Create a Tunnel

Time Required

15 Minutes

Difficulty

Low

Create your Tunnel

  1. Log into Cloudflare

  2. On the left, click on 'Zero Trust'

  3. On the left, click on Access > Tunnels

  4. Click on 'Create a tunnel'

  5. Name the tunnel (eg "Home Network") and click on 'save tunnel'

  6. Scroll down on the next page and locate the connector command, cloudflared.exe service install`` R4nd0mStr1ng0fCh4ract3rs

  7. Take note of the unique key after 'install' (bolded above); save this in your password vault

  8. Click on Next

  9. We're now forced to create a public hostname (reverse proxy). Per the scenario we will create a tunnel for Overseer;

    Field
    Data

    subdomain

    overseerr

    domain

    yourdomain.com

    path

    type

    HTTP

    url

    ServerHostame:Port

  10. click on 'Additional application settings'

  11. Click on 'Save tunnel'

  12. You will be brought back to the Tunnels homepage, your tunnel will show as 'inactive'

Deploy the Tunnel Container

  1. Create a new compose file in your GitHub repo using the below compose template

https://github.com/trentnbauer/agg/blob/main/docker-compose/cloudflared.yml
version: '3'

services:

  app:

    image: cloudflare/cloudflared:2025.6.1@sha256:175aee7e8b548f983f7e3b79ace217676d2a79255a73c074dacb491e59603679

    restart: unless-stopped

    network_mode: host

    environment:

      - TUNNEL_TOKEN=$CLOUDFLARE_UUID

      - TUNNEL_METRICS=0.0.0.0:5566

    command: tunnel run

    logging:

      driver: "json-file"

      options:

        max-size: "10m"

        max-file: "3"

    healthcheck:

      test: ["CMD", "cloudflared", "--version"]       # Check if cloudflared version command works

      interval: 60s                                   # Time between health check attempts

      timeout: 55s                                    # Time to wait for a response

      retries: 3                                      # Number of retries before marking as unhealthy

      start_period: 30s                               # Delay before health checks begin

    labels:

      - "autoheal=true"

  1. Create a new GitOps stack using the tunnel compose file

  2. Under Environmental variables

    1. add a variable "CLOUDFLARE_UUID", using the key noted in step 6 above

  3. Deploy your stack

  4. Refresh the Cloudflare tunnel page, it will now state 'active'

Repeat steps 2-4 for each additional tunnel you wish to create (for load balancing and redundancy)

Test the Tunnel

Browse to the public hostname we created earlier (step 9; subdomain + domain) and confirm that the Overseerr screen loads

Last updated

Was this helpful?