Cloudflare Zero Trust Tunnel

As more businesses shift to remote work and cloud-based infrastructure, securing network connections and protecting sensitive data has become more important than ever. Cloudflare, has a tool called Cloudflare Zero Tunnel that provides a secure connection between your local machine and Cloudflare’s edge network.

In this blog post, we’ll explore what Cloudflare Zero Tunnel is, its advantages, and how you can use it with Docker to expose services securely.

What is Cloudflare Zero Tunnel?

Cloudflare Zero Tunnel is a tool that creates a secure tunnel between your local machine and Cloudflare’s edge network, allowing you to securely access private resources on your network from anywhere. It uses Cloudflare’s global network of data centers to provide a secure and fast connection that bypasses the public internet.

Zero Tunnel uses the QUIC protocol, which is designed to be faster and more secure than traditional TCP connections. It also encrypts all data using TLS 1.3, providing end-to-end encryption between your local machine and the server you’re connecting to.

Advantages of Cloudflare Zero Tunnel

Improved Security: Zero Tunnel provides end-to-end encryption between your local machine and the server you’re connecting to, which ensures that your data is protected from interception and eavesdropping.
Increased Privacy: Zero Tunnel allows you to access private resources on your network without exposing them to the public internet, which reduces the risk of unauthorized access or attacks.
Global Accessibility: Zero Tunnel uses Cloudflare’s global network of data centers to provide a fast and secure connection from anywhere in the world, which makes it ideal for remote workers or teams working across different locations.
Fast and Reliable: Zero Tunnel uses the QUIC protocol, which is designed to be faster and more reliable than traditional TCP connections, providing a smooth and consistent user experience.

Deploying Cloudflare Zero Tunnel with Docker to Expose Services

Docker is a popular platform for developing, deploying, and running applications in containers. It provides a way to package an application and its dependencies in a single container, making it easy to deploy and manage.

With Cloudflare Zero Tunnel, you can use Docker to expose services securely over the internet. Here’s how:

Create a Docker container for your service: Use Docker to create a container for your service, which will run on your local machine.
Install the Cloudflare Zero Tunnel client: Install the Zero Tunnel client on your local machine and configure it to connect to your Cloudflare account.
- You can get the details on https://dash.cloudflare.com/ - Select the domain that is managed by cloudflare where you want to set the tunnel. Visit Traffic and Cloudflare Tunnel.
- You will be prompted with https://one.dash.cloudflare.com/ - Select Acces and Tunnels to create a tunnel with Docker and get the token.
Create one network where we will link services to connect to the cloudflare tunnel:

sudo docker network tunnel

Run the cloudflare docker container with your token with CLI:

docker run --name cloudflared --network tunnel --detach cloudflare/cloudflared:latest tunnel --no-autoupdate run --token yourfantastictoken

Or, if you prefer docker compose:

version: '3.8'

services:
  cloudflared:
    image: cloudflare/cloudflared:latest
    container_name: cloudflared
    command: tunnel --no-autoupdate run --token yourfantastictoken
    networks:
      - tunnel

networks:
  tunnel:

In this case, dont forget to use docker-compose up -d to run it.

Add the services that you want to expose to the tunnel network where cloudflared docker container is operative:

docker network connect tunnel nginx  #network - service

or if you want another docker container to be connected to the tunnel network from the very beginning:

docker run --name Your_Container_Name --network tunnel -p 8050:8050 --detach Container_Image

or with:

version: '3.8'

services:
  Your_Stack_Name:
    image: Your_Container_Name
    container_name: Container_Image
    ports:
      - "8050:8050"
    networks:
      - tunnel

networks:
  tunnel:
    external: true

Configure your Docker container with the service that you want to expose: Configure your Docker container to listen for incoming connections on a specific port, and set up port forwarding to forward incoming connections to that port.
Start the Zero Tunnel client: Start the Zero Tunnel client on your local machine and configure it to forward incoming connections to your Docker container.

Going back to the one dash cloudflare UI:

Add a Public Hostname in the Cloudflare web UI
- Select the desired subdomain, domain and path (where applicable)
- Then, add proxy host for example: yatch:8008 - The formar is always service_name:docker_port
Access your service securely: Your service is now accessible securely over the internet using Cloudflare Zero Tunnel. You can access it from anywhere in the world by connecting to the Cloudflare edge network.

FAQ

How to check my device local ip?

ifconfig

How to check the exposed ip?

Thanks to the used of cloudflare tunnels, you will be able now to expose self-hosted services without the need of:

Exposing your Public ip addres
Opening ports in your router’s firewall

curl your_selected_domain.com && echo

Cloudflare Zero Trust Tunnel#

What is Cloudflare Zero Tunnel?#

Advantages of Cloudflare Zero Tunnel#

Deploying Cloudflare Zero Tunnel with Docker to Expose Services#

FAQ#

How to check my device local ip?#

How to check the exposed ip?#