Home About Projects Blog Contact

Secure Cloudflare Tunnel + Nginx

May 20, 2024 ·

#cloudflare #nginx #infrastructure #security

A comprehensive guide to exposing self-hosted services securely using Cloudflare Tunnel and Nginx reverse proxy.

Why This Setup?

No need to open ports on your firewall
Automatic SSL/TLS encryption
DDoS protection from Cloudflare
Access control via Cloudflare Access

Architecture Overview

User --> Cloudflare --> Tunnel --> Nginx --> Service

Configuration Steps

Create a Cloudflare account and add your domain
Install cloudflared on your server
Configure the tunnel with your services
Set up Nginx as a reverse proxy
Configure SSL certificates

Nginx Configuration

server {
    listen 443 ssl;
    server_name service.example.com;

    ssl_certificate /etc/ssl/certs/cert.pem;
    ssl_certificate_key /etc/ssl/private/key.pem;

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

Security Considerations

Enable authenticated origin pulls
Use Cloudflare Access for sensitive services
Implement rate limiting
Log all access attempts