I finally got around to setting up Cloudflare Tunnels for all my self-hosted applications.

I had been using Cloudflare Tunnels for a while, both for myself and for a couple clients. But I never sat down and spent the time (like 10 minutes but apparently I'm lazy) to create tunnels for all my self-hosted applications.

Before that, I had been exposing port 443 to the world (including the bad guys) and using Nginx Proxy Manager to route all incoming traffic to the appropriate application.

Cloudflare Tunnels is much more secure because it lets you avoid exposing ports by creating a secure tunnel between your network and Cloudflare. And this connection only goes one direction — meaning Cloudflare can receive data from your network, but there's no inbound connection going back into your network from the public internet.

Creating the Tunnels

I set up my tunnels using Docker containers, with each tunnel getting its own container. Below is an example of the docker-compose.yml that I'm using. I created a new container for each tunnel, replacing this-is-where-you-put-your-token with the tunnel's token.

docker-compose.yml

services:
  container-name:
    image: cloudflare/cloudflared:latest
    restart: unless-stopped
    command: >
      tunnel --no-autoupdate run
      --token this-is-where-you-put-your-token

Then I can spin all of my tunnels up with one command:

bash

docker compose up -d