Create a Tunnel
Time Required
15 Minutes
Difficulty
Low
Create your Tunnel
Log into Cloudflare
On the left, click on 'Zero Trust'
On the left, click on Access > Tunnels
Click on 'Create a tunnel'
Name the tunnel (eg "Home Network") and click on 'save tunnel'
Scroll down on the next page and locate the connector command,
cloudflared.exe service install``
R4nd0mStr1ng0fCh4ract3rs
Take note of the unique key after 'install' (bolded above); save this in your password vault
Click on Next
We're now forced to create a public hostname (reverse proxy). Per the scenario we will create a tunnel for Overseer;
FieldDatasubdomain
overseerr
domain
yourdomain.com
path
type
HTTP
url
ServerHostame:Port
click on 'Additional application settings'
Click on 'Save tunnel'
You will be brought back to the Tunnels homepage, your tunnel will show as 'inactive'
Deploy the Tunnel Container
Create a new compose file in your GitHub repo using the below compose template
version: '3'
services:
app:
image: cloudflare/cloudflared:2025.6.1@sha256:175aee7e8b548f983f7e3b79ace217676d2a79255a73c074dacb491e59603679
restart: unless-stopped
network_mode: host
environment:
- TUNNEL_TOKEN=$CLOUDFLARE_UUID
- TUNNEL_METRICS=0.0.0.0:5566
command: tunnel run
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
healthcheck:
test: ["CMD", "cloudflared", "--version"] # Check if cloudflared version command works
interval: 60s # Time between health check attempts
timeout: 55s # Time to wait for a response
retries: 3 # Number of retries before marking as unhealthy
start_period: 30s # Delay before health checks begin
labels:
- "autoheal=true"
Create a new GitOps stack using the tunnel compose file
Under Environmental variables
add a variable "CLOUDFLARE_UUID", using the key noted in step 6 above
Deploy your stack
Refresh the Cloudflare tunnel page, it will now state 'active'
Repeat steps 2-4 for each additional tunnel you wish to create (for load balancing and redundancy)
Test the Tunnel
Browse to the public hostname we created earlier (step 9; subdomain + domain) and confirm that the Overseerr screen loads
Last updated
Was this helpful?