Securely Access Your Home Lab Using Cloudflare and a Domain

Cloudflared is a powerful tool that excels in enhancing both security and network accessibility. From a security perspective, it serves as a robust solution for creating secure tunnels to your private resources, ensuring that sensitive data and services are protected from unauthorized access. With built-in encryption and authentication, Cloudflared offers peace of mind in an increasingly interconnected world. Moreover, it simplifies NAT traversal, allowing you to seamlessly access your private network resources from anywhere, without the complexities often associated with configuring network address translation. Whether safeguarding your internal web applications or securely connecting to Cloudflare for Teams, Cloudflared is a versatile tool that prioritizes both security and network accessibility and lets you host https services without setting up keys manually.

Note: This guide assumes you have already set up a home lab and want to access it securely using the Cloudflared daemon and a domain. You may need to adjust some steps to fit your specific configuration. For this example we will be using Nextcloud on Rocky Linux, but this guide can be adapted to your specific use case.

Prerequisites:

• A functioning linux system with the service you want to access.
• A domain name purchased through Google Domains or another domain registrar.

Step 1: Sign into Cloudflare

1. Visit the Cloudflare website and create or sign in to your account.

Step 2: Connect Your Domain in Cloudflare

1. After signing in, navigate to the “Add a Site” option.
2. Enter your domain name and select the “Free” option (usually found at the bottom). Follow the prompts to add your domain.
3. Cloudflare will provide you with two nameservers. Make a note of these, as you’ll need to update your domain registrar settings with these nameservers.

Step 3: Update Nameservers on Your Domain Provider

1. Log in to your domain registrar account (e.g., Google Domains).
2. Find the option to manage your domain’s DNS settings and update the nameservers with the ones provided by Cloudflare, this is usually a straightforward process but it will be slightly different with every registrar.

Step 4: Set Up Access/Tunnels in Cloudflare

1. In Cloudflare, select “Access/Tunnels” from the side menu and create a new tunnel.
2. Choose the “Free” option and proceed.
3. Install Cloudflared on your server by copying and pasting the provided code for your system. This will allow secure access to your home lab.
4. Click “Next” and enter a subdomain. This is the name you’ll use to access your home lab locally.
5. Specify the service and URL, including the port (e.g., 192.168.1.112:80).
6. Click “Additional Settings” and select “Disable Chunked Encoding” and “No Happy Eyeballs.”
7. Restart Cloudflared using the following command:

sudo service cloudflared restart

Step 5: Edit Trusted Domains of Nextcloud

1. Switch to the superuser account:

su

Edit the Nextcloud configuration file:

nano /var/www/html/nextcloud/config/config.php

Add your domain to the trusted domains list. For example:

'trusted_domains' =>

array (

2 => 'nextcloud.yourdomain.com',

),

Fix permissions, for Debian based systems use www-data:www-data in place of apache:apache:

chown apache:apache /var/www/html/nextcloud/config/config.php

Step 6: Add Cloudflared Repository for Updates

Add the Cloudflared repository for updates:

sudo dnf config-manager --add-repo https://pkg.cloudflare.com/cloudflared-ascii.repo

This guide should help you securely access your home lab using Cloudflare and a domain. Remember to adapt the instructions to your specific environment and configuration.