Software Development Network Security Cloudflare Zero Trust Tunnel SSH

Secure home server by Cloudflare Zero Trust and Cloudflare Tunnel

Running a secure home server by Cloudflare Zero Trust, Cloudflare Tunnel, and connecting from the public internet by Cloudflare Warp Client.

This is an article about running a secure home server by Cloudflare Zero Trust and Cloudflare Tunnel. You can connect from the public internet using Cloudflare Warp Client and the SSH server.

Prerequisites

  • Cloudflare Account (Free tier)
  • Docker
  • SSH Server

Cloudflare Zero Trust

Cloudflare Zero Trust is a security architecture that replaces traditional network security perimeters with a more granular approach to access control. Instead of trusting everyone inside a network, Zero Trust assumes that no one is inherently trustworthy.

To create your Cloudflare Zero Trust Organization,

  1. Create a Cloudflare account.
  2. Go to https://one.dash.cloudflare.com/
  3. Choose a team name.
  4. Continuing the onboarding screen, you can choose “Zero Trust Free plan” for non subscription.

Cludflare Tunnel

To access the private IP of the server from the public internet without requiring Fixed IP, DNS, or NAT, you need to have a tunnel open for the server. This is work just like the VPN.

  1. Create a Cloudflare Tunnel.

cloudflare tunnel create

  1. Choose Cloudflared tunnel type.

cloudflare tunnel choose

  1. Start the tunnel by Docker.

docker run cloudflare/cloudflared:latest tunnel --no-autoupdate run --token <replace-with-token>

You can also choose another way to run the tunnel, but I prefer Docker because we can remove it whenever we want.

cloudflare tunnel start

Now the tunnel is running.

  1. Mapping the Private IP to the Tunnel

cloudflare tunnel mapping

Put the CIDR and the description of the network.

[!CAUTION] Set your subnet mask carefully, all the IPs will be allowed to call from the internet.

cloudflare tunnel mapping 2

To find the Private IP of the server, you can use ifconfig the ip will start with 172.*.*.*.

Running SSH Server

I will not write on this section because there are several ways to run the SSH server and expose the SSH port or Firewall.

For Ubuntu you can go to https://ubuntu.com/server/docs/openssh-server.

I would recommend creating a specific user for the SSH and generating the SSH key pair for it.

Cloudflare Warp

Cloudflare Warp is a client software to connect to the Cloudflare Zero Trust and Cloudflare Tunnel on a secure private network.

  1. Download and install Cloudflare Warp from https://one.one.one.one/
  2. Enter the organization name that you created in Cloudflare Zero Trust
  3. Connect and try to SSH by the Private IP of the server

It’s worked.

FEATURED TAGS
Artificial Intelligence Programming Python Code golf C++ aria2 Network OpenWRT Router Embedded Gatsby React GraphQL Progressive Web App TypeScript Frontend Facebook Developer ESLint Hosting Website Web Performance Database PostgreSQL Performance Backend Web Development Git Security Kubernetes Google Cloud Platform Mobile Development Recoil Capacitor CSS Cloudflare Zero Trust Tunnel SSH