Tunnel
Last updated
Last updated
I personally find the Cloudflare documentation to be written very generically, which is great when you know what you're doing but not when you're setting something up for the first time.
Our goal here is to make our instance of Overseerr publicly available, so our friends and family with pre-existing access to our Plex server can request content without bothering us to do it for them.
In addition to that, we also want to make Sonarr and Radarr instances accessible externally but behind Cloudflares authentication. This means that only authorized users can access these services.
Using a Cloudflare tunnel for this does not expose your external IP address and any malicious attacks against your network will hit Cloudflare, not you. This is because the traffic is proxied through Cloudflare's CDN, which hosts the majority of the internet. Another advantage of this set up is it allows you to cache your services, which is very useful for static websites.
Do NOT route your Plex traffic through Cloudflare, this will result in your account being banned
Some apps, such as game servers, require a direct connection to your server. Please refer to the Dynamic DNS guide for setting these up
1 machine to install the Tunnel on with
Docker installed
Portainer (or Portainer Edge Agent) installed
A private GitHub repo to store Docker Compose files ('GitOps')
A Domain that's managed by Cloudflare
An internal service you want to be publicly accessible by anyone (Overseer per above)
Knowledge of the server hostname or IP
Knowledge of the port the service runs on
An internal service you want to be publicly exposed but with Authentication (Sonarr / Radarr per above)
Knowledge of the server hostname or IP
Knowledge of the port the service runs on
A second machine (if virtual, preferably on a different host) to install the Tunnel on for failover and load balancing
Time Required
40 Minutes
Difficulty
Low