Cloudflare Zero Trust Tunnel
As more businesses shift to remote work and cloud-based infrastructure, securing network connections and protecting sensitive data has become more important than ever. Cloudflare, has a tool called Cloudflare Zero Tunnel that provides a secure connection between your local machine and Cloudflare’s edge network.
In this blog post, we’ll explore what Cloudflare Zero Tunnel is, its advantages, and how you can use it with Docker to expose services securely.
What is Cloudflare Zero Tunnel?
Cloudflare Zero Tunnel is a tool that creates a secure tunnel between your local machine and Cloudflare’s edge network, allowing you to securely access private resources on your network from anywhere. It uses Cloudflare’s global network of data centers to provide a secure and fast connection that bypasses the public internet.
Zero Tunnel uses the QUIC protocol, which is designed to be faster and more secure than traditional TCP connections. It also encrypts all data using TLS 1.3, providing end-to-end encryption between your local machine and the server you’re connecting to.
Advantages of Cloudflare Zero Tunnel
-
Improved Security: Zero Tunnel provides end-to-end encryption between your local machine and the server you’re connecting to, which ensures that your data is protected from interception and eavesdropping.
-
Increased Privacy: Zero Tunnel allows you to access private resources on your network without exposing them to the public internet, which reduces the risk of unauthorized access or attacks.
-
Global Accessibility: Zero Tunnel uses Cloudflare’s global network of data centers to provide a fast and secure connection from anywhere in the world, which makes it ideal for remote workers or teams working across different locations.
-
Fast and Reliable: Zero Tunnel uses the QUIC protocol, which is designed to be faster and more reliable than traditional TCP connections, providing a smooth and consistent user experience.
Deploying Cloudflare Zero Tunnel with Docker to Expose Services
Docker is a popular platform for developing, deploying, and running applications in containers. It provides a way to package an application and its dependencies in a single container, making it easy to deploy and manage.
With Cloudflare Zero Tunnel, you can use Docker to expose services securely over the internet. Here’s how:
-
Create a Docker container for your service: Use Docker to create a container for your service, which will run on your local machine.
-
Install the Cloudflare Zero Tunnel client: Install the Zero Tunnel client on your local machine and configure it to connect to your Cloudflare account.
- You can get the details on https://dash.cloudflare.com/ - Select the domain that is managed by cloudflare where you want to set the tunnel. Visit Traffic and Cloudflare Tunnel.
- You will be prompted with https://one.dash.cloudflare.com/ - Select Acces and Tunnels to create a tunnel with Docker and get the token.
-
Create one network where we will link services to connect to the cloudflare tunnel:
sudo docker network tunnel
- Run the cloudflare docker container with your token with CLI:
docker run --name cloudflared --network tunnel --detach cloudflare/cloudflared:latest tunnel --no-autoupdate run --token yourfantastictoken
- Or, if you prefer docker compose:
version: '3.8'
services:
cloudflared:
image: cloudflare/cloudflared:latest
container_name: cloudflared
command: tunnel --no-autoupdate run --token yourfantastictoken
networks:
- tunnel
networks:
tunnel:
In this case, dont forget to use docker-compose up -d to run it.
- Add the services that you want to expose to the tunnel network where cloudflared docker container is operative:
docker network connect tunnel nginx #network - service
or if you want another docker container to be connected to the tunnel network from the very beginning:
docker run --name Your_Container_Name --network tunnel -p 8050:8050 --detach Container_Image
or with:
version: '3.8'
services:
Your_Stack_Name:
image: Your_Container_Name
container_name: Container_Image
ports:
- "8050:8050"
networks:
- tunnel
networks:
tunnel:
external: true
-
Configure your Docker container with the service that you want to expose: Configure your Docker container to listen for incoming connections on a specific port, and set up port forwarding to forward incoming connections to that port.
-
Start the Zero Tunnel client: Start the Zero Tunnel client on your local machine and configure it to forward incoming connections to your Docker container.
Going back to the one dash cloudflare UI:
-
Add a Public Hostname in the Cloudflare web UI
- Select the desired subdomain, domain and path (where applicable)
- Then, add proxy host for example: yatch:8008 - The formar is always service_name:docker_port
-
Access your service securely: Your service is now accessible securely over the internet using Cloudflare Zero Tunnel. You can access it from anywhere in the world by connecting to the Cloudflare edge network.
FAQ
How to check my device local ip?
ifconfig
How to check the exposed ip?
Thanks to the used of cloudflare tunnels, you will be able now to expose self-hosted services without the need of:
- Exposing your Public ip addres
- Opening ports in your router’s firewall
curl your_selected_domain.com && echo