Deploy Cloudflare Tunnel on Your Own Computer

Preface

Although I had already linked a card to Cloudflare early on, I mainly used R2 more. As for Zero Trust, I knew it existed but never used it.

It wasn't until later that I discovered this thing can do quite a lot of stuff, so I'm going to start playing with it.

EP0: Prerequisites

The entire process is based on you having already created a Cloudflare account and bound your domain's DNS to the Cloudflare account.

First, you need to prepare a bank card. Choose from Visa, MasterCard, AMEX, or Discover. Some people said you could link PayPal before, ~~but at least, when I linked a card to use R2 earlier, there was no PayPal button anymore~~. It's a mystery anyway; I didn't see the PayPal button, so I linked a card.

(I linked a Bank of China MasterCard.)

Tested and confirmed that UnionPay doesn't work, at least UnionPay cards issued in mainland China don't work. Even though UnionPay can go through Discover, it still can't be verified. So just honestly get a MasterCard or AMEX. RMB-denominated cards can be linked; they are not strict in this regard.

If you go the bank card route, remember to keep about $1 in your account. Cloudflare will deduct about$ 1 to verify the account when verifying it.

EP1: Initialize Zero Trust

Click the Zero Trust button in the left navigation bar. The page will jump to the separate Zero Trust console (this console does not have a dark mode).

Then you can see its related prompts. Enter a suitable name here, in English only.

After entering, click "Next," then select the Free plan.

Then click "Continue to payment."

Assuming you had already linked a card to Cloudflare long ago because of using certain services, then at this step you just need to relax and wait for it to adjust the status.

But if you haven't linked a card on Cloudflare, then it will pop up the following screen asking you to link a card.

When the following page is displayed, we have completed the initialization of Zero Trust.

EP2: Install Software

Click "Settings" → "Resources," scroll down to "Download cloudflared," and choose the download according to your system. Here I choose Windows (64-bit).

After downloading, open it and install it.

Of course, you can also use the Docker method to deploy; we'll talk about that later.

If you need to install using Docker, please install Docker on your device in advance. It is not recommended to use Docker for installation on Windows here.

EP3: Create an Application

Click "Network" → "Tunnels," click "Add a tunnel."

Select Cloudflared on the left.

Name the tunnel, something easy to remember. Here I use my device name as the name. After filling it in, click "Save tunnel."

Then comes the crucial step.

Open CMD or PowerShell in administrator mode. If you have already installed gsudo, you can also directly enter sudo to switch to administrator mode. Since my Windows has gsudo, I switched directly.

Go back to the previous page and scroll down to "Install and run the connector."

Here we have already completed steps 1 to 3 in advance. Just copy the command to the just-opened console and press Enter.

Please store your token carefully. This command contains a sensitive token that allows the connector to run. Anyone with access to this token will be able to run the tunnel.

After running, return to the previous page and scroll to the bottom to "Connectors." At this point, you should be able to see our device.

After confirming you can see it, click "Next."

Fill in the above information according to its prompts. After filling it in, click "Save tunnel." Now visit the link you created to check if access is normal.

Afterword

Cloudflare also recommends that you create an application in Access to protect your connection. That's up to the individual (I didn't do it; I don't know how to do this).

The above operations can be similarly applied to servers (obviously).

Preface

Although I had already linked a card to Cloudflare early on, I mainly used R2 more. As for Zero Trust, I knew it existed but never used it.

It wasn't until later that I discovered this thing can do quite a lot of stuff, so I'm going to start playing with it.

EP0: Prerequisites

The entire process is based on you having already created a Cloudflare account and bound your domain's DNS to the Cloudflare account.

(I linked a Bank of China MasterCard.)

If you go the bank card route, remember to keep about $1 in your account. Cloudflare will deduct about$ 1 to verify the account when verifying it.

EP1: Initialize Zero Trust

Click the Zero Trust button in the left navigation bar. The page will jump to the separate Zero Trust console (this console does not have a dark mode).

Then you can see its related prompts. Enter a suitable name here, in English only.

After entering, click "Next," then select the Free plan.

Then click "Continue to payment."

Assuming you had already linked a card to Cloudflare long ago because of using certain services, then at this step you just need to relax and wait for it to adjust the status.

But if you haven't linked a card on Cloudflare, then it will pop up the following screen asking you to link a card.

When the following page is displayed, we have completed the initialization of Zero Trust.

EP2: Install Software

Click "Settings" → "Resources," scroll down to "Download cloudflared," and choose the download according to your system. Here I choose Windows (64-bit).

After downloading, open it and install it.

Of course, you can also use the Docker method to deploy; we'll talk about that later.

If you need to install using Docker, please install Docker on your device in advance. It is not recommended to use Docker for installation on Windows here.

EP3: Create an Application

Click "Network" → "Tunnels," click "Add a tunnel."

Select Cloudflared on the left.

Name the tunnel, something easy to remember. Here I use my device name as the name. After filling it in, click "Save tunnel."

Then comes the crucial step.

Open CMD or PowerShell in administrator mode. If you have already installed gsudo, you can also directly enter sudo to switch to administrator mode. Since my Windows has gsudo, I switched directly.

Go back to the previous page and scroll down to "Install and run the connector."

Here we have already completed steps 1 to 3 in advance. Just copy the command to the just-opened console and press Enter.

Please store your token carefully. This command contains a sensitive token that allows the connector to run. Anyone with access to this token will be able to run the tunnel.

At this step, we have several choices in the "Select your environment" column, one of which is Docker. After switching to Docker, the "Install and run the connector" section below will automatically switch to the Docker solution. Similarly, just copy the command to the just-opened console and press Enter.

After running, return to the previous page and scroll to the bottom to "Connectors." At this point, you should be able to see our device.

After confirming you can see it, click "Next."

Fill in the above information according to its prompts. After filling it in, click "Save tunnel." Now visit the link you created to check if access is normal.

If you encounter prompts such as Error: Bad Configuration: Validation failed: parse "http://127.0.0.1:2333 ": invalid port ":2333 " after host, you can return to the "Tunnels" page, enter the configuration page of the tunnel you just created, and configure independently on the "Public hostnames" page. The configuration method is the same as before. Generally, this can solve the problem.
If it doesn't solve the problem, please confirm that your firewall is not blocking connections related to cloudflared. Generally, Linux systems do not block connections related to cloudflared.
For Windows, remember to allow cloudflared in the firewall. Although cloudflared created relevant inbound rules during installation, they may not be enabled.
Windows users, please go to "Windows Defender Firewall with Advanced Security" and enable the two rules named "cloudflared." Generally, after enabling them, it should work normally.

Afterword

Cloudflare also recommends that you create an application in Access to protect your connection. That's up to the individual (I didn't do it; I don't know how to do this).

The above operations can be similarly applied to servers (obviously).

Deploy Cloudflare Tunnel on Your Own Computer

Preface

EP0: Prerequisites

EP1: Initialize Zero Trust

EP2: Install Software

EP3: Create an Application

Afterword

Related Links

Preface

EP0: Prerequisites

EP1: Initialize Zero Trust

EP2: Install Software

EP3: Create an Application

Afterword

Related Links