Setting up a Cloudflare Tunnel on the Raspberry Pi
Last updated
Last updated
This project will show you how to set up the Cloudflare tunnel on the Raspberry Pi.
Cloudflare is a company that has become well-known for its DDOS protection services. However, it is also one of the leaders in providing secure and private connections.
One of the products that Cloudflare offers for free is its tunneling service. This tunnel allows you to create a secure connection between your device and the Cloudflare network.
Using Cloudflare’s tunnel on your Raspberry Pi, you don’t have to worry about opening any ports in your firewall. If you want to give access to a service that uses HTTP or HTTPS, you won’t even need Cloudflared installed on another device.
Please note that this guide requires you to have a domain name configured to run through Cloudflare’s services. If you don’t already have a domain name setup, you will need to do this before continuing.
SHOW ALLSetting up Uptime Kuma on the Raspberry Pi109Setting up a Raspberry Pi Scanner Server using SANE64Setting up a Valheim Server on the Raspberry Pi110Setting up FreshRSS on the Raspberry Pi63Setting up a PostgreSQL Database on a Raspberry Pi50Setting up an AirPrint Server on your Raspberry Pi113Setting up DAKBoard on the Raspberry Pi151Setting up a LAMP Stack on the Raspberry Pi62Setting up your Raspberry Pi as a Syslog Server99Installing Tailscale to the Raspberry Pi89Installing and Running Wireshark on the Raspberry Pi133Setting up an SQLite Database on a Raspberry Pi69Using NoMachine on the Raspberry Pi50Setting up a WireGuard VPN on the Raspberry Pi262How to Install ZoneMinder on the Raspberry Pi103Running SerpBear on the Raspberry Pi31How to Set Up Screenly on the Raspberry Pi80Running Changedetection.io on the Raspberry Pi47Setting up a Raspberry Pi Captive Portal71Setting up Grafana on the Raspberry Pi45Setting up Raspberry Pi OctoPrint25Setting up Home Assistant on the Raspberry Pi105Installing Network Manager on Raspberry Pi OS129Raspberry Pi DNS Settings: How to Change the DNS139How to set up a Raspberry Pi Terraria Server40
Below is a list of the equipment we used when setting up a Cloudflare tunnel on the Raspberry Pi.
This tutorial was last tested on a Raspberry Pi 400, running the latest version of Raspberry Pi OS Bullseye.
To set up the Cloudflare tunnel on the Raspberry Pi, we will rely on a piece of software called “Cloudflared“. Cloudflared is the software that creates and maintains the secure tunnel between the Pi and the Cloudflare network.
While these steps are relatively straightforward, we will need to add the official Cloudflare repository to install the required software.
1. Our first task is to perform an update of the package list as well as upgrade any out-of-date packages.
You can perform both of these tasks using the following command in the terminal.
2. Once the update completes, we must ensure we have both the “curl” and “lsb-release” packages.
Install both of these packages by using the command below in the terminal.
curl – We will use curl to grab the GPG key for the Cloudflared repository.
lsb-release – This package allows us to easily retrieve information about the system, such as the release name.
3. With all the required packages in place, we can finally grab the GPG key for the Cloudflared repository and store it on our Raspberry Pi.
To save this key to your device, use the following command.
A GPG key is crucial to verify the packages we are installing are valid and belong to the repository.
4. With the GPG key saved into our keyrings folder, our next step is to add the Cloudflared repository to our Raspberry Pi. You can add
5. As we have made changes to the available repositories, we will need to perform another update of the package list cache,
You can update this cache by using the following command within the terminal.
6. With the repository added, we can now proceed to install the Cloudflared package to our Raspberry Pi.
To install this package, you will want to run the following command.
Now that we have prepared our Raspberry Pi, we can set up the Cloudflare tunnel. This tunnel is where your traffic will be run over
1. Our first step is to create an association between our Raspberry Pi and the Cloudflare service.
We can begin authenticating with the Cloudflare service by using the command below.
Ensure you keep Cloudflared open on your device while this process is completed.
2. After running the above command, you will see the following message appear within the terminal.
You will want to go to the URL displayed in the message and use it to log in to your Cloudflare account.
3. Once your Raspberry Pi is successfully authenticated with the Cloudflare service, you will see the following message.
4. Now that we are authorized, we can create a Cloudflare tunnel by using the following command.
Ensure you replace “TUNNELNAME” with the name you want to assign this tunnel.
5. After running the above command, you will see a message similar to the one below.
You will want to write down the ID as we will need this for later.
6. With the tunnel created, we can now route the tunnel to a domain name that we have with Cloudflare. This will allow us to access our Raspberry Pi through that domain name.
For example, if you wanted your Minecraft server or PhotoPrism to be accessible through a particular domain name, you can use the following. However, if the program you want to create a tunnel for doesn’t use the HTTP or HTTPS protocol, the other user will need to have Cloudflared installed.
Ensure you replace “TUNNELNAME” with the name of your tunnel and replace “DOMAINNAME” with the domain name you want to use.
7. If the above command worked correctly, you would see a similar message to the one below. This message confirms that Cloudflare created a CNAME that routes to your tunnel.
8. The final task we need to do is connect the Cloudflare tunnel to a destination on our Raspberry Pi.
While the tunnel exists, it isn’t currently linked to anything, so in this example we will be putting it to a specific URL.
When running this command, replace “PORT” with the port belonging to the app you want to expose. For example, if you want to expose the HTTP port of your web server, you can use port 80.
Replace “TUNNELNAME” with the name of the tunnel.
9. Once the Cloudflare tunnel has been started, you will see a message similar to the one below.
You can close this tunnel at any point by pressing CTRL + C on your keyboard.
10. To verify that your Cloudflare tunnel to your Raspberry pi is working, you should now try accessing it through the domain name you set up earlier.
For example, we set up a Cloudflare tunnel for our NGINX web server and accessed it through that.
11. Once you have verified that your Cloudflare tunnel works, you will likely want it to be started when your Raspberry Pi starts.
To do this, we will have to write all of this within a “config.yml” file that the Cloudflare daemon will read.
12.Within this file, you will want to type in the following lines and adjust them for your use case as you go.
[TUNNELNAME] – Replace this value with the name of your tunnel.
[USERNAME] – This value will need to be replaced with your user’s name.
[UUID] – You will need to specify the UUID that you got back in step 5 of this section.
[HOSTNAME] – Swap this value out with the domain name you are planning to utilize. For example, “test.pimylifeup.com“.
[PORT] – Finally, replace “PORT” with the port you want accessible through the tunnel.
[PROTOCOL] – This is the protocol you want tobe utilized for your service. In the case of a web server, you will want to use “http” or “https“.
However, there are a few other options that you can utilize if the service you are using utilizes a different protocol.
http – Forward HTTP requests through to the specified service.
E.G., http://localhost:8080
https – Forward HTTPS requests to the specified service
E.G., https://localhost:8080
unix – Same as HTTP but using a Unix Socket.
E.G., unix:/home/example/exam.sock
unix+tls – Same as HTTPS but utilizing a Unix socket.
E.G., unix+tls:/home/example/exam.sock
tcp – Proxy a service using the TCP protocol to a local service. (For example, a Minecraft server)
E.G., tcp://localhost:25655
ssh – Allows you to proxy an SSH connection to a local service.
E.G., ssh://localhost:22
rdp – Proxies a connection made using RDP to the specified service.
E.G., rdp://localhost:338
13. Once you have made these changes within the config file, save and quit by pressing CTRL + X, then Y, followed by the ENTER key.
14. With the config file created, we can install it as a service using the following command.
This command will copy our config file to the correct location and prepare a service file for systemd.
15. We can enable the Cloudflare tunnel service so that it will start when our Raspberry Pi does by using the following command.
16. Finally, you can ensure the tunnel is online now by using the command below within the terminal.
This tutorial shows you how to set up a Cloudflare Tunnel on the Raspberry Pi.
A Cloudflare tunnel allows you to create a secure connection to the Cloudflare network without having to open ports on your host machine.
If you only want to serve from HTTP or HTTPS, then you don’t need Cloudflared installed on the client machines.
Please comment below if you have had any issues getting the Cloudflare tunnel running on your Raspberry Pi.
Be sure to check out our many other Raspberry Pi projects, such as our guide on running Tailscale on the Raspberry Pi.