by Evan Gargiulo
on January 5, 2023

its easy enough to get things going and access your services from inside your house, on your own LAN, using basic private IP ranges like 192.168.X.X or 10.X.X.X. once your OS is up and running and you begin installing some apps, usually the first instruction is: “go to localhost:8989 to access the web gui.” thats a basic way of saying, “whatever IP your router gave your server – go there and add :8989 at the end to see the pretty interface we built.” however, if you want to get to those things from outside your LAN, there are a million different ways to do this of varying complexity.

one of the best ways i have seen to accomplish this is Cloudflare Tunnels. they are magic. CF tunnels do not require port forwarding, router modification, firewall rules, or anything like that. they simply just work. there is a catch, as there almost always is. while CF tunnels are free, they require a domain name, which comes in at the exorbitant rate of 66 cents per month, or, $8 per year. my recommendation is to register your domain name through cloudflare and keep everything under one roof. its what i do and it makes life less complicated.

once you have purchased your domain, go to cloudflare.com and click on the Zero Trust tab in the left panel. this will open a new tab. in the new tab, click on the Access tab in the left panel, then when it expands, click on Tunnels. you’ll see a blue button on the top right that says Create Tunnel. follow the steps. if youre using truenas scale, use the docker line and copy the token to the install screen of truenas. if youre using docker, just copy the command and paste it in the terminal and run it. thats it. now you have a tunnel.

your tunnel needs to be pointed somewhere. the best idea is to use the name of your docker container as an endpoint, or, the IP of the server and the port. it will look like one of these:

once your tunnel is pointed somewhere, give it anywhere from 30 seconds to 5 minutes to setup, then click the hyperlink under Public Hostname to take you there, or simply type it in your browser. youre done! now you have remote access to your server and its internal services without any modification of your network! i told you – magic.

*note: there is actually one thing you shouldnt do with CF tunnels, and that is stream media. keep it to http traffic only or risk being kicked off cloudflare. if u want to stream media, use a basic unproxied DNS entry in your cloudflare pointed at your home IP.