What are Cloudflared Tunnels

Learn how to use Cloudflare tunnels to protect your own web based services and server from direct web attacks using Cloudflare's extensive network and protection mechanisms

ยท 3 min read ยท
Cloudflare Argo Tunnel
Photo by Tom Dahm / Unsplash

Before you begin

This article is the first of the Cloudflare series where I will be showing how to setup Cloudflare tunnels to protect any of your web based services. In the case of this series we're going to be protecting a server running this blog on Ghost. If you're yet to setup a containerised Ghost blog using Docker and Docker-compose check out how to!

Overview

Cloudflare relatively recently released free Tunnels as part of their broader strategy to make Zero Trust more of a reality for everyone with the use of their Cloudflare Access Product. They dubbed this "A Boring Announcement" but I think it's anything but, considering the benefits for those of us running smaller services like this blog.

Matthew Prince - CEO of Cloudflare

Given Cloudflare now runs almost 20% of the web as of November this year (2021) I thought it would be a great time to explore leveraging the new service to further protect VPS's running on the web such as this blog.

Diagram showing that nearly 20% of all the web runs on Cloudflare
Almost 20% of the web use Cloudflare as of 20 November 2021

Cloudflare Access with Tunnels

Essentially what Cloudflare Tunnels does is allow us to have an outbound only connection to Cloudflare's edge through a lightweight connector that you deploy on your Server. What this gives us is an encrypted tunnel between our origin (server) and Cloudflare's edge network without us opening up any ports or exposing our web server ip address to the web. Pretty neat huh - this means we shouldn't have to deal with any direct or persistent attacks from the net, leaving us more time to focus on content creation.

What this means is that we can:

  1. Connect a Ghost blog running in the server to Cloudflare's edge network securely.

The architecture for this one is relatively simple when compared to the docker series. All of the users accessing our blog running on our server will be routed through Cloudflare's extensive network and protection mechanisms. This means we can easily leverage Cloudflare's Access to protect our deployed applications.

Argo Tunnels that live forever
An example of a user accessing a origin to retrieve a website

The main advantage to this approach is that we don't have to bother with creating firewall rules or validating traffic from a Coudflare origin, rather we can rely on a company worth just under $68 Billion to do most of the heavy lifting for us to protect our origin (Our server) ๐Ÿ’ช.

Highly available and highly scalable Cloudflare tunnels
Example of how a HTTP request is routed through Cloudflare's Network through to the Cloudflare tunnel connector to the service running on your server

Related Articles

Self Host Gitlab on Docker with Cloudflare Zero Trust
ยท 9 min read ยท