Easiest Way to Set Up a Cloudflared Tunnel in Proxmox!

what's going on everybody it's Corine from bmine Tech and today we're going to be talking about Cloud flared tunnels or Cloud flared depends on how you guys want to look at the setup so this is going to be something we're going to run

out of the proxmox environment we're going to be using the community scripts or the proxmox helper scripts to set it up and the whole idea is going to be that we can safely expose some of our

services to the public whether it's like overseer or maybe Minecraft server or maybe you want to expose some of your other services like your homepage or whatever else might be and it's another

way of exposing a service in a way of using a reverse proxy so we're going to talk about how to set it up and we're going to talk about how it works and we're going to get right into that right now as a disclaimer some people have security concerns about using Cloud

flare tunnels which is fine I'm not going to really go deep dive into the security aspect of it today however I will say that you are forming a tunnel that's going to use cloud flare to encrypt and decrypt so the information

is going to be passing through https which is going to be decrypted at the cloud flare side and that's some to reach out to your whatever service you are running so if you're running something like Vault Ward you might want

to keep that in mind that cloud fler technically is going to be decrypt in the traffic and going to be able to see whatever you're doing in clear text again I'm not going to go into the security fully this is something I'm just going to say maybe it's better to

use like overseer or maybe Minecraft server stuff like that it doesn't have critical information running through the HTTP or https traffic enough of that let's get into how Cloud flare works or Cloud flare tunnels so you can see

actually they have their docks over here how it works so pretty much what it's going to be is the customer's browser is going to be outside in the public it's going to reach out to a browser which is

going to resolve back to a cloud flare network from there their Edge server is going to take their requests it's going to check it to make sure everything routes out properly who reaches where it has to go they're going to resolve it back to go to the tunnel and then from

the tunnel it's going to reach out to the service hosted internally in your home lab or wherever else and then in Reverse it would just go back outbound so it reaches out to the browser of the person requesting the information or to

access the server it's a pretty straightforward concept it's actually pretty simple to set up so let's get right into the actual setup if we come over to the community helper scripts or the proxmox V scripts we just click view scripts and then over here if we scroll

down to network and firewall there's the cloud flared container now they do have an option in here to configure with DNS over https I was unable to get this to

work properly and it seems to cause an issue so I'm going to only go over today how to do it standard without the DOA one thing I forgot to mention is you are going to need a domain that's already

sitting in Cloud flare so we can go forward with this project um getting the domain through cloud is really easy it's usually really cheap depends on the domain name you want to use but you are going to need it because we are going to be using their zero trust and their

security features through there to set this up so just make sure that you have a cloud flare domain so this is the cloud flare lxc so that's what we're going to be using they have the script over here if I come back over to my mini lab we can actually see I'm going to be

working the bar my tech server today and over here I have Glock andamo which I'm going to use as a demo of how to expose it using Cloud flare tunnels so like I said you are going to need a domain so

like over here I'm going to be using barind test.net this was just a blank domain that I purchased a little while back so I could do some testing with it and use it for examples on the channel

so today this is what we're going to be working with what we do need to do is do we got to come back to our dashboard and then we're going to come over to zero trust what I like to do is right click

and open up zero trust in a new tab and that's just purely because of we're going to need to jump back and forth a couple times so Cloud flare is going to do the majority of the workforce but we

are going to need to just double check a couple of the settings so the first thing we're going to do is come over to network and then over here is tunnels and in here is where we're going to create our tunnel so this is the first

step that we actually need to do and send up our tunnel before we can install our script just so we have it originated and we need the connector information so I'm going to click create tunnel and

we're going to use cloud flared now the tunnel is going to be able to cover all services in your home lab so if you're running like your proxo server and it has multiple Services underneath it you could just name one tunnel to go to all

those Services you don't need a tunnel for each service so I'm just going to do bar mine Tech and then in here we're going to save the

tunnel so now over here we're going to get to the point where it's going to say to configure the connector and that's fine this exactly where we want to be at now we're going to go install the cloud flare tunnel on our minb so I'm just going to come over to here again we're

going to copy the the script I'm going to open up my mini lab and we're going to open up the shell on the proxmox server so I'm just going to open up my shell make it a little bit bigger so everybody can read and then we'll just

paste in the script and run it it's just like any of the other scripts it's just going to ask us if we want to make the container I'm going to click yes I don't want to do diagnostic so I'm going to click

no and then over here it's just going to ask for the default settings or not you could do default I just need to change the VM ID so I'm just going to do Advanced and I'm going to go through here and

when we get to the next options we'll be right back so just like I've mentioned in previous videos I just need to change the VM ID because of my cluster um but now over here you can see that I went through all the options and I'm creating

the lxc if you just click to run the default it's fine there's no big deal to it and then it's just going to start installing and at some point it's going to ask us if we want to install do or DNS over https at that point we're going

to tell it no because that seems to be interfering with some of the setup it's just not working properly where I can't figure out how to do it at the moment so we're maybe at a future time it will work probably but I was looking through

in the proxmox hel scripts Discord and other people were saying they were having similar issues so I'm not exactly sure on the config side what's the issue I'm going to let this run till we get the next option and then we'll be right

back so over here you can actually see now it's asking if we want to install DNS over https or as a do proxy I'm going to say no because I do not want that where going you let this finish

installing and it's all set up so now that the container is all done we can minimize this for now and now over here we can see that cloud flared is running this is where we're going to have to run these commands over here

that it's specifying and that's how we're going to set that up for the connector so I'm just going to come back over here I'm going to WR click and open up a console and now you can see over here we're in the cloudflare tunnel this container just runs in the command line

there's no gooey that goes along with it so if you try to open up to a web page it's not going to open so don't worry we're just going to come back over to that page where we start making our Cloud flare tunnel we're running Debian and I'm using 64 bit so I'm going to use that we're going to copy this box on the

right because we do already have it installed we don't need to do the initial install again I'm going to open up that container console again and we're going to paste that in we click run and now it's going to run the

scripts provided by Cloud flared to connect this container to Cloud flared so now you can see over here it has connectors listed and it should show up in here saying that it's connected so

now we can click next and now over here is we can start setting up our tunnel information so I want to do Apache guacamole so I'm going to do Apache and then over here you're going

to select whatever domain name that you want to use so I'm going to use my bind test.net so now you can see it's going to resolve to Apache mind.net and now in here we need to set the internal

information so this part this portion up here where it says add public host name is going to be the public area so that's how you're going to access it when you're outside your network and here is going to be how it's going to hit the inside so it's going to be like the

actual side machine so you're going to select whether you're using HTTP or https I'm going to use HTTP and then it's going to be the URL so it's the IP address or however it is that you hit it

internally so I'm just going to get that for Apache guacamole we'll be right back so like I said I'm using guacamole so I'm just going to copy this whole URL right over here the IP the port n/ guacamole so it hits the right area so

we're going to paste that in you can see over here I grabb the HTTP colon by accident so that's why I'm just going to take that out now we should be all set if I hit save tunnel Okay so so at this point we're run into an issue that I was

worried about happening is that Apache guacamole needs to use a slash after the ports to designate to go to that directory it runs guacamole so unfortunately it's not working properly cuz Cloud flare doesn't want to use it

that way so you're going to need something within the scheme of like an IP colon ports and that's how it would be able to do it so I'm just going to grab a different service really quick and show you how to set that up so you have an example that works okay so over

here you can see that this is my mys speed that runs on my home network so it's just going to be an example I'm going to share out because it's going to work properly because it has this scheme of Ip call import so I'm just going to

copy that we're going to come back over here so this is going to be as the tunnel's already established which is fine so like if I come back you can see here's tunnel and I can come over here to the dots and click configure so over

here if you you know need to change anything you can but everything's already set up for me it's already connected to my container so I just need to set a public host name so I'm just going to set speed and then I'm going to select my domain that I want to go to

like I said mine's going to go to bmine test net now from here is where I'm going to set that URL in here so I'm just going to paste that in there and then just make sure that you take out

the any HTTP or anything afterwards you only need the IP and the port so we're just going to save that and now over here you can see I

have the record for speed. barind

test.net and if I come over to speed.

barind test.net you can see that it actually opens up right to my speed test page so this is going through the internet it's not resolving through my house I have a secure connection so it's

just going through is verified by Google which is fine so it means Cloud full is securing it at some point so now I'd be able to access this publicly whether it's from my phone or anything else I could get this outside of my network and

it's a secure tunnel back into my house without needing a VPN or anything else so like I said there was the one issue of using Patrick wo because of the slash after the port so Clare doesn't like

that so just keep that in mind going forward if you try to set up something and it just doesn't work properly that's most likely why you know you're going to try to use services that are straight up just IP colon ports and that should work

best just keep in mind that there still might be situations where a VPN might be better to use in Cloud for tunnels like I said if you're using like something like Vault Warden or anything that might be passing important information along the internet you probably don't want

that passing through to get decrypted and encrypted at Cloud flare you probably want to pass that through a secure tunnel where you're the only person that's going to be encrypting and decrypting it I don't want to go into the security aspect fully of it but just something to keep in mind

is probably really good for stuff like sharing like overseer Minecraft servers stuff like that stuff where it's not a big deal where there's some sensitive information going through the network traffic but that's really it for cloud CL tunnels as always I want to thank you

all for watching I'll have links to all the gear in my home lab below I'll have a link to the Discord Ser if you're interested we do still have the giveaway running so you can join up and go check out the giveaway tab for more information on that other than that I

want to thank you all for watching I will see you in the next video