-
Go to: https://dash.cloudflare.com
-
Navigate to Zero Trust > Networks > Tunnels
-
Click Create Tunnel
-
Select Cloudflared tunnel type
-
Enter a tunnel name
-
Install cloudflared
brew install cloudflared sudo cloudflared service install <KEY FROM DASHBOARD> -
Under Route tunnel
Enter the domain you want to expose:
http://YOUR_TUNNEL.DOMAIN.comyour domain must be managed by Cloudflare
Add your local service:
http://localhost:PORT
Note: We’ll add Access protection later. This tunnel is currently public for testing.
Login to cloudflared tunnel locall
cloudflared tunnel login
Create Tunnel Token
cloudflared tunnel token create TUNNEL_NAME
Start Your Local Server
Ensure your web server is running at http://localhost:PORT.
Start the Tunnel
cloudflared tunnel --cred-file ~/.cloudflared/TUNNEL_NAME.json run TUNNEL_NAME
Open http://YOUR_TUNNEL.DOMAIN.com in your browser.
- Go to: Zero Trust > Access > Service Auth
- Click Create new service token
- Save the
CF-Access-Client-IdandCF-Access-Client-Secret
- Go to: Zero Trust > Access > Policies
- Click Add policy
- Action: Service Auth
- Rules:
- Include: Any Access Service Token
- Require: Service Token (select the one you just created)
- Save
- Go to: Zero Trust > Access > Applications
- Click Add application > Self-hosted
- Public domain name:
http://YOUR_TUNNEL.DOMAIN.com - Select your existing policy
- Use default settings and save
- Go to: Zero Trust > Networks > Tunnels
- Click the menu on your tunnel > Configure
- Go to the Public Hostname tab
- Edit the hostname
- Under Additional application settings > Access
- Turn on Protect with Access
- Select your newly created app
- Save
Try without token:
curl http://YOUR_TUNNEL.DOMAIN.com
You should get an error.
Try with token:
curl -v https://YOUR_TUNNEL.DOMAIN.com/ \
-H "CF-Access-Client-Id: CLIENT_ID" \
-H "CF-Access-Client-Secret: CLIENT_SECRET"
You should get a response from your local server. 🎉🎉