What are Cloudflared Tunnels

Learn how to use Cloudflare tunnels to protect your own web-based services and server from direct web attacks using Cloudflare's extensive network and protection mechanisms

Β· 3 min read Β·
Tunnel
Cloudflare Tunnels Originally called Argo Tunnels

Overview

Cloudflare relatively recently released free Tunnels as part of their broader strategy to make Zero Trust more of a reality for everyone with the use of their Cloudflare Access Product. They dubbed this "A Boring Announcement" but I think it's anything but, considering the benefits for those of us running smaller services like this blog.

Before you begin

This article is the first of the Cloudflare series where I will be showing how to set up Cloudflare tunnels to protect any of your web-based services. In the case of this series, we're going to be protecting a server running this blog on Ghost. If you're yet to set up a containerised Ghost blog using Docker and Docker-compose check out how to!

Matthew Prince - CEO of Cloudflare

Given Cloudflare now runs almost 20% of the web as of November this year (2021) I thought it would be a great time to explore leveraging the new service to further protect VPSs running on the web such as this blog.

Diagram showing that nearly 20% of all the web runs on Cloudflare
Almost 20% of the web use Cloudflare as of 20 November 2021

What is Cloudflare Access with Tunnels?

Essentially what Cloudflare Tunnels does is allow us to have an outbound-only connection to Cloudflare's edge through a lightweight connector that you deploy on your Server. What this gives us is an encrypted tunnel between our origin (server) and Cloudflare's edge network without us opening up any ports or exposing our web server IP address to the web. Pretty neat huh - this means we shouldn't have to deal with any direct or persistent attacks from the net, leaving us more time to focus on content creation.

What this means is that we can sit several services behind it, protected from the web. Check out some of the other tutorials that cover how to do it: πŸ‘‡

How to configure Cloudflare Tunnels for a secure Ghost blog
Use Cloudflared Tunnels and Cloudflare Teams to protect a self hosted Ghost Blog or any application on the web running on your own server from bad bots on the internet.
Protect Ghost with Cloudflare Zero Trust
Self Host Gitlab on Docker with Cloudflare Zero Trust
Learn how to self host Gitlab on your own private VPS using Docker and Docker Compose. Configuring Cloudflared and protecting your Gitlab instance using Cloudflare Access on Cloudflare’s Zero Trust platform
Protect Gitlab with Cloudflare Zero Trust

The architecture for this one is relatively simple when compared to the docker series. All of the users accessing our blog running on our server will be routed through Cloudflare's extensive network and protection mechanisms. This means we can easily leverage Cloudflare's Access to protect our deployed applications.

Argo Tunnels that live forever
An example of a user accessing an origin to retrieve a website

The main advantage to this approach is that we don't have to bother with creating firewall rules or validating traffic from a Cloudflare origin, rather we can rely on a company worth just under $68 Billion to do most of the heavy lifting for us to protect our origin (Our server) πŸ’ͺ.

Highly available and highly scalable Cloudflare tunnels
Example of how an HTTP request is routed through Cloudflare's Network through to the Cloudflare tunnel connector to the service running on your server