🚀 Cloudflare Tunnel Setup Guide

Securely expose your local services to the internet without port forwarding

📂 Infrastructure ⏱ī¸ 15 minutes 📊 Intermediate 👤 Network Team

Prerequisites

Setup Progress
1

Install cloudflared

Download and install the latest cloudflared package for Linux AMD64 systems. This tool creates secure tunnels between your server and Cloudflare's edge network.

curl -fsSL https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -o cloudflared.deb sudo apt install ./cloudflared.deb -y
ℹī¸
Installation Info
This downloads the .deb package directly from GitHub and installs it using apt. The cloudflared binary will be available system-wide after installation.
2

Authenticate with Cloudflare

Authenticate cloudflared with your Cloudflare account. This command will open a browser window where you'll log in to authorize the tunnel creation.

cloudflared tunnel login
⚠ī¸
Authentication Method
When the browser opens, use "Continue with Google" if that's how you normally access your Cloudflare account. Make sure you're logged into the correct Cloudflare account that manages your domain.
3

Create a New Tunnel

Create a new tunnel with a descriptive name. This establishes a persistent connection identifier that Cloudflare will use to route traffic to your server.

cloudflared tunnel create thelab-tunnel
💡
Tunnel Credentials
This creates a tunnel and generates a unique credentials file stored in ~/.cloudflared/. You can customize the tunnel name to match your project or service.
4

Configure Tunnel Routing

Create the configuration directory and file that defines how incoming traffic should be routed to your local services. This YAML configuration maps your domain to local services.

sudo mkdir -p /etc/cloudflared sudo tee /etc/cloudflared/config.yml >/dev/null <<'YAML' tunnel: thelab-tunnel credentials-file: /root/.cloudflared/thelab-tunnel.json ingress: - hostname: your-subdomain.your-domain.com service: http://localhost:80 - service: http_status:404 YAML
đŸŽ¯
Customize Your Domain
Replace your-subdomain.your-domain.com with your actual domain or subdomain. Ensure this domain is managed by Cloudflare DNS and you have the necessary permissions.
5

Configure DNS Routing

Create a DNS record that points your domain to the tunnel. This command automatically adds the necessary CNAME record to your Cloudflare DNS settings.

cloudflared tunnel route dns thelab-tunnel your-subdomain.your-domain.com
🌐
Automatic DNS Management
This creates a CNAME record in your Cloudflare DNS settings automatically. You can verify this in your Cloudflare dashboard under the DNS section.
6

Install and Start Service

Install cloudflared as a system service so it runs automatically on boot and restarts if it fails. This ensures your tunnel remains available even after server reboots.

sudo cloudflared service install sudo systemctl enable --now cloudflared
🎉
Service Active
Your tunnel is now running as a system service and will automatically start when your system boots. The service is managed by systemd for reliability.
✓

Verify Your Setup

Test your tunnel configuration and troubleshoot any issues. These commands help you monitor the service status and verify connectivity.

# Check service status sudo systemctl status cloudflared # View live logs sudo journalctl -u cloudflared -f # Test the tunnel connection curl -I https://your-subdomain.your-domain.com # Check tunnel list cloudflared tunnel list
🚀
Setup Complete!
Your local service running on port 80 should now be accessible via your Cloudflare domain with automatic HTTPS, DDoS protection, and global CDN benefits.