Cloudflare Zero Trust for self-hosted services
CloudFlare is not only just a great CDN provider. In recent years, it started to provide more and more great features. Many of them are free for personal use. Today, I’d like to share exposing self-hosted services to the internet with CloudFlare Zero Trust (Tunnel).
Configure Tunnel on Zero Trust Dashboard of CloudFlare
- https://one.dash.cloudflare.com/
- On the sidebar, select
Access
>Tunnels
Create a tunnel
and follow the instructions onName your tunnel
step- Choose
Docker
as the connector on theInstall connector
step - Set up
Public Hostnames
, bind your domain name to an internal service. For example,your.domain.name.on.cloudflare
toweb:80
(the service name in defineddocker-compose.yml
) - Save
Create docker-compose.yml (self-hosted GitLab as an example)
On your host machine, creating a docker-compose.yml
file with the following content:
version: '3.6'
services:
web:
image: 'gitlab/gitlab-ee:latest'
restart: always
hostname: 'your.domain.name.on.cloudflare'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://your.domain.name.on.cloudflare'
# Add any other gitlab.rb configuration here, each on its own line
ports:
- 80
- 443
- 22
volumes:
- './data/config:/etc/gitlab'
- './data/logs:/var/log/gitlab'
- './data/data:/var/opt/gitlab'
shm_size: '256m'
cloudflared:
image: cloudflare/cloudflared:latest
command: tunnel --no-autoupdate run --token [generated token] # replace [generated token] with the token generated on the Zero Trust Dashboard
Start the service
docker-compose up # add -d to run in the background