email authentication will come in handy. Thx.
Ps. Is it just me that seeing monitors so high I hope your neck won't break😉
I've since adjusted my monitor setup and it's much better now :)
@@DBTechYT good 4 you! Keep it simple keep it safe👍
Are you still using Nginx-Proxy-Manager with this solution, or does this solution eliminate the need for that component? My other question is do you have a separate cloudflare tunnel for each server where you have services that are exposed to the internet?
This removes the need for NPM. You'll need to install the tunnel agent on each device you want to access, but you can have multiple devices attached to 1 tunnel if you want.
Great video as usual. I have a similar setup with cloudflare Argo tunnel and using NPM which ibracorp covered on his channel.
@@DBTechYT a question around this in that case... I have setup NPM with Authelia for my services as in one of your previous videos. Are you able to do a video around migrating authelia from NPM to using this cloudflare tunnel instead? I love the idea of this tunnel but I'm worries it will take away too much flexibility.
@@cloud2050 From what I read on Cloudflare's website, "Argo Tunnel" was changed to "Cloudflare Tunnel".
Port forwarding is an inconvenient mess. I still can't believe we are doing port forwarding in 2022.
The only issue i can see using this is if you decide to use it for remote access to a plex/jelly server as from what I read it is against TOS they have
I’m on cgnat, can cloudflare tunnels allow hosting a vpn access? I can’t figure it out.
Got it to work. Wanted to know how I would get this working with Authelia?
I'm not sure that you can without a LOT of extra work
I love this tutorial. Absolutely brilliant!!
I spent the afternoon moving from NGINX to this service and switched off my port forwarding, which should lower and decrease my attack vector.
Thanks again!
I'm really glad it was helpful!
@@DBTechYT How is this different from NGINX with Cloudflare Dyndns with your own domain? (Honest Doubt)
@@Otomai This removes the need for port forwarding. This removes the need for NGINX entirely. By switching to this, my network is more secure AND my internet-facing apps are more secure becasue I don't have to open ports and Cloudflare is actively monitoring the traffic to prevent bots and attacks.
@@DBTechYT Oh, I see, thanks!
Hey buddy, I’m going back to this video to see if there was a hint on how to host all applications using one tunnel. I had to instal 6 different containers to host each one of my dockers without open ports. It’s possible that you can point me on what I have to do to just use one instead of a separate one per application. Thank you.
I've had this come up a few times recently in comments. I'm going to make another video about Tunnels this week.
@@DBTechYT I will really appreciate it. Thank you very much.
I’ve sent this to so many people since starlink became available in our area. Have you ever considered a video targeting CG-Nat especially Starlink and fixed wireless internet?
Most important video you've done in a while. Just wish Cloudflare didn't have a monopoly on literally everything like this.
There are other companies doing similar things, but CloudFlare really is a beast as far as their offerings :)
@DBTech if this feature is enable do you still use authelia?
Possibly, but I'm not sure what that process would look like
Great video David! Can you do a video with Jellyfin on OMV6 in a cloudflare tunnel with all the paths?
Possibly!
@@DBTechYT I can’t wait then. And thank you very much
If I understand correctly, video streaming is not allowed and your account may be banned.
That's interesting. I'm using it for Emby without issue.
Does this method still require SSL certificates being created? Im pretty new to this stuff.
Nope. This method takes care of all that automatically.
@@DBTechYT thank you for the reply!
I’ve been trying to set up next cloud container via this way and it’s been a nightmare lol
Hi do you have to put the couldflare into the directory folder as your docker for your website ?
I really enjoy your videos - always cover the things most relevant to my interests!
Awesome!
So.. with these tunnels, could you tunnel into an Nginx Proxy and maintain all the SSL Certificates?
I am administrating a server at my Brother's house remotely (900 miles away), and he wants NextCloud. His internet is on Starlink, and they don't have any way to port forward. I tried to get SSL's to work over SSH tunnels maintained by the autossh docker image (which is how I remotely access his server), but I couldn't get it to work. If I could get reliable remote access for him, then I could open up a bunch of different services that he could use.
This completely removes the need for Nginx Proxy Manager. It handles its own SSLs
@@DBTechYT Neato! So I'll need a separate tunnel for each app? I only plan on one at his house, just wondering for future possibilities.
I've got 19 apps running on a single tunnel, so I think you'll be okay :)
I'm a bit late to the party, but what options (Cloudflare or not) are available to pass through IMAP and SMTP ports?
Wonderful ... So well explained 😀✌... Thanks a lot 🙏.
Would this work to access VMs? Either over noVNC or the Spice protocol?
As long as you set up the right connection type when configuring your hosts in CF, you should be able to
@@DBTechYT Thank you, I'll defo try it and let you know if it worked
Great video! Can you also do this for a SQL Server?
Even with the help of this video, i still have trouble setting this up.
I can only get the / path to work. Anytime i add a path after the domain it returns a 404.
Also, i don't understand what the application is exactly. Why do we both add a Tunnel AND an application? Should applications just be considered a firewall, and tunnel considered an app?
This video might be more helpful ruclips.net/video/Q5dG8g4-Sx0/видео.html
rispek
quick question! you added the port 6999 for specific service on the same docker instance where cloudflare container is running. what if I want to use another VM with different IP and port (in my case homeassistant ip x.x.x.20:81234)?
You have to install the tunnel agent container on whatever device you want access to.
Thank you for your content. Its really helpful and to the point no filler. I have a question for you. I was able to follow your tutorial on setting up the tunnel but I can make post requests to my url. I have tried to figure it out with no luck. Do you have a video or recommendation to fix this? Thank you.
This is amazing. Will certainly be trying it out. Is there a way the allowed IP can automatically be updated, as I don't have a fixed IP with my ISP. Thanks
I know there's a DDNS container that can be used to update regular A Records, but I'm not sure about updating allowed IPs. The one thing I've done for when I'm away from home is that I've got a PIA VPN account with a dedicated IP. That might be an idea until another method is available. If you want to try that, here's my PIA affiliate link: dbte.ch/piavpn
For the sake of argument I’ll assume the port forwarding was for a reverse proxy. Assuming that, would this tunneling scenario take the place of a reverse proxy?
Your assumptions are correct